Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 bruinsmc6

bruinsmc6

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 22 January 2013 - 03:02 PM

I have a Google Redirect virus, which is what I think it is called. Really any search engine results get redirected after clicking on them but it is erratic, some do and others don't. I might have goofed up a little as I have run TDSS Rootkit and aswMBR already. I ran the DDS log the attach.txt and dds.txt files are attached. I have run Corbin to back up my c drive.

Before this virus started appearing I had done a full system scan with avast, as well as a bootup scan (root scan?), ran malwarebytes, did a disk cleanup of my C drive and finally a defrag. The following day after the defrag I start getting the redirect issues. I tried to run a system restore on 3 different dates all failed, then I tried system restore in safe mode and those both failed. If there is anything else you need to know please let me know thank you.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by Matt at 14:46:31 on 2013-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1035 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=hp
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355175906750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F6087F29-EF2E-4092-936C-D3E35ED644D3} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matt\application data\mozilla\firefox\profiles\aqytuh6v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q=
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\aqytuh6v.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\matt\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-12-11 14:57; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2013-01-19 22:01; freehdsport@freehdsport.tv; c:\documents and settings\matt\application data\mozilla\firefox\profiles\aqytuh6v.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-01-21 20:16; {30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6}; c:\documents and settings\matt\application data\mozilla\firefox\profiles\aqytuh6v.default\extensions\{30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6}.xpi
FF - ExtSQL: !HIDDEN! 2010-05-19 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-29 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-11 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-11 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-11 44808]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2013-1-22 67584]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-3 103040]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-17 124648]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-5-26 27136]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-18 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks\swscheduler\DTSCoordinatorService.exe [2011-9-27 89160]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-10-1 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-10-1 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-10-1 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-10-1 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-10-1 25704]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-15 3467768]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-5-26 738152]
.
=============== Created Last 30 ================
.
2013-01-22 16:37:33 -------- d-----w- c:\program files\Cobian Backup 11
2013-01-22 02:48:40 -------- d-----w- c:\program files\ESET
2013-01-22 02:33:57 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-22 01:37:57 -------- d-----w- C:\ComboFix
2013-01-22 01:21:14 -------- d-----w- c:\program files\ACW
2013-01-20 03:46:56 -------- d-----w- c:\documents and settings\matt\application data\4c0678a1-da72-424a-a135-87f69195675d79
2013-01-20 03:01:39 -------- d-----w- c:\program files\FirstRowSportApp.com
2013-01-16 18:33:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 16:16:00 -------- d-----w- c:\program files\Dropbox
2013-01-08 22:51:35 -------- d-----w- c:\program files\PokerTracker 3
.
==================== Find3M ====================
.
2013-01-09 19:44:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 19:44:19 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2011-12-27 01:45:03 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe
.
============= FINISH: 14:47:20.87 ===============

Attached Files


Edited by Noviciate, 22 January 2013 - 03:16 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 22 January 2013 - 03:22 PM

Good evening. :)

Download RogueKiller by Tigzy from here and save it to your Desktop

  • Close all open programs.
  • Double click RogueKiller.exe to run it.
  • Once the tool has initialised, click Scan on the right.
  • Once complete, click Report button, also on the right.
  • The report will open in Notepad and also be saved as RKreport[number].txt on your Desktop.
  • Please post the contents in your next Reply.
  • If for some reason the tool won't run, rename the file to winlogon.exe and try again.

So long, and thanks for all the fish.

 

 


#3 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 22 January 2013 - 03:29 PM

Thanks for the quick reply, here are the contents:

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Scan -- Date : 01/22/2013 15:28:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-1275210071-1409082233-839522115-1005[...]\Run : Adobe CS Manager (C:\Documents and Settings\postgres.MATTASAURUS\Application Data\4c0678a1-da72-424a-a135-87f69195675d79\cadaaafd.exe) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtRequestPort -> HOOKED (Unknown @ 0xBA698CA0)
_INLINE_ : NtRequestWaitReplyPort -> HOOKED (Unknown @ 0xBA698D40)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0xBA698C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] 4126ed8793f83013232027aeeaeaa33e
[BSP] e165d4bc09b19f59746ddaa23ad0f4ed : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600JB-00REA0 +++++
--- User ---
[MBR] 36c333bf768f138e0bfae112f4e9266e
[BSP] 49facedad3640935e7bf61a4a2bdd488 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] d997dac194ca8e803c491161a404e94b
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 56 | Size: 7788 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01222013_02d1528.txt >>
RKreport[1]_S_01222013_02d1528.txt

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 23 January 2013 - 02:53 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:

  • Linky #1
  • Linky #2

  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:


    :filefind
    cadaaafd.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

So long, and thanks for all the fish.

 

 


#5 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 23 January 2013 - 03:19 PM

Here is the log, thanks for the help so far!

SystemLook 30.07.11 by jpshortstuff
Log created at 15:13 on 23/01/2013 by Matt
Administrator - Elevation successful

========== filefind ==========

Searching for "cadaaafd.exe"
C:\Documents and Settings\NetworkService\Application Data\4c0678a1-da72-424a-a135-87f69195675d79\cadaaafd.exe --a---- 0 bytes [15:23 21/01/2013] [15:23 21/01/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\postgres.MATTASAURUS\Application Data\4c0678a1-da72-424a-a135-87f69195675d79\cadaaafd.exe --a---- 0 bytes [15:22 21/01/2013] [15:22 21/01/2013] D41D8CD98F00B204E9800998ECF8427E

-= EOF =-

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 24 January 2013 - 03:41 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#7 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 January 2013 - 04:30 PM

Is it easiest to view the txt this way or would you rather a txt file attached? Or if there is a way to make a scrolling box with the text inside of it I can do that as well. Here is the CF log.

ComboFix 13-01-24.02 - Matt 01/24/2013 16:15:22.5.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1293 [GMT -5:00]
Running from: c:\documents and settings\Matt\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 04:07 . 2013-01-24 04:09 -------- d-----w- c:\program files\MS Word Weekly Appointment Planner Template Software
2013-01-22 16:37 . 2013-01-22 16:37 -------- d-----w- c:\program files\Cobian Backup 11
2013-01-22 02:48 . 2013-01-22 02:48 -------- d-----w- c:\program files\ESET
2013-01-22 02:33 . 2013-01-22 02:33 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-22 01:21 . 2013-01-22 01:21 -------- d-----w- c:\program files\ACW
2013-01-21 15:23 . 2013-01-21 15:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
2013-01-21 15:23 . 2013-01-21 15:23 -------- d-sh--w- c:\documents and settings\postgres.MATTASAURUS\IETldCache
2013-01-21 15:22 . 2013-01-21 15:22 -------- d-----w- c:\documents and settings\postgres.MATTASAURUS\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
2013-01-20 03:46 . 2013-01-21 16:44 -------- d-----w- c:\documents and settings\Matt\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
2013-01-20 03:01 . 2013-01-20 03:01 -------- d-----w- c:\program files\FirstRowSportApp.com
2013-01-16 18:33 . 2013-01-12 08:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 05:53 . 2013-01-16 05:53 -------- d-----w- c:\program files\Common Files\Skype
2013-01-12 16:16 . 2013-01-12 16:16 -------- d-----w- c:\program files\Dropbox
2013-01-08 22:51 . 2013-01-08 22:51 -------- d-----w- c:\program files\PokerTracker 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:44 . 2012-03-29 20:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 19:44 . 2011-09-26 23:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2011-01-23 20:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2009-08-19 21:07 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-30 23:51 . 2012-12-11 19:52 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-12-11 19:52 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-12-11 19:52 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-12-11 19:52 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-12-11 19:52 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-12-11 19:52 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-12-11 19:52 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-12-11 19:52 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-12-11 19:52 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-12-11 19:51 227648 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-27 01:45 . 2011-12-27 01:44 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe
2013-01-19 05:10 . 2013-01-19 05:10 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ------w- c:\documents and settings\Matt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ------w- c:\documents and settings\Matt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ------w- c:\documents and settings\Matt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ------w- c:\documents and settings\Matt\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 404200]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 13:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 17:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"TunngleService"=3 (0x3)
"TeamViewer8"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Matt\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
"55902:TCP"= 55902:TCP:utorrent
"55902:UDP"= 55902:UDP:utorrent2
"2474:TCP"= 2474:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2010 12:39 PM 685816]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [5/29/2012 3:24 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/11/2012 2:52 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/11/2012 2:52 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/11/2012 2:52 PM 21256]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [1/22/2013 11:37 AM 67584]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/3/2012 11:20 PM 103040]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [5/26/2010 8:36 PM 27136]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 7:00 AM 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/18/2010 12:20 PM 1684736]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/27/2011 3:00 AM 89160]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [10/1/2010 10:01 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [10/1/2010 10:02 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [10/1/2010 10:02 AM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [10/1/2010 10:02 AM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [10/1/2010 10:02 AM 25704]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [1/15/2013 10:56 PM 3467768]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [5/26/2010 8:36 PM 738152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 22:17 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:44]
.
2013-01-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-11 23:50]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 21:06]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-10 21:06]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1409082233-839522115-1003Core.job
- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 20:08]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1409082233-839522115-1003UA.job
- c:\documents and settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-08 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=hp
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q=
FF - ExtSQL: 2012-12-11 14:57; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-19 22:01; freehdsport@freehdsport.tv; c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-01-21 20:16; {30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6}; c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6}.xpi
FF - ExtSQL: !HIDDEN! 2010-05-19 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(672)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\documents and settings\Matt\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-24 16:24:09
ComboFix-quarantined-files.txt 2013-01-24 21:24
ComboFix2.txt 2013-01-22 01:55
ComboFix3.txt 2012-12-10 21:05
ComboFix4.txt 2012-11-10 01:04
.
Pre-Run: 153,370,120,192 bytes free
Post-Run: 153,358,045,184 bytes free
.
- - End Of File - - ED91D61BC35DC4D452F1697A9BCBC795

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 25 January 2013 - 02:36 PM

Good evening. :)

Download regsearch.zip by Bobby Flekman from here and save it to your Desktop.
You will then need to unzip it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All... > Extract

You should now see the contents of the regsearch folder.
Double-click regsearch.exe to begin.
Copy and paste the following into the top box and then click OK:

cadaaafd.exe

When the tool has finished, a Notepad window will open with the results in. When you close it, a copy will be saved as RegSearch.txt in the regsearch folder - copy and paste this into your next reply.

So long, and thanks for all the fish.

 

 


#9 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 25 January 2013 - 03:20 PM

Hope I did this right:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 1/25/2013 3:18:27 PM for strings:
; 'cadaaafd.exe
'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 25 January 2013 - 05:20 PM

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#11 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 25 January 2013 - 09:46 PM

OTL logfile created on: 1/25/2013 9:40:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Matt\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.45% Memory free
3.85 Gb Paging File | 2.85 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 142.32 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 15.69 Gb Free Space | 10.53% Space Free | Partition Type: NTFS
Drive G: | 7.59 Gb Total Space | 5.05 Gb Free Space | 66.54% Space Free | Partition Type: FAT32

Computer Name: MATTASAURUS | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 21:40:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\My Documents\Downloads\OTL.scr
PRC - [2013/01/19 00:10:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/10/17 17:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 02:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/17 06:53:38 | 000,171,464 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 15:56:16 | 002,048,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13012501\algo.dll
MOD - [2013/01/25 02:15:48 | 002,048,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13012500\algo.dll
MOD - [2013/01/24 15:13:30 | 002,048,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13012401\algo.dll
MOD - [2013/01/19 00:10:55 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 03:26:12 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/10 03:24:27 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013/01/10 03:24:22 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\33ff7d73f01be8329a95c6e03f1dd555\System.Web.ni.dll
MOD - [2013/01/10 03:24:16 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:23:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 03:23:01 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/10 03:21:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 03:21:33 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:21:25 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 03:20:30 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 03:20:21 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 14:44:19 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/07/19 18:19:18 | 000,153,600 | ---- | M] () -- C:\WINDOWS\system32\AI_ContextMenu.dll
MOD - [2010/05/18 12:29:56 | 001,732,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:56 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:56 | 000,339,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:56 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:56 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010/05/18 12:29:56 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010/05/18 12:29:56 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010/05/18 12:29:56 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:55 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:55 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:55 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:55 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:55 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,782,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/05/18 12:29:54 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/05/18 12:29:54 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/05/18 12:29:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/05/18 12:29:54 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/05/18 12:29:53 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010/05/18 12:29:53 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/05/18 12:29:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/05/18 12:29:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/05/18 12:29:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/05/18 12:29:52 | 001,212,416 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/05/18 12:29:52 | 000,552,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/05/18 12:29:52 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/05/18 12:29:52 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/05/18 12:29:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/05/18 12:29:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/05/18 12:29:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/05/18 12:29:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/05/18 12:29:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/05/18 12:29:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/05/18 12:29:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/05/18 12:29:52 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/05/18 12:29:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/05/18 12:29:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/05/18 12:29:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/05/18 12:29:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/05/18 12:29:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/05/18 12:29:52 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/05/18 12:29:52 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/05/18 12:29:52 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/05/18 12:29:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.dll
MOD - [2010/05/18 12:29:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/05/18 12:29:51 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/05/18 12:29:51 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/02/27 12:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/07/16 02:59:32 | 000,007,680 | ---- | M] () -- C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\program files\common files\akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2013/01/19 00:10:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/09 14:44:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/28 08:42:36 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/07/19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/09/27 03:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/02/15 20:02:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/17 17:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/08 02:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tbhsd.sys -- (tbhsd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avqic4y0)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/04 01:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/05/10 02:34:48 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/03/06 18:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2010/12/20 03:50:00 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/05/24 09:31:26 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2010/05/24 09:31:26 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2010/05/24 09:31:26 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2010/05/24 09:31:26 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2010/05/24 09:31:26 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2010/05/18 12:39:54 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/09/16 06:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/18 04:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/24 20:24:00 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/06/02 08:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{8A6E6217-62C2-43EE-B194-4938108BFEE9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8A6E6217-62C2-43EE-B194-4938108BFEE9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS514
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: DollaroSA3%40francesco.buldo.it:1.6
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6%7D:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: handfire@thehandconverter.com:0.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=847d814d-0d5f-4a23-8099-3e6b3ac1f8f0&searchtype=ds&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/11 14:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 00:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:10:48 | 000,000,000 | ---D | M]

[2010/05/18 12:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2013/01/19 22:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions
[2012/12/11 14:15:34 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/12/11 20:40:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/25 16:02:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/02/06 17:49:23 | 000,000,000 | ---D | M] ("Handfire") -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\handfire@thehandconverter.com
[2012/09/09 11:31:24 | 000,014,543 | ---- | M] () (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\DollaroSA3@francesco.buldo.it.xpi
[2013/01/19 22:01:41 | 000,216,743 | ---- | M] () (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\freehdsport@freehdsport.tv.xpi
[2013/01/21 20:16:42 | 000,003,959 | ---- | M] () (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6}.xpi
[2012/12/11 14:13:13 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/12/12 15:25:49 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\searchplugins\conduit.xml
[2012/12/14 10:33:19 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\aqytuh6v.default\searchplugins\Web Search.xml
[2013/01/19 00:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 00:10:45 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013/01/19 00:10:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/12/12 15:13:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/12 15:13:31 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: FreeHDSport.TV = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\
CHR - Extension: ChromeUpdateManager = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: 1Click Downloader = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.5_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\

O1 HOSTS File: ([2013/01/21 20:47:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355175906750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6087F29-EF2E-4092-936C-D3E35ED644D3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/20 19:29:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/05/18 12:11:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/23 23:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\MS Word Weekly Appointment Planner Template Software
[2013/01/22 15:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\RK_Quarantine
[2013/01/22 11:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
[2013/01/22 11:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2013/01/21 21:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/21 21:33:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/21 20:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2013/01/21 20:12:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matt\Recent
[2013/01/21 10:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
[2013/01/19 22:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
[2013/01/19 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\FirstRowSportApp.com
[2013/01/19 22:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\FirstRowSportApp.com
[2013/01/19 00:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\My Documents\FirstClass
[2013/01/16 00:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/16 00:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/15 22:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
[2013/01/12 11:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/01/08 17:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\PokerTracker 3
[2013/01/08 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\PokerTracker 3
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/25 21:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 20:49:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1409082233-839522115-1003UA.job
[2013/01/25 20:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/25 14:52:00 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/25 14:15:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 08:18:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/25 08:18:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/24 16:13:58 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Shortcut to ComboFix.exe.lnk
[2013/01/22 04:49:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1409082233-839522115-1003Core.job
[2013/01/21 21:47:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\MBR.dat
[2013/01/21 20:47:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/21 20:44:06 | 000,006,524 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6.crx
[2013/01/21 16:49:22 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/01/19 22:01:39 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\FirstRowSportApp.lnk
[2013/01/19 00:59:11 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 11:20:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 11:16:44 | 000,023,680 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\cc_20130118_111639.reg
[2013/01/18 11:12:22 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/16 09:17:21 | 003,586,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/15 22:56:49 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/01/15 08:23:44 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 12:03:51 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HoldemManager.lnk
[2013/01/14 11:58:35 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Shortcut (2) to loader_HM.exe.lnk
[2013/01/12 11:15:41 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Dropbox.lnk
[2013/01/10 03:19:33 | 000,553,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 03:19:33 | 000,102,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/08 17:53:00 | 000,004,867 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/24 16:13:58 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Shortcut to ComboFix.exe.lnk
[2013/01/21 21:47:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\MBR.dat
[2013/01/19 22:27:42 | 000,006,524 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\30cff8f2-1ad1-4cbe-94b6-86c1a03a83f6.crx
[2013/01/19 22:01:39 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\FirstRowSportApp.lnk
[2013/01/18 11:16:42 | 000,023,680 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\cc_20130118_111639.reg
[2013/01/15 22:56:49 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/01/14 12:03:51 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HoldemManager.lnk
[2013/01/14 11:58:35 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Shortcut (2) to loader_HM.exe.lnk
[2013/01/08 17:53:00 | 000,004,867 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bltofzsb.qlf
[2012/11/09 19:30:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/09 19:30:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/09 19:30:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/09 19:30:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/09 19:30:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/15 21:00:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/08/28 09:05:38 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\ibfs32.dll
[2012/02/14 21:22:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/26 20:44:08 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/11/13 17:02:49 | 000,061,440 | ---- | C] () -- C:\WINDOWS\uninstall.exe
[2011/10/19 17:39:31 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_fts3.dll
[2011/10/19 17:39:31 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_rtree.dll
[2011/10/19 17:39:31 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_extfunc.dll
[2011/10/19 17:39:31 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_mod_impexp.dll
[2011/02/14 19:42:26 | 000,003,718 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2011/02/13 21:58:50 | 004,437,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1409082233-839522115-1003-0.dat
[2011/02/13 21:58:50 | 000,353,734 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/06 11:28:36 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\machpro.dat
[2010/06/09 17:35:21 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 15:11:39 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\PnkBstrK.sys

========== ZeroAccess Check ==========

[2010/05/18 12:27:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/11/05 00:05:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/18 12:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/05/22 19:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/12/11 14:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/19 17:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carlson Software
[2011/02/15 20:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/11/02 20:53:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2012/12/16 18:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/06/22 19:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2012/06/21 20:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2011/04/15 16:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hssff
[2011/01/25 12:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2011/12/24 14:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2010/09/21 14:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pokernet
[2012/08/28 09:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Protector PDF Viewer
[2011/07/27 19:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/10/19 17:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/05/04 19:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/02 15:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/10/10 15:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012/10/20 15:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2010/11/20 16:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2012/06/11 15:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2013/01/21 11:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\4c0678a1-da72-424a-a135-87f69195675d79
[2011/03/21 10:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Amazon
[2011/10/20 19:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Autodesk
[2011/10/19 19:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Carlson Software
[2011/04/15 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\CheeseSoft
[2011/01/23 19:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Copan
[2011/02/15 20:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\DassaultSystemes
[2013/01/21 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Dropbox
[2011/02/16 19:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Echo Software
[2010/08/28 18:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Epson
[2011/03/27 08:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\fhnetwork.com
[2012/10/12 20:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Garmin
[2012/06/24 13:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Guitar Pro 6
[2013/01/16 19:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HEM Data
[2013/01/15 08:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\HoldemManager
[2011/10/23 19:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ImgBurn
[2011/01/29 22:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ISIS Drivers
[2011/04/18 11:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\KeePass
[2011/01/25 12:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MapInfo
[2010/09/21 14:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Microgaming
[2010/10/13 19:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MyPokerLab
[2012/06/11 08:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Notepad++
[2012/03/05 16:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\NuonSoft
[2011/01/14 10:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\PFStaticIP
[2011/01/17 20:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Pokerazor
[2011/12/07 10:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\RaiseandFold
[2011/02/10 22:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Rovio
[2012/12/13 11:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Sony
[2012/08/26 23:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\StreamTorrent
[2011/02/16 19:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Subversion
[2011/01/19 13:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TeamViewer
[2012/09/02 14:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TechSmith
[2011/01/31 16:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\tunebite
[2012/08/27 17:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Tunngle
[2013/01/23 23:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2010/11/16 16:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Zuse

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 1/25/2013 9:40:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Matt\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.45% Memory free
3.85 Gb Paging File | 2.85 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 142.32 Gb Free Space | 30.56% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 15.69 Gb Free Space | 10.53% Space Free | Partition Type: NTFS
Drive G: | 7.59 Gb Total Space | 5.05 Gb Free Space | 66.54% Space Free | Partition Type: FAT32

Computer Name: MATTASAURUS | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:postgres
"55902:TCP" = 55902:TCP:*:Enabled:utorrent
"55902:UDP" = 55902:UDP:*:Enabled:utorrent2
"2474:TCP" = 2474:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\Tunngle\tnglctrl.exe" = C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Program Files\Tunngle\tunngle.exe" = C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Matt\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Matt\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003C285C-AC50-4B8C-8718-3481CBA49E2F}_is1" = Alarm Clock version 1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0807E67B-DACB-1739-A87E-3046FF40BA23}" = CCC Help Chinese Traditional
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0DF310E3-6C01-99DC-296F-1D021BA36C2D}" = CCC Help English
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{1E8E87B5-4531-CEE3-4791-6AD9E72076EC}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light
"{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{27596347-C945-B113-EF47-169D471CEB05}" = CCC Help Turkish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-in for Microsoft Office
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3666DE18-A4CC-4E1E-8165-0D78758C2209}" = CCC Help Russian
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing
"{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese
"{479826D5-FE36-711F-8BE3-AB7B44440F66}" = ccc-utility
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{532669C6-3139-E755-B3B8-95F184EB27EB}" = CCC Help German
"{540083C1-03E8-4665-9566-DF5412F1000A}" = MapInfo Professional 10.5
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish
"{577F4DD2-ED68-690F-6328-8A8CAC8FCA75}" = CCC Help Polish
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{637A3EC2-4299-67B2-E0D2-C25572F4D37A}" = CCC Help Thai
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{702F39B4-05FB-22F4-8426-E5FFFA330FF3}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{73FB391E-E800-CC82-D9BA-EF9CB8A939F3}" = CCC Help French
"{747E2E56-A68B-15C6-BB77-31BFE0C031EF}" = CCC Help Spanish
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{7876AE8D-08D8-3A1C-A1F4-E7F255DDBBEA}" = ccc-utility
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{7A37A44B-968E-6CA3-278C-878D4D08B226}" = CCC Help Czech
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{7C0FB04E-5A40-C63D-CC1B-B6C1B60FDDA3}" = CCC Help Japanese
"{7D94796D-007E-45DE-CEAD-8E616D78E95B}" = CCC Help Dutch
"{7E7C98D1-4F44-21D4-C351-25E2367027F3}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87A91A66-1566-714D-E1BE-1F3B040E65D5}" = CCC Help Swedish
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90756E9C-97E4-4405-A85F-1734804990DD}" = Mindjet MindManager 9
"{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92F63D17-2A32-7184-B8D7-905E0E1BC2A9}" = CCC Help Hungarian
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95CEF602-B837-0C37-F5E6-49C8F3196998}" = CCC Help Greek
"{97E1A4DE-82AB-0448-0AEA-77DC1DD9A492}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{9DFD861E-2692-873F-BA2C-E4788648D966}" = CCC Help Italian
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A6991E11-AF13-652B-5736-C8800EF5527B}" = Catalyst Control Center
"{A8BBAA6B-71BE-4AA2-A9DE-76BF38473E5F}" = ATI AVIVO Codecs
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.3
"{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B50676DC-AAE9-20DF-01A5-DABCDECD6DFC}" = Catalyst Control Center Graphics Previews Common
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean
"{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6346B4B-FDD6-C406-06FE-0CF77F561E78}" = AMD Catalyst Install Manager
"{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9C7FB0D-B233-1B2E-E9DC-543911F6D94A}" = Catalyst Control Center InstallProxy
"{DD9F821E-7B8D-210F-A4AE-47C60870DEBE}" = CCC Help Norwegian
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{E6F42010-AA5A-B862-9620-8CBD23ACDED4}" = CCC Help Portuguese
"{EAAE7669-947C-26DD-563D-863B63FFC1EA}" = CCC Help Finnish
"{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F296A4CD-54A2-1EEE-CE14-8F88A1D97083}" = CCC Help Korean
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek
"{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech
"{FE706200-62BF-4D25-8B34-DC31189DE902}" = SolidWorks 2012 SP0
"{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian
"1ClickDownload" = FirstRowSportApp
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Crossfading" = Advanced Crossfading 1.7.6.1180
"Akamai" = Akamai NetSession Interface
"avast" = avast! Free Antivirus
"CalorieKing Nutrition and Exercise Manager" = CalorieKing Nutrition and Exercise Manager (remove only)
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"CobBackup11" = Cobian Backup 11 Gravity
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DjVu Solo 3.1" = DjVu Solo 3.1
"ESET Online Scanner" = ESET Online Scanner v3
"Fundamentals of SolidWorks® 20112.1" = Fundamentals of SolidWorks® 2011
"Google Chrome" = Google Chrome
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HoldemManager" = Holdem Manager
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1" = PDF-XChange 3
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"RunBetterPoker.com MergeKeys Beta" = RunBetterPoker.com MergeKeys Beta
"RunBetterPoker.com MergeMods Beta 1.02" = RunBetterPoker.com MergeMods Beta 1.02
"SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"TeamViewer 8" = TeamViewer 8
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinDjView" = WinDjView 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CarbonPoker" = CarbonPoker
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2013 9:21:21 PM | Computer Name = MATTASAURUS | Source = ACW_DE | ID = 2
Description =

Error - 1/21/2013 9:22:07 PM | Computer Name = MATTASAURUS | Source = ACW_DE | ID = 2
Description =

Error - 1/21/2013 9:47:16 PM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-21 20:47:16 ESTFATAL: the database system is starting up

Error - 1/21/2013 9:57:17 PM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-21 20:57:17 ESTFATAL: the database system is starting up

Error - 1/21/2013 9:57:18 PM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-21 20:57:18 ESTFATAL: the database system is starting up

Error - 1/22/2013 7:29:55 AM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-22 06:29:55 ESTFATAL: the database system is starting up

Error - 1/23/2013 11:26:42 AM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-23 10:26:42 ESTFATAL: the database system is starting up

Error - 1/23/2013 11:26:43 AM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-23 10:26:43 ESTFATAL: the database system is starting up

Error - 1/24/2013 8:41:43 AM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-24 07:41:43 ESTFATAL: the database system is starting up

Error - 1/25/2013 9:18:35 AM | Computer Name = MATTASAURUS | Source = PostgreSQL | ID = 0
Description = 2013-01-25 08:18:35 ESTFATAL: the database system is starting up

[ System Events ]
Error - 1/22/2013 7:29:59 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/22/2013 7:29:59 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 1/23/2013 11:26:46 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/23/2013 11:26:46 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 1/24/2013 8:41:47 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/24/2013 8:41:47 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 1/24/2013 5:32:13 PM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/24/2013 5:32:13 PM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126

Error - 1/25/2013 9:18:39 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%1058

Error - 1/25/2013 9:18:39 AM | Computer Name = MATTASAURUS | Source = Service Control Manager | ID = 7023
Description = The Akamai NetSession Interface service terminated with the following
error: %%126


< End of report >

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 27 January 2013 - 03:15 PM

Good evening. :)

Do you have a flashdrive of at least 128 Mb that you can wipe clean to use for a little something?

So long, and thanks for all the fish.

 

 


#13 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 27 January 2013 - 03:17 PM

I don't but I might be bale to get one or borrow one.

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:35 PM

Posted 27 January 2013 - 04:31 PM

If you could that would be grand.

So long, and thanks for all the fish.

 

 


#15 bruinsmc6

bruinsmc6
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 27 January 2013 - 06:56 PM

If you could that would be grand.


I will see what I can do.

I want to add that I will be out of town for the week so this topic will not get updated as my computer will not be with me. So please do not lock this yet I will be back on Friday to pick up where I left off. Thank you Noviciate for all your help so far.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users