Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

googleupdate.exe malware??


  • This topic is locked This topic is locked
21 replies to this topic

#1 orapaho

orapaho

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 02 March 2012 - 06:09 PM

While surfing the web, I will get a warning from AVAST to "open in the sandbox" a file it says that I am about to open. The only trouble is I am not opening a file nor am I going to a new website. The message says that the application google.update.exe is unsafe and is being opened by services.exe or taskeng.exe. At the time of this avast message, I am usually on a safe site. I think this started when after I downloaded Ilivid from graboid.com. Cant be sure. Please help. 'TheShooter93' has been helping me on this site on another forum and he suggested I come here. I Had run SAS and Malwarebytes already, and it is cleaned up. the reports are in my previous log a few days back.

I have backed up, defogged, here is the GMER log I ran with theShooter93 few days ago. BTW I tried to run SAS , not from safemode, but my regular desktop, and I got a blue screen. Somehow I recovered.

I cannot get DDS to run at this time. maybe in Safe Mode?




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-27 20:24:57
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006f TOSHIBA_ rev.GJ00
Running: dl3u10oz.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uxrcrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8FC9EFC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91247510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8FCA1456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8FCA14AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8FCA15C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8FCA13AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8FCA14FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8FCA1400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8FCA1572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8FC9EFE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x912475C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8FC9EDB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8FC9F00C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8FCA19BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8FC9FAA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8FCA1486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8FCA14D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8FCA15EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8FCA13D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8FCA153E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8FCA142E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8FCA159C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91247658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8FC9F96A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8FC9F030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8FC9F054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8FC9EE0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8FC9EF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8FC9EF24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8FC9EF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8FC9F078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9125B7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E8F369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82ECFD80 4 Bytes [C4, EF, C9, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82ECFDA8 4 Bytes [10, 75, 24, 91] {ADC [EBP+0x24], DH; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82ECFE5C 8 Bytes [56, 14, CA, 8F, AE, 14, CA, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82ECFE68 4 Bytes [C4, 15, CA, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82ECFE84 4 Bytes [AC, 13, CA, 8F]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8305CBE8 5 Bytes JMP 9125869C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 830751D0 5 Bytes JMP 9125A174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8308A317 4 Bytes CALL 8FCA0025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830A40E9 4 Bytes CALL 8FCA003B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8312DF30 7 Bytes JMP 9125B7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00080A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000803FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00080804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000801F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[492] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00080600
.text C:\windows\system32\wininit.exe[496] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[496] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[496] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\wininit.exe[496] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000C03FC
.text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 000C0804
.text C:\windows\system32\wininit.exe[496] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 000C0600
.text C:\windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\services.exe[544] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\services.exe[544] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\services.exe[544] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[556] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[556] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[556] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\lsm.exe[564] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[564] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[564] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[668] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[668] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[668] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 002B0A08
.text C:\windows\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002B03FC
.text C:\windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 002B0804
.text C:\windows\system32\svchost.exe[780] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002B01F8
.text C:\windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 002B0600
.text C:\windows\system32\winlogon.exe[844] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[844] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[844] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[844] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\winlogon.exe[844] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000C03FC
.text C:\windows\system32\winlogon.exe[844] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 000C0804
.text C:\windows\system32\winlogon.exe[844] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\winlogon.exe[844] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 000C0600
.text C:\windows\System32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[872] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[872] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 003C0A08
.text C:\windows\System32\svchost.exe[872] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003C03FC
.text C:\windows\System32\svchost.exe[872] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 003C0804
.text C:\windows\System32\svchost.exe[872] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003C01F8
.text C:\windows\System32\svchost.exe[872] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 003C0600
.text C:\windows\System32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000A03FC
.text C:\windows\System32\svchost.exe[916] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000A01F8
.text C:\windows\System32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00550A08
.text C:\windows\System32\svchost.exe[916] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 005503FC
.text C:\windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00550804
.text C:\windows\System32\svchost.exe[916] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 005501F8
.text C:\windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00550600
.text C:\windows\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[944] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[944] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[944] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00E40A08
.text C:\windows\system32\svchost.exe[944] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 00E403FC
.text C:\windows\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00E40804
.text C:\windows\system32\svchost.exe[944] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 00E401F8
.text C:\windows\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00E40600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1024] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] user32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] user32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] user32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] user32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1032] user32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00540A08
.text C:\windows\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 005403FC
.text C:\windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00540804
.text C:\windows\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 005401F8
.text C:\windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00540600
.text C:\windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00540A08
.text C:\windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 005403FC
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00540804
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 005401F8
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00540600
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002F03FC
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 002F0804
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe[1172] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 002F0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1232] kernel32.dll!SetUnhandledExceptionFilter 7760F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1232] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\ctfmon.exe[1288] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1300] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe[1460] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1744] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00100804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1748] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00100600
.text C:\windows\System32\spoolsv.exe[1864] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1864] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1864] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1864] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\windows\System32\spoolsv.exe[1864] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\windows\System32\spoolsv.exe[1864] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\windows\System32\spoolsv.exe[1864] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\windows\System32\spoolsv.exe[1864] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1920] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1920] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00540A08
.text C:\windows\system32\svchost.exe[1920] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 005403FC
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00540804
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 005401F8
.text C:\windows\system32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00540600
.text C:\windows\system32\taskhost.exe[1940] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\taskhost.exe[1940] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000501F8
.text C:\windows\system32\taskhost.exe[1940] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[1940] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00120A08
.text C:\windows\system32\taskhost.exe[1940] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001203FC
.text C:\windows\system32\taskhost.exe[1940] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00120804
.text C:\windows\system32\taskhost.exe[1940] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001201F8
.text C:\windows\system32\taskhost.exe[1940] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00120600
.text C:\Program Files\iPod\bin\iPodService.exe[2112] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[2112] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[2112] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2112] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00110A08
.text C:\Program Files\iPod\bin\iPodService.exe[2112] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001103FC
.text C:\Program Files\iPod\bin\iPodService.exe[2112] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00110804
.text C:\Program Files\iPod\bin\iPodService.exe[2112] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001101F8
.text C:\Program Files\iPod\bin\iPodService.exe[2112] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00110600
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00180A08
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001803FC
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00180804
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001801F8
.text C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe[2128] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00180600
.text C:\windows\system32\svchost.exe[2184] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2184] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2184] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] kernel32.dll!SetUnhandledExceptionFilter 7760F4FB 5 Bytes JMP 65F850B8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002103FC
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00210804
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002101F8
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00210600
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] ole32.dll!OleLoadFromStream 76226143 5 Bytes JMP 66A4EAC8 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2480] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\windows\system32\conhost.exe[2488] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[2488] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[2488] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[2488] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 000C0A08
.text C:\windows\system32\conhost.exe[2488] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000C03FC
.text C:\windows\system32\conhost.exe[2488] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 000C0804
.text C:\windows\system32\conhost.exe[2488] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000C01F8
.text C:\windows\system32\conhost.exe[2488] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 000C0600
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2588] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2664] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2672] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2680] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00390A08
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 003903FC
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00390804
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 003901F8
.text C:\Program Files\PostgreSQL\8.3\bin\postgres.exe[2688] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00390600
.text C:\windows\system32\Dwm.exe[2816] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[2816] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[2816] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[2816] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[2816] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[2816] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[2816] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[2816] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 000F0600
.text C:\windows\Explorer.EXE[2840] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[2840] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[2840] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\Explorer.EXE[2840] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00150A08
.text C:\windows\Explorer.EXE[2840] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001503FC
.text C:\windows\Explorer.EXE[2840] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00150804
.text C:\windows\Explorer.EXE[2840] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001501F8
.text C:\windows\Explorer.EXE[2840] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00150600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2976] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\WUDFHost.exe[3128] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[3128] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[3128] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3128] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\WUDFHost.exe[3128] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\WUDFHost.exe[3128] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\WUDFHost.exe[3128] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\WUDFHost.exe[3128] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00090600
.text C:\windows\system32\svchost.exe[3152] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3152] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3152] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[3152] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00570A08
.text C:\windows\system32\svchost.exe[3152] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 005703FC
.text C:\windows\system32\svchost.exe[3152] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00570804
.text C:\windows\system32\svchost.exe[3152] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 005701F8
.text C:\windows\system32\svchost.exe[3152] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00570600
.text C:\Program Files\FSP\FspUip.exe[3176] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\FSP\FspUip.exe[3176] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\FSP\FspUip.exe[3176] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\FSP\FspUip.exe[3176] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00290A08
.text C:\Program Files\FSP\FspUip.exe[3176] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002903FC
.text C:\Program Files\FSP\FspUip.exe[3176] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00290804
.text C:\Program Files\FSP\FspUip.exe[3176] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002901F8
.text C:\Program Files\FSP\FspUip.exe[3176] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00290600
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00210A08
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002103FC
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00210804
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002101F8
.text C:\Program Files\System Control Manager\MGSysCtrl.exe[3196] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00210600
.text C:\windows\system32\wbem\unsecapp.exe[3236] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\wbem\unsecapp.exe[3236] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\windows\system32\wbem\unsecapp.exe[3236] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3236] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\wbem\unsecapp.exe[3236] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001F03FC
.text C:\windows\system32\wbem\unsecapp.exe[3236] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 001F0804
.text C:\windows\system32\wbem\unsecapp.exe[3236] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\wbem\unsecapp.exe[3236] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[3332] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[3332] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001003FC
.text C:\windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00100804
.text C:\windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001001F8
.text C:\windows\system32\wbem\wmiprvse.exe[3332] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001501F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] kernel32.dll!SetUnhandledExceptionFilter 7760F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 001E0A08
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001E03FC
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 001E0804
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001E01F8
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3412] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 001E0600
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000F03FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 000F0804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000F01F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3468] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 000F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3476] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3484] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002F03FC
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 002F0804
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3540] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 002F0600
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE[3592] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe[3652] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 001601F8
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe[3732] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3740] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\windows\system32\SearchIndexer.exe[4076] ntdll.dll!LdrUnloadDll 7797C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[4076] ntdll.dll!LdrLoadDll 7798223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[4076] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[4076] USER32.dll!UnhookWindowsHookEx 75DBADF9 5 Bytes JMP 00200A08
.text C:\windows\system32\SearchIndexer.exe[4076] USER32.dll!UnhookWinEvent 75DBB750 5 Bytes JMP 002003FC
.text C:\windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWindowsHookExW 75DBE30C 5 Bytes JMP 00200804
.text C:\windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWinEventHook 75DC24DC 5 Bytes JMP 002001F8
.text C:\windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWindowsHookExA 75DE6D0C 5 Bytes JMP 00200600
.text C:\windows\System32\svchost.exe[4656] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\windows\system32\AUDIODG.EXE[5580] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]
.text C:\Users\Daniel\Downloads\dl3u10oz.exe[5768] kernel32.dll!GetBinaryTypeW + 70 776269F4 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[2444] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [759AFFF6] C:\windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{DC3F5E2F-6366-47F6-828A-436FA49F45CA}?\Device\{D3D2114E-E7F2-47B1-82C0-68BDC2EE3DBA}?\Device\{D9A745FB-E9C5-42FD-85D6-21BF405A24DC}?\Device\{3E8E30CE-5FD5-42A7-BFE2-9272D8444BCF}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{DC3F5E2F-6366-47F6-828A-436FA49F45CA}"?"{D3D2114E-E7F2-47B1-82C0-68BDC2EE3DBA}"?"{D9A745FB-E9C5-42FD-85D6-21BF405A24DC}"?"{3E8E30CE-5FD5-42A7-BFE2-9272D8444BCF}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{DC3F5E2F-6366-47F6-828A-436FA49F45CA}?\Device\TCPIP6TUNNEL_{D3D2114E-E7F2-47B1-82C0-68BDC2EE3DBA}?\Device\TCPIP6TUNNEL_{D9A745FB-E9C5-42FD-85D6-21BF405A24DC}?\Device\TCPIP6TUNNEL_{3E8E30CE-5FD5-42A7-BFE2-9272D8444BCF}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D9A745FB-E9C5-42FD-85D6-21BF405A24DC}@InterfaceName isatap.{9B7CF4C4-16E8-4C66-95C7-1AA0079EC05D}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D9A745FB-E9C5-42FD-85D6-21BF405A24DC}@ReusableType 0

---- Files - GMER 1.0.15 ----

File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r189 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794} 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp\._msigeplugin61 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp\._msigeplugin61\program files 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp\._msigeplugin61\program files\Google 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp\._msigeplugin61\program files\Google\Google Earth 0 bytes
File C:\## aswSnx private storage\r189\TFC(1).exe_{cc2c4dbe-5104-11e1-a140-e5d9e1211794}\image\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin 0 bytes
File C:\## aswSnx private storage\r218 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{87994c83-61ae-11e1-bf0f-406186187210}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{87994c83-61ae-11e1-bf0f-406186187210}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{87994c83-61ae-11e1-bf0f-406186187210}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 04 March 2012 - 03:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 March 2012 - 02:17 PM

For some reason I could not run OTL... so I went to safe mode and ran it. what does this mean? should I run everything in safe mode? In normal mode everything is ok except for these constant messages from AVAST. Thank you





OTL logfile created on: 3/5/2012 11:03:12 AM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Daniel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 84.59% Memory free
5.50 Gb Paging File | 5.12 Gb Available in Paging File | 93.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 100.82 Gb Free Space | 58.35% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS

Computer Name: DANIEL-MSI | User Name: Daniel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 10:16:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2012/03/01 18:22:10 | 001,131,008 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Stopped] -- C:\Program Files\Cobian Backup 11\cbService.exe -- (CobianBackup11)
SRV - [2012/03/01 16:43:20 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Stopped] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/07 07:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/23 08:49:08 | 000,067,084 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Stopped] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/04/19 23:25:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/28 14:02:40 | 001,867,464 | ---- | M] (Blockbuster) [Auto | Stopped] -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe -- (Movielink Core Service)
SRV - [2009/12/10 02:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NAVENG)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsld1c08d25)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKslaa4e8ed7)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl6d712253)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/07 10:24:03 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/07 10:24:03 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/17 04:07:12 | 000,043,008 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/10/07 07:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2009/08/04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/30 16:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 14:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 14:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\nvsmu.sys -- (nvsmu)
DRV - [2009/06/06 13:29:00 | 009,759,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/26 14:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/04/30 05:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{5AFCC6E9-1F38-4E1D-B713-465F1342B257}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 28 4D 28 98 CD CC 01 [binary data]
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20111201&iesrc={referrer:source}
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-927333513-3874424503-187824201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/04/27 18:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/27 11:10:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/12 00:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 21:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 12:24:10 | 000,000,000 | ---D | M]

[2012/02/26 20:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2012/03/02 22:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions
[2012/01/31 09:54:42 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2012/01/25 17:45:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/02 22:09:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/30 23:30:13 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2012/01/11 09:47:55 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/31 09:54:41 | 000,000,000 | ---D | M] (ShopToWin6) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{e68d0d96-5f18-496c-87f2-c0d521d78fbe}
[2011/12/12 13:35:53 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\plugin@yontoo.com
[2011/11/30 23:30:18 | 000,001,945 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\bing-zugo.xml
[2012/02/24 20:25:48 | 000,002,519 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\Search_Results.xml
[2012/02/21 21:44:40 | 000,002,306 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\wot-safe-search.xml
[2012/02/26 20:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 13:23:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/19 21:33:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/18 07:54:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 14:23:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/24 20:25:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/18 07:54:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/08/07 23:01:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-927333513-3874424503-187824201-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cobian Backup 11 interface] C:\Program Files\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-927333513-3874424503-187824201-1000..\Run: [Spotify] C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-927333513-3874424503-187824201-1000..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-927333513-3874424503-187824201-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2213EC-ED0E-489B-92B1-47BFED634941}: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/11/22 11:24:51 | 000,000,000 | ---D | M] - C:\Automotive -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\lvcodec2.dll (Logitech Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 10:15:38 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/03/02 13:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/03/02 13:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2012/02/29 09:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/02/27 17:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mab
[2012/02/27 17:56:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\malbfeb272012.exe
[2012/02/27 13:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/27 13:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/27 13:38:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/27 13:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/27 13:33:33 | 015,003,312 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2012/02/27 13:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 13:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/24 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc
[2012/02/24 20:47:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WinRAR
[2012/02/24 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Ilivid Player
[2012/02/24 20:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/02/24 20:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/24 20:25:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PackageAware
[2012/02/24 20:21:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Graboid
[2012/02/24 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid_Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid
[2012/02/24 20:20:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Geckofx
[2012/02/24 20:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/21 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify
[2012/02/21 22:41:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2012/02/15 00:11:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/15 00:11:20 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/15 00:11:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/15 00:11:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/15 00:11:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/15 00:11:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/14 20:55:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/14 20:55:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/07 09:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/07 09:46:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/02/07 09:46:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/02/07 09:46:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/02/07 09:29:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/07 09:29:23 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/07 09:29:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/07 09:29:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/07 09:29:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/07 09:29:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/07 09:29:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/07 09:29:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/07 09:29:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/07 09:29:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/07 09:29:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/07 09:29:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/07 09:29:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/07 09:29:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/07 09:29:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/07 09:29:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/07 09:29:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/07 09:29:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/07 09:29:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/07 09:29:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/07 09:29:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/07 09:29:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/07 09:29:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/07 09:29:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/07 09:29:23 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/07 09:29:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/07 09:29:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/07 09:29:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/07 09:29:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/06 20:53:11 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 10:56:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/05 10:56:12 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 10:51:28 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 10:50:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-927333513-3874424503-187824201-1000UA.job
[2012/03/05 10:23:55 | 000,001,413 | ---- | M] () -- C:\Users\Daniel\Desktop\OTL - Shortcut.lnk
[2012/03/05 10:16:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/03/05 08:46:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/05 08:42:22 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 08:25:03 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 08:25:03 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 08:21:47 | 000,665,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/05 08:21:47 | 000,123,096 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/04 22:52:06 | 000,000,324 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/03/04 14:56:26 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-927333513-3874424503-187824201-1000Core.job
[2012/02/29 14:58:11 | 373,055,721 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/27 17:59:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 17:56:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\malbfeb272012.exe
[2012/02/27 13:42:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 13:33:56 | 015,003,312 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2012/02/27 13:32:06 | 000,879,700 | ---- | M] () -- C:\Users\Daniel\Desktop\SecurityCheck(1).exe
[2012/02/27 13:22:40 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/21 22:42:07 | 000,001,824 | ---- | M] () -- C:\Users\Daniel\Desktop\Spotify.lnk
[2012/02/17 21:50:46 | 000,002,374 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2012/02/15 22:05:19 | 000,468,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/07 09:53:16 | 000,001,417 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 09:29:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/07 09:29:23 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/07 09:29:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/07 09:29:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/07 09:29:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/07 09:29:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/07 09:29:23 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/07 09:29:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/07 09:29:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/07 09:29:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/07 09:29:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/07 09:29:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/07 09:29:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/07 09:29:23 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/07 09:29:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/07 09:29:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/07 09:29:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/07 09:29:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/07 09:29:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/07 09:29:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/07 09:29:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/07 09:29:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/07 09:29:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/07 09:29:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/07 09:29:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/07 09:29:23 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/07 09:29:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/07 09:29:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/07 09:29:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/07 09:29:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/06 12:53:03 | 000,002,127 | ---- | M] () -- C:\windows\epplauncher.mif
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 10:23:55 | 000,001,413 | ---- | C] () -- C:\Users\Daniel\Desktop\OTL - Shortcut.lnk
[2012/02/29 14:58:11 | 373,055,721 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/27 13:37:37 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 13:32:02 | 000,879,700 | ---- | C] () -- C:\Users\Daniel\Desktop\SecurityCheck(1).exe
[2012/02/27 13:22:40 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/21 22:42:07 | 000,001,824 | ---- | C] () -- C:\Users\Daniel\Desktop\Spotify.lnk
[2012/02/21 22:42:07 | 000,001,810 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/02/07 09:29:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/06 10:52:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/06 19:54:06 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2011/07/16 21:04:41 | 000,021,064 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/16 15:40:06 | 000,007,602 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\ProgramData\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\fo85h7deu88aq42sp862xe76evu583fq
[2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\ProgramData\fo85h7deu88aq42sp862xe76evu583fq
[2011/05/06 14:19:06 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/04/17 08:12:24 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat
[2010/04/11 21:02:57 | 000,000,096 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2010/04/07 20:43:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/01/07 09:59:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/01/07 09:58:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/01/07 09:58:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/01/07 09:59:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 17:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/27 22:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 21:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Mab\Chameleon\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 17:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >


OTL Extras logfile created on: 3/5/2012 11:03:12 AM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Daniel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 84.59% Memory free
5.50 Gb Paging File | 5.12 Gb Available in Paging File | 93.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 100.82 Gb Free Space | 58.35% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS

Computer Name: DANIEL-MSI | User Name: Daniel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24873332-B98B-4235-ABBA-CCDEACC62BB9}" = Native Instruments Traktor Audio 6
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3054FEFA-4748-4cf0-8C3C-8DB887DE379F}" = Native Instruments Traktor Audio 2
"{305CA7E5-C739-48e2-B247-584C0E1B717C}" = Native Instruments Traktor Audio 10
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.4.2
"{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}" = Adobe Audition CS5.5
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE112330-9654-453C-A060-883C854F9613}_is1" = Shop To Win
"5CE8E1D35521D8BC63DF6A4C47D72B94FADC4072" = Windows Driver Package - Ralink Technology, Corp. (netr28) Net (07/06/2010 3.01.08.0001)
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"avast" = avast! Free Antivirus
"bflixtoolbar" = BFlix Toolbar
"Cake Poker 2.0" = Cake Poker 2.0
"Canon MX700 series User Registration" = Canon MX700 series User Registration
"Canon MX880 series User Registration" = Canon MX880 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup10" = Cobian Backup 10
"CobBackup11" = Cobian Backup 11 Gravity
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FreeFileViewer_is1" = Free File Viewer 2011
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mixed In Key" = Mixed In Key 2.5
"Movielink Manager" = BLOCKBUSTER Movielink
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 10" = Native Instruments Traktor Audio 10
"Native Instruments Traktor Audio 2" = Native Instruments Traktor Audio 2
"Native Instruments Traktor Audio 6" = Native Instruments Traktor Audio 6
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PokerAcademyPro2" = Poker Academy Pro 2
"PokerStars.net" = PokerStars.net
"PokerTracker3" = PokerTracker 3 (remove only)
"PremElem90" = Adobe Premiere Elements 9
"PRO" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Speed Dial Utility" = Canon Speed Dial Utility
"SpywareBlaster_is1" = SpywareBlaster 4.5
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-927333513-3874424503-187824201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox
"Spotify" = Spotify
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2012 3:14:03 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1373

Error - 1/29/2012 3:14:05 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/29/2012 3:14:05 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2761

Error - 1/29/2012 3:14:05 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2761

Error - 1/29/2012 4:46:11 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/29/2012 4:46:11 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1185

Error - 1/29/2012 4:46:11 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1185

Error - 1/29/2012 6:45:06 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/29/2012 6:45:06 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1435

Error - 1/29/2012 6:45:06 PM | Computer Name = Daniel-msi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1435

[ Media Center Events ]
Error - 8/8/2010 1:00:29 PM | Computer Name = Daniel-msi | Source = MCUpdate | ID = 0
Description = 10:00:29 AM - Error connecting to the internet. 10:00:29 AM - Unable
to contact server..

Error - 8/8/2010 1:02:01 PM | Computer Name = Daniel-msi | Source = MCUpdate | ID = 0
Description = 10:01:56 AM - Error connecting to the internet. 10:01:56 AM - Unable
to contact server..

[ OSession Events ]
Error - 7/14/2011 12:44:45 PM | Computer Name = Daniel-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/5/2012 3:05:04 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:05:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:05:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:05:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:14 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:14 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:14 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/5/2012 3:10:47 PM | Computer Name = Daniel-msi | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 05 March 2012 - 03:56 PM

Hi,

can you please link me to the thread you did with TheShooter? Can you give me the exact message you get from Avast?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 March 2012 - 04:13 PM

Here it is. My link


I will have to wait till the avast message pops up. It suggest I open the google.update.exe file or the taskeng.exe file in the sandbox. Something like that.

#6 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 March 2012 - 04:56 PM

Here is the message I get:



You are opening an application that may be potentially unsafe.
File: C:\Program Files\Google\Update\GoogleUpdate.exe
Opened by: C:\windows\system32\taskeng.exe

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 05 March 2012 - 06:25 PM

Hi,

that actually sounds like a normal warning from Avast. This is a "learning by doing" appraoch. By default the tools can not distinguish good from bad, so it asks you for every file whether it's normal or not and learns from your decisions.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
    [2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\ProgramData\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
    [2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\fo85h7deu88aq42sp862xe76evu583fq
    [2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\ProgramData\fo85h7deu88aq42sp862xe76evu583fq
    [2011/05/06 14:19:06 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 05 March 2012 - 11:54 PM

The AVAST messages come every 15 minutes.
I ran the fix, and it was completed, but for the life of me I cant find the log.I did not have to reboot. I ran the scan after that.


OTL logfile created on: 3/5/2012 8:15:53 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Daniel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 54.92% Memory free
5.50 Gb Paging File | 4.17 Gb Available in Paging File | 75.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 100.76 Gb Free Space | 58.31% Space Free | Partition Type: NTFS
Drive D: | 115.20 Gb Total Space | 113.55 Gb Free Space | 98.57% Space Free | Partition Type: NTFS

Computer Name: DANIEL-MSI | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
PRC - C:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\FSP\FspLib.dll ()
MOD - C:\Program Files\FSP\KbdHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot) -- File not found
SRV - (CobianBackup11) -- C:\Program Files\Cobian Backup 11\cbService.exe (Luis Cobian, CobianSoft)
SRV - (cbVSCService11) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (cbVSCService) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Movielink Core Service) -- C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\MovielinkCore.exe (Blockbuster)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- File not found
DRV - (RtsUIR) -- File not found
DRV - (RSUSBSTOR) -- File not found
DRV - (NAVEX15) -- File not found
DRV - (NAVENG) -- File not found
DRV - (MpKsld1c08d25) -- File not found
DRV - (MpKslaa4e8ed7) -- File not found
DRV - (MpKsl6d712253) -- File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\Drivers\aswrdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SRTSP) -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS (Symantec Corporation)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvstor32) -- C:\windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\windows\system32\DRIVERS\nvsmu.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{5AFCC6E9-1F38-4E1D-B713-465F1342B257}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 28 4D 28 98 CD CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF
IE - HKCU\..\SearchScopes\{7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20111201&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=164&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=164&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Daniel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2010/04/27 18:57:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/27 11:10:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/05 13:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 21:33:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 12:24:10 | 000,000,000 | ---D | M]

[2012/02/26 20:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2010/04/05 21:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/03/02 22:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions
[2012/01/31 09:54:42 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2012/01/25 17:45:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/02 22:09:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/30 23:30:13 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
[2012/01/11 09:47:55 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/01/31 09:54:41 | 000,000,000 | ---D | M] (ShopToWin6) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\{e68d0d96-5f18-496c-87f2-c0d521d78fbe}
[2011/12/12 13:35:53 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\extensions\plugin@yontoo.com
[2011/11/30 23:30:18 | 000,001,945 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\bing-zugo.xml
[2012/02/24 20:25:48 | 000,002,519 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\Search_Results.xml
[2012/02/21 21:44:40 | 000,002,306 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\xdcv2wub.default\searchplugins\wot-safe-search.xml
[2012/02/26 20:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/27 13:23:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/19 21:33:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/19 21:33:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2011/09/05 09:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/08/21 09:52:21 | 000,150,696 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2011/11/09 12:24:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/11/09 12:24:08 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/09 12:24:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/09 12:24:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/09 12:24:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/09 12:24:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/09 12:24:09 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/08/21 09:52:40 | 000,011,776 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2011/08/21 09:51:57 | 000,107,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2012/02/18 07:54:58 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/02/18 07:54:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/09 14:23:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/18 07:54:58 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/02/18 07:54:58 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/02/24 20:25:48 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/18 07:54:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/18 07:54:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/18 07:54:58 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: No name found = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2011/08/07 23:01:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cobian Backup 11 interface] C:\Program Files\Cobian Backup 11\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LoadMSvcmm] C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe (Blockbuster)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Google Update] C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Daniel\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswaswOtl.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2213EC-ED0E-489B-92B1-47BFED634941}: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/11/22 11:24:51 | 000,000,000 | ---D | M] - C:\Automotive -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 13:10:40 | 000,044,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/03/05 10:15:38 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/03/02 13:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/03/02 13:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2012/02/29 09:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/02/27 17:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mab
[2012/02/27 17:56:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\malbfeb272012.exe
[2012/02/27 13:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/27 13:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/27 13:38:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/27 13:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/27 13:33:33 | 015,003,312 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2012/02/27 13:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 13:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/02/24 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc
[2012/02/24 20:47:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WinRAR
[2012/02/24 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Ilivid Player
[2012/02/24 20:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/02/24 20:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/02/24 20:25:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\PackageAware
[2012/02/24 20:21:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Graboid
[2012/02/24 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid_Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/02/24 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Graboid
[2012/02/24 20:20:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Geckofx
[2012/02/24 20:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/21 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify
[2012/02/21 22:41:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify
[2012/02/15 00:11:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/15 00:11:20 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/15 00:11:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/15 00:11:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/15 00:11:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/15 00:11:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/14 20:55:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/14 20:55:13 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/07 09:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/07 09:46:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/02/07 09:46:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/02/07 09:46:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/02/07 09:29:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/07 09:29:23 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/07 09:29:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/07 09:29:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/07 09:29:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/07 09:29:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/07 09:29:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/07 09:29:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/07 09:29:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/07 09:29:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/07 09:29:23 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/07 09:29:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/07 09:29:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/07 09:29:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/07 09:29:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/07 09:29:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/07 09:29:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/07 09:29:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/07 09:29:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/07 09:29:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/07 09:29:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/07 09:29:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/07 09:29:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/07 09:29:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/07 09:29:23 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/07 09:29:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/07 09:29:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/07 09:29:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/07 09:29:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 20:04:23 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 20:03:16 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-927333513-3874424503-187824201-1000UA.job
[2012/03/05 20:03:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/05 14:49:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-927333513-3874424503-187824201-1000Core.job
[2012/03/05 13:10:40 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/03/05 11:30:42 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 11:30:42 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 11:28:28 | 000,000,380 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/05 11:25:21 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 11:22:27 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 10:23:55 | 000,001,413 | ---- | M] () -- C:\Users\Daniel\Desktop\OTL - Shortcut.lnk
[2012/03/05 10:16:20 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2012/03/05 08:21:47 | 000,665,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/03/05 08:21:47 | 000,123,096 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/03/04 22:52:06 | 000,000,324 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/02/29 14:58:11 | 373,055,721 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/27 17:59:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/27 17:56:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Daniel\Desktop\malbfeb272012.exe
[2012/02/27 13:42:59 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 13:33:56 | 015,003,312 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Daniel\Desktop\SUPERAntiSpyware.exe
[2012/02/27 13:32:06 | 000,879,700 | ---- | M] () -- C:\Users\Daniel\Desktop\SecurityCheck(1).exe
[2012/02/27 13:22:40 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/23 08:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/02/23 08:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/02/23 08:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/02/23 08:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/02/23 08:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/02/23 08:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/02/23 08:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/02/23 08:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/02/21 22:42:07 | 000,001,824 | ---- | M] () -- C:\Users\Daniel\Desktop\Spotify.lnk
[2012/02/17 21:50:46 | 000,002,374 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2012/02/15 22:05:19 | 000,468,128 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/07 09:53:16 | 000,001,417 | ---- | M] () -- C:\Users\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 09:29:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/07 09:29:23 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/07 09:29:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/07 09:29:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/07 09:29:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/07 09:29:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/07 09:29:23 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/07 09:29:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/07 09:29:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/07 09:29:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/07 09:29:23 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/07 09:29:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/07 09:29:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/07 09:29:23 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/07 09:29:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/07 09:29:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/07 09:29:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/07 09:29:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/07 09:29:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/07 09:29:23 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/07 09:29:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/07 09:29:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/07 09:29:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/07 09:29:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/07 09:29:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/07 09:29:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/07 09:29:23 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/07 09:29:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/07 09:29:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/07 09:29:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/07 09:29:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/06 12:53:03 | 000,002,127 | ---- | M] () -- C:\windows\epplauncher.mif
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 10:23:55 | 000,001,413 | ---- | C] () -- C:\Users\Daniel\Desktop\OTL - Shortcut.lnk
[2012/02/29 14:58:11 | 373,055,721 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/02/27 13:37:37 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/27 13:32:02 | 000,879,700 | ---- | C] () -- C:\Users\Daniel\Desktop\SecurityCheck(1).exe
[2012/02/27 13:22:40 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/21 22:42:07 | 000,001,824 | ---- | C] () -- C:\Users\Daniel\Desktop\Spotify.lnk
[2012/02/21 22:42:07 | 000,001,810 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/02/07 09:29:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/06 10:52:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/06 19:54:06 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2011/07/16 21:04:41 | 000,021,064 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/07/16 15:40:06 | 000,007,602 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/07/08 23:10:43 | 000,009,794 | -HS- | C] () -- C:\ProgramData\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\Users\Daniel\AppData\Local\fo85h7deu88aq42sp862xe76evu583fq
[2011/05/17 20:57:54 | 000,011,120 | -HS- | C] () -- C:\ProgramData\fo85h7deu88aq42sp862xe76evu583fq
[2011/05/06 14:19:06 | 000,005,078 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/04/17 08:12:24 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat
[2010/04/11 21:02:57 | 000,000,096 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2010/04/07 20:43:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 06 March 2012 - 05:43 AM

Hi,

yes, that's normal behaviour for google update. It checks for updates every 20minutes. You can either permanently allow it or we can see if we can disable google update permanently. (This is however easier said than done, knowing google's programs).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 06 March 2012 - 03:27 PM

Thank you for the explanation. I would like to permanently allow it. It is so bothersome, it should be classified as malware. It never happened until this past week too. I wonder why the change? At any rate lets fix this thing.

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 06 March 2012 - 03:37 PM

Hi,

well didn't you install chrome this past week? I would think that's where it belongs too.

Next time you get this warning, select "open normally" as an action and check the option "Remember my answer for this program" before clicking OK. You should not see the warning again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 06 March 2012 - 03:53 PM

No I did not put google chrome on the past week. I did install it just this morning, because it was in my face all the time:( Thank you I will do as you stated:)

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 06 March 2012 - 03:56 PM

Oh, ok.. I thought you'd installed it on the 17th, as it shows as a shortcut on your desktop from then:

[2012/02/17 21:50:46 | 000,002,374 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk (the first numbers are the date, then the time. Maybe it'll help you pin down what you were installing that day that caused the entire google thing to get onto your PC)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 orapaho

orapaho
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 06 March 2012 - 05:36 PM

I am not sure that my computer is totally free of the problem. I just ran SAS with the three boxes checked that Shooter recommended under scanning control: close browsers before starting, scan for cookies, terminate memory threats before quarantining. The other boxes were unchecked. Almost 80-90% through the scan I got a blue screen that said inpage Kernel error and it shut the computer down. This cant be normal right? Is this because SAS should be run from safe mode as Shooter had me do?

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:22 AM

Posted 06 March 2012 - 05:55 PM

Hi,

no it is not. But this may be due to your PC overheating, or because your hard drive is dying or because your anti virus program blocked SASW and caused a crash or because a different program that killed of SASW or because of a bug in SASW, etc.. There's no real way to know. Did you save the error code the BSOD showed? If so please post it?

Can you try again? Make sure you disable the real time protection of your security tools first though.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users