PDA

View Full Version : Can't Remove Virtumonde and Win32.Small.ddx Good Grief!



Leaddog
2011-05-03, 21:02
Hi,
My name is Rex. I have many years of computer experience and so have fought this awhile before coming here. Clearly malware is not my specialty. I have always been able to fix infections until now however, & now find myself a "newbie" here. :red:

Setup:

These infections only show up on SS&D. Malwarebytes - Antimalware, ESET NOD32 V4, Vundofix, etc don't show anything.

I searched for infection because my email account started sending spam. It took a day or so to figure out that it was ONLINE access not machine access that caused that but I *assume* that they got the un/pw from infection on the machine.

Original SS&D infections were Doubleclick Tracking cookie, MTC.MakeMeSearch.com (registry key), Right Media cookie and Statcounter cookie.

You can assume I have run just about every "fixer" type software on my machine (including combofix) before I ever showed up on this forum. I have not used any registry cleaner in probably 6 months however. Machine seems to be OK but I thought it was OK even while I was sending out spam emails. As I said they did not go out through desktop OUTLOOK channel.

This next bit of info took awhile to figure out. What makes this maddening is that the SS&D scan will show clean if the Firefox browser is open. But it will come back infected if it is closed! If the browser is closed, you can clean the infection with SS&D and show infection on the next scan even without reboot. Reboot, of course, always shows return. Doesn't matter if I do the process in safe mode or not, it will not clean. I have even used rkill to stop root kit processes before cleaning with SS&D with no luck.

Having no luck myself, I will stop dead in my tracks and work with you.

I have run ERUNT & DDS

Below are my attachments:

--------------------DDS.txt Log--------------------------
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Rex at 10:27:30.27 on Tue 05/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9557 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Compete Toolbar\Compete.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MarkSpace\Missing Sync for Android\MSADSyncMarshaller.exe
C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files (x86)\Nevo\NevoBackup\NevoBackup.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Masters\Anti-Malware programs\DDS - Documents system\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: CI ToolHelper Class: {55825511-174a-4b4e-84b7-69aac4e294b6} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: IEInspector Browser Helper: {9b43b7b1-bf56-4708-81d2-332d708b0dd9} - C:\PROGRA~2\IEINSP~1\HTTPAN~1\IEINSP~1.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Compete Toolbar: {9b393b85-708d-4e61-9529-2fa61d4a4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Steam] C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [GoogleRdrNotify] "C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe"
uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\TrayServer.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Compete Toolbar] C:\Program Files (x86)\Compete Toolbar\Compete.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
mRun: [Compete Toolbar Update] C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe
StartupFolder: C:\Users\Rex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THE5BU~1.LNK - C:\Program Files (x86)\The 5 Bucks a Day Action Enforcer\ActionEnforcer.exe
StartupFolder: C:\Users\Rex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MISSIN~1.LNK - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit
IE: &Grab video by Orbit
IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit
IE: Down&load all by Orbit
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - {92F2BF89-AEA4-4A97-993E-9128C11F400D} - C:\PROGRA~2\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
Trusted Zone: azoogleads.com\login
Trusted Zone: epicdirectnetwork.com\www
Trusted Zone: google.com\adwords
Trusted Zone: google.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
BHO-X64: TmBpIeBHO - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
TB-X64: {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox\components\HttpAnalyzerFFV6.dll
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Users\Rex\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Rex\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
FF - Ext: Save Complete: savecomplete@perlprogrammer.com - %profile%\extensions\savecomplete@perlprogrammer.com
FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF - Ext: Http Analyzer V6: httpanalyzerv6ffaddon@ieinspector.com - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-30 55280]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-11-5 1263200]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-5 3975088]
R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-1-23 20480]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-9-24 296808]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-4 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 HttpAnalyzerV6 DllInjectService;HttpAnalyzerV6 CodeHook service;C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe [2010-12-13 466752]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-10-17 72216]
R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-11-5 279136]
R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-12 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]
S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-28 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-12 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-4 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-05-03 03:31:25 -------- d-sh--w- C:\Users\Rex\AppData\Roaming\.#
2011-05-03 03:31:17 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-02 01:22:25 -------- d-----w- C:\SDFix
2011-05-01 23:21:03 98816 ----a-w- C:\Windows\sed.exe
2011-05-01 23:21:03 89088 ----a-w- C:\Windows\MBR.exe
2011-05-01 23:21:03 256512 ----a-w- C:\Windows\PEV.exe
2011-05-01 23:21:03 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-01 00:38:15 -------- d-----w- C:\Program Files (x86)\Sophos
2011-04-30 21:38:58 -------- d-----w- C:\VundoFix Backups
2011-04-21 02:16:31 -------- d-----w- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
2011-04-21 02:16:29 -------- d-----w- C:\Program Files\Applian Technologies
2011-04-15 15:39:18 -------- d-----w- C:\Program Files (x86)\Market Samurai
2011-04-14 03:15:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-04-14 03:15:38 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-04-14 03:15:38 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-04-14 03:15:10 -------- d-----w- C:\Program Files\iPod
2011-04-14 03:15:09 -------- d-----w- C:\Program Files\iTunes
2011-04-14 03:15:09 -------- d-----w- C:\Program Files (x86)\iTunes
2011-04-14 03:13:27 -------- d-----w- C:\Program Files\Bonjour
2011-04-14 03:13:27 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-04-14 01:43:45 -------- d-----w- C:\Program Files (x86)\XMind
2011-04-13 15:44:16 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-13 15:44:15 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-13 15:23:34 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-04-13 15:22:45 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-13 15:22:45 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-13 15:22:44 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-13 15:22:42 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-13 15:22:42 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-13 15:22:03 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-04-13 15:21:28 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-04-13 15:21:28 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-13 15:21:28 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-13 15:21:28 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-11 23:59:24 -------- d-----w- C:\Users\Rex\AppData\Roaming\Summitsoft
2011-04-11 23:59:24 -------- d-----w- C:\Program Files (x86)\Summitsoft
2011-04-11 23:59:24 -------- d-----w- C:\PROGRA~3\Summitsoft
2011-04-11 23:58:10 -------- d-----w- C:\Users\Rex\AppData\Local\Downloaded Installations
2011-04-09 20:52:53 -------- d-----w- C:\Users\Rex\AppData\Roaming\alm
2011-04-08 01:44:51 -------- d-----w- C:\Users\Rex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-04-06 02:53:08 -------- d-----w- C:\Users\Rex\AppData\Local\SENukeX
.
==================== Find3M ====================
.
2011-04-20 19:01:43 805906 ----a-w- C:\Windows\XSitePro2 Uninstaller.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-04 05:20:18 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-04 05:20:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-21 02:30:14 2868224 ----a-w- C:\Windows\System32\python32.dll
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:28:02.19 ===============

---------Spybot Search and Destroy Short log after cleaning --------
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-05-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-26 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-26 Includes\TrojansC-02.sbi (*)
2011-04-26 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-26 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

---I have attached "attach.zip" as requested in the instructions -----

I appreciate any help you can give me.

Thanks,
Rex

ken545
2011-05-17, 01:47
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg
Thank You Atribune






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please







OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Leaddog
2011-05-17, 07:12
Hi Ken,

Thanks very much for taking this on. I can certainly use the help.

Thanks,
Rex

Here is the MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6594

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

5/16/2011 10:38:41 PM
mbam-log-2011-05-16 (22-38-41).txt

Scan type: Quick scan
Objects scanned: 168857
Time elapsed: 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------

Next post(s) will have the OTL logs.

Leaddog
2011-05-17, 07:14
Here is the OTL.txt log

OTL logfile created on: 5/16/2011 10:53:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rex\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 72.00% Memory free
24.00 Gb Paging File | 20.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1713.48 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 776.58 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive O: | 7.63 Gb Total Space | 7.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: REX950 | User Name: Rex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rex\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\MSADSyncMarshaller.exe (MarkSpace)
PRC - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\WindowsMobile\WmdHost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe (Compete, Inc.)
PRC - C:\Program Files (x86)\Compete Toolbar\Compete.exe (Compete, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Rex\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (HttpAnalyzerV6 DllInjectService) -- C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe ()
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe (AG Interactive)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 0F 7E 8A 86 31 CB 01 [binary data]
IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/01/19 17:15:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/18 11:18:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/16 00:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/01/21 01:00:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKLM\software\mozilla\Firefox\Extensions\\httpanalyzerv6ffaddon@ieinspector.com: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox [2010/12/13 01:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/30 23:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/01 15:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/29 17:27:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/11/28 21:15:51 | 000,000,000 | ---D | M]

[2010/05/29 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Extensions
[2010/05/29 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/05/15 22:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions
[2011/03/13 21:09:56 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/05/14 22:38:06 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/02/17 08:54:40 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2011/04/02 11:08:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/13 09:44:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/28 12:12:49 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/02/04 09:40:30 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/02/07 16:10:21 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\firebug@software.joehewitt.com
[2010/03/24 15:14:57 | 000,000,000 | ---D | M] (Font Finder) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\fontfinder@bendodson.com
[2010/03/10 14:01:59 | 000,000,000 | ---D | M] (Google Semantics) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\goog@ind.net
[2011/05/05 21:30:49 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\rankchecker@seobook.com
[2010/07/16 10:34:30 | 000,000,000 | ---D | M] (Save Complete) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\savecomplete@perlprogrammer.com
[2011/03/28 12:12:52 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\seodoctor@prelovac.com
[2011/05/14 22:38:08 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\seotoolbar@seobook.com
[2011/03/16 05:12:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\support@lastpass.com
[2010/10/17 07:06:00 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\yslow@yahoo-inc.com
[2011/05/15 22:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/06 00:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 00:41:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 09:22:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 00:49:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 13:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/02 21:20:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - File not found
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - File not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CI ToolHelper Class) - {55825511-174A-4b4e-84B7-69AAC4E294B6} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (IEInspector Browser Helper) - {9B43B7B1-BF56-4708-81D2-332D708B0DD9} - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\IEInspectorBHO.dll (IEInspector Software)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - File not found
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Compete Toolbar) - {9B393B85-708D-4e61-9529-2FA61D4A4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (no name) - {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No CLSID value found.
O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (Compete Toolbar) - {9B393B85-708D-4E61-9529-2FA61D4A4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Compete Toolbar] C:\Program Files (x86)\Compete Toolbar\Compete.exe (Compete, Inc.)
O4 - HKLM..\Run: [Compete Toolbar Update] C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe (Compete, Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [GoogleRdrNotify] C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe ()
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Rex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The 5 Bucks a Day Action Enforcer.lnk = C:\Program Files (x86)\The 5 Bucks a Day Action Enforcer\ActionEnforcer.exe (Dennis Becker d.b.a. MDM Sports)
O4 - Startup: C:\Users\Rex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: IE HTTPAnalyzer V6 - {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\IEHTTPAnalyzerV6.dll (IEInspector Software)
O9 - Extra 'Tools' menuitem : IE HTTPAnalyzer V6 - {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: azoogleads.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: epicdirectnetwork.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: google.com ([adwords] https in Trusted sites)
O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - File not found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/07 19:33:03 | 000,000,000 | ---D | M] - D:\Auto Profit Machine Software -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 22:40:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
[2011/05/11 08:33:39 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/11 08:33:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/11 08:12:02 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/11 08:12:00 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/11 08:11:59 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/11 08:11:51 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/11 08:11:51 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Rex\Documents\My NameFusion Projects
[2011/05/03 11:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/02 22:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\CleanBigBox
[2011/05/02 22:31:25 | 000,000,000 | -HSD | C] -- C:\Users\Rex\AppData\Roaming\.#
[2011/05/02 22:31:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/02 22:10:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/02 22:06:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/01 23:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/05/01 23:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/05/01 20:22:25 | 000,000,000 | ---D | C] -- C:\SDFix
[2011/05/01 18:21:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/01 18:21:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/01 18:21:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/01 18:21:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/01 18:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/04/30 16:38:58 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/04/29 17:10:47 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/29 17:10:47 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/29 17:10:46 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/29 17:10:46 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/29 17:10:31 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/29 17:10:31 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/29 17:10:31 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/29 17:10:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/29 17:10:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/29 17:10:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/29 17:10:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/29 17:10:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/29 17:10:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/20 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
[2011/04/20 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies

========== Files - Modified Within 30 Days ==========

[2011/05/16 22:40:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
[2011/05/16 22:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 22:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2742305908-3772588821-3740990406-1001UA.job
[2011/05/16 19:08:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2742305908-3772588821-3740990406-1001Core.job
[2011/05/16 16:21:47 | 000,012,288 | ---- | M] () -- C:\Users\Rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/16 08:00:22 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/05/16 07:13:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/14 02:55:03 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2011/05/12 18:46:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 18:46:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 20:52:51 | 000,022,135 | ---- | M] () -- C:\Users\Rex\.recently-used.xbel
[2011/05/11 18:38:30 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/05/11 18:37:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 18:37:41 | 1072,279,550 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/10 00:23:48 | 000,000,000 | ---- | M] () -- C:\Users\Rex\Desktop\index.html
[2011/05/03 11:43:29 | 000,001,293 | ---- | M] () -- C:\Users\Rex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/03 11:43:29 | 000,001,269 | ---- | M] () -- C:\Users\Rex\Desktop\Spybot - Search & Destroy.lnk
[2011/05/03 00:22:21 | 000,326,388 | ---- | M] () -- C:\Users\Rex\Desktop\SPTDinst-v178-x64.exe
[2011/05/02 21:20:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/23 00:38:41 | 001,064,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/23 00:38:41 | 000,861,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/23 00:38:41 | 000,197,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/20 16:45:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/04/20 14:01:43 | 000,805,906 | ---- | M] () -- C:\Windows\XSitePro2 Uninstaller.exe

========== Files Created - No Company Name ==========

[2011/05/11 20:52:51 | 000,022,135 | ---- | C] () -- C:\Users\Rex\.recently-used.xbel
[2011/05/10 00:23:48 | 000,000,000 | ---- | C] () -- C:\Users\Rex\Desktop\index.html
[2011/05/03 11:43:29 | 000,001,293 | ---- | C] () -- C:\Users\Rex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/03 11:43:29 | 000,001,269 | ---- | C] () -- C:\Users\Rex\Desktop\Spybot - Search & Destroy.lnk
[2011/05/03 00:22:19 | 000,326,388 | ---- | C] () -- C:\Users\Rex\Desktop\SPTDinst-v178-x64.exe
[2011/05/01 18:21:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/01 18:21:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/01 18:21:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/01 18:21:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/01 18:21:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/01 12:58:28 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/04/07 20:29:33 | 000,001,456 | ---- | C] () -- C:\Users\Rex\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/04 09:24:37 | 000,000,600 | ---- | C] () -- C:\Users\Rex\AppData\Local\PUTTY.RND
[2010/10/12 16:46:31 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini
[2010/09/22 20:20:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL
[2010/09/07 14:08:24 | 000,001,699 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/08/26 00:43:54 | 000,012,953 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/07/23 18:19:34 | 000,228,948 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/22 00:00:59 | 000,000,197 | ---- | C] () -- C:\Windows\keywordsetting.ini
[2010/06/19 07:57:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/30 13:29:12 | 000,000,046 | ---- | C] () -- C:\Windows\Goya.INI
[2010/04/17 17:30:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/23 22:41:34 | 000,000,116 | ---- | C] () -- C:\Windows\cool.ini
[2010/03/23 22:38:40 | 000,000,011 | ---- | C] () -- C:\Windows\wordpad.ini
[2010/03/16 14:26:01 | 000,805,906 | ---- | C] () -- C:\Windows\XSitePro2 Uninstaller.exe
[2010/03/16 00:25:31 | 000,023,140 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/01 23:09:36 | 000,210,572 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/03/01 23:09:36 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2010/02/19 23:34:08 | 000,000,025 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\bdfvconp.ini
[2010/02/13 00:17:34 | 000,007,670 | ---- | C] () -- C:\Users\Rex\AppData\Local\Resmon.ResmonCfg
[2010/01/28 18:43:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/01/28 18:43:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/01/28 17:42:59 | 000,012,288 | ---- | C] () -- C:\Users\Rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/23 02:52:21 | 000,004,903 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
[2010/01/23 02:07:03 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv08.dll
[2010/01/23 02:02:09 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/01/23 01:54:49 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/01/23 01:43:32 | 000,000,143 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\default.pls
[2010/01/22 20:46:21 | 000,000,587 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/01/19 00:28:28 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/01/18 20:18:59 | 001,051,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

========== LOP Check ==========

[2011/05/11 18:39:03 | 000,000,000 | -HSD | M] -- C:\Users\Rex\AppData\Roaming\.#
[2010/01/21 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Acoustica
[2010/11/05 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Acronis
[2010/06/28 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ADText Generator
[2010/07/18 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\AdTextImage Creator 2.0
[2010/07/10 01:15:03 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Affirma Consulting
[2010/01/23 00:53:56 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Artisteer
[2011/03/23 12:52:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Audacity
[2010/11/25 13:36:12 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Auto Traffic Monopoly
[2010/01/18 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BitDefender
[2010/09/04 01:12:39 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2010/12/12 13:04:46 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BlueprintMarketing.Keynet.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2011/04/07 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/29 00:11:33 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2011/01/03 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2010/09/14 16:21:13 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2010/08/16 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.SERPy.A24874ABA585E72CC832DED473DD4E8BBFF88E58.1
[2010/01/26 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\DAEMON Tools Lite
[2010/04/07 13:18:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/30 14:04:21 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\EasyLeadFinder
[2011/04/08 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\EditPlus 3
[2010/08/13 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GetRightToGo
[2010/01/26 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GlobalSCAPE
[2011/05/16 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GoodSync
[2011/04/27 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GrabPro
[2011/01/30 12:36:25 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GRaiN
[2011/05/11 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\gtk-2.0
[2010/06/20 01:45:15 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\HandBrake
[2010/11/24 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Keyword Advantage
[2010/09/22 20:21:35 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Likno Software
[2010/08/04 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MAGIX
[2010/02/17 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/26 14:04:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MarkSpace
[2011/04/30 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Notepad++
[2011/02/15 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Nuance
[2011/05/01 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Orbit
[2010/10/04 01:32:01 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ProductKeywordTool
[2010/08/02 11:46:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ProgSense
[2010/11/30 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Publish Providers
[2010/08/01 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Punch! Software
[2011/04/20 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
[2011/04/12 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SmartDraw
[2010/01/23 04:22:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SmartDraw Image Plugin
[2010/06/30 01:32:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Sony
[2010/06/29 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Sony Creative Software
[2011/03/16 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SourceGuardian
[2011/03/30 23:42:20 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/11 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Summitsoft
[2010/02/25 08:44:20 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Web Content Studio LITE
[2010/03/27 08:43:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\webex
[2010/01/23 23:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Webshots
[2010/02/23 15:12:27 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Zeon
[2010/07/06 23:10:02 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/14 02:55:03 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/11/25 15:45:37 | 000,000,000 | ---D | M](C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”
[2010/11/25 15:45:37 | 000,000,000 | ---D | M](C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”
(C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”

========== Alternate Data Streams ==========

@Alternate Data Stream - 268 bytes -> C:\ProgramData\TEMP:61B95C7A
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:20C84A5E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DF7979FE
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F288433A

< End of report >

Leaddog
2011-05-17, 07:16
Hi Ken,

Here is the Extras.txt log.

OTL Extras logfile created on: 5/16/2011 10:53:40 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rex\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 72.00% Memory free
24.00 Gb Paging File | 20.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1713.48 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 776.58 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
Drive O: | 7.63 Gb Total Space | 7.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: REX950 | User Name: Rex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F8B958D-3998-4FA3-B857-31B6E0BB9C98}" = ESET NOD32 Antivirus
"{1DCE0BC6-CF4E-404F-959B-4AFEE131344F}" = Replay Media Catcher 4
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.840
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{b2042d5e-986d-44ec-aee3-afe4108ccc94}" = Python 3.2 (64-bit)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB26471F-EE71-49EB-BF42-65C08AD6C74F}" = MySQL Server 5.1
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Search and Replace (x64 Shareware)_is1" = Search and Replace (x64)
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver
"XSitePro2" = XSitePro2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05D0E14D-7C27-48D2-B761-A9153729D7B0}" = Xara Photo & Graphic Designer 6 Download-Version
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08C090EE-5A86-480C-BB6F-6EA895DE8247}_is1" = HTTP Analyzer V6.1.2
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E006D9-399A-4555-8067-609AE6BBD27D}" = ForumBot
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D16720D-8420-437E-8E7A-01F66A74DA83}" = GRaiN Google Reader Notifier
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17555A4D-EEEB-3205-F0C6-11F103629374}" = OfferEvaluator
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1971EF88-532E-4DFF-AD5A-0F871ED75F51}_is1" = RegNow.com Marketplace Explorer 1.0
"{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F16518A-A9E4-C135-278C-2B4544B3A74C}" = Domain Samurai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{211F8CAD-D356-4F18-AC06-E65CAF4D9F87}" = WEB20Bot
"{21878C15-0B11-40A0-A266-54B324965893}" = DSTfix
"{26325EAB-CB92-4D82-81D6-0BDBB8299432}" = NameFusion
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370158B8-2DAE-479F-91C6-98836170BC22}_is1" = PPV Keyword Transformation Wizard 1.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41250615-4FA6-E496-BF28-550FEB9D4572}" = Keyword Blueprint 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49B580CE-E1C7-4DC5-95D1-8008907BD2AE}" = Excel 2007 Visual Basic for Applications Step by Step
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58B52EDF-189F-97EB-CC36-54881BCBFE44}" = Market Samurai
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{5E428373-4D26-4B40-A194-E8DDF4B68909}" = IndexBot
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{641267A2-C500-4E71-8D27-29943E9E5404}" = StatsJunky
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757239E4-16E2-4A60-A30A-C52AF9610D44}_is1" = mobSqueeze Mobile Video Converter 1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E5251D2-C1D7-4DE0-BD68-0B7B81A4CE31}_is1" = gKeywordTool 1.0
"{7ED64F08-665B-42BD-81AC-2FB18754BF16}_is1" = Link Hopper 1.0
"{7FF35F67-3A94-4A47-8E50-A4800FE5C58C}" = Punch! Home and Landscape Design Architectural Series
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{84214BD4-29F2-427C-B9C3-BEB2D494FE3E}" = Audio Record Wizard
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85B1BEBC-5100-4A5A-87E9-0ADFA96E2A84}" = Web Content Studio LITE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C9324D7-F37F-C4E4-8FAE-E9C99EB95EC4}" = Easy Lead Finder
"{8DE0B161-8D70-46BC-9A48-F76727B5C0DE}" = Microsoft adCenter Desktop
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90BA26F9-6457-4DF6-AFDD-A40384330C98}_is1" = IM Warfare Tracking Server 2.0
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9491DBE1-8C46-47C4-9E9B-F793E6508F97}_is1" = IM Warfare Tracking Client 2.0
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{9740B7F2-C98E-4805-B1E3-B3136E173002}" = StatsJunky
"{9772ED31-323D-8AF0-A300-166AD1068776}" = SERPy
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B7725E0-AD64-11DE-72AE-07302A752CD6}" = Missing Sync for Android (Web Update)
"{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
"{A0B1E09A-1FEA-4E45-9557-8B1871D43834}" = VideoBot
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A7793099-E7B8-4B91-B0BF-D407C1C7032C}_is1" = GoogleMapsCash.com Software 1.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A828C2B4-4BF6-B52C-0E81-986BF424C65D}" = KeywordBlueprint
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B38FBE-B239-4EFC-8F12-6AED0D10AD4C}" = Product Name Keywords - Premium Edition
"{AA9189EB-0AF8-4BDA-8DDB-D303A093BCED}" = SnagitHotfix
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE5BD91F-0280-424E-83E9-13BDC626712E}" = Sony DVD Architect Studio 4.0
"{AF4EBCC6-C85F-4159-8B96-5EF47AA4F4F7}" = Mobile Media for PC
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD334DD1-3E56-4B66-B811-1BA2E205F9FE}_is1" = Keyword Sniper 2.5
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1A72360-F53F-4602-9C8A-7A3FB7CF0BB3}" = Manager for Amazon CloudFront
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4FE7CD7-1DA8-4793-9CCE-E7902D915131}_is1" = Auto Traffic Monopoly 1.0.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C78743AF-F8FA-17E0-B638-DC615E132CE3}" = AuthorityHub
"{C7B5688C-65E0-4E7B-90D9-24DE28DFC033}_is1" = Laser URL 1.2
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CAA5CA1E-B94E-406E-A55B-DA0571460B00}" = Word Wizard
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0B3C41-FED1-4245-97CD-F03BEEBDEE89}" = Media Manager 2.4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D37C6152-89DF-4D29-83CF-666200D5F398}" = iPAQ WebReg
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D432C227-3FA3-44AB-BEE8-E665133BDD23}" = UBot
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D758B62A-6FCF-468F-A4EE-401C87C2BCFF}" = Real Time Clock Update
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DDD2DBF1-CB97-481E-9589-41D9EE92B259}_is1" = Hard Cash Hijack Traffic Control 1.0
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5887401-2CB2-44D2-BEF1-278707909FD9}_is1" = iFrame Magic 1.0
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F93DF4D4-08DF-358F-366A-3D877E12921F}" = Keynet
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adtext Generator" = Adtext Generator 1.4
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface
"AnswerAnalyst" = AnswerAnalyst
"Applian Director2.1" = Applian Director
"Applian Director2.10" = Applian Director
"Artisteer 2" = Artisteer 2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audio Record Wizard_is1" = Audio Record Wizard v3.99
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blog Tracker_is1" = Blog Tracker
"BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = AuthorityHub
"BlueprintMarketing.Keynet.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = Keynet
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clickbank Affiliate Spider_is1" = Clickbank Affiliate Spider v2.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = KeywordBlueprint
"CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = Keyword Blueprint 2
"CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = OfferEvaluator
"CommissionBlueprint.SERPy.A24874ABA585E72CC832DED473DD4E8BBFF88E58.1" = SERPy
"Compete Toolbar" = Compete Toolbar (remove only)
"Cool Edit 2000" = Cool Edit 2000
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
"EasyLeadFinder" = Easy Lead Finder
"EditPlus 3" = EditPlus 3
"ERUNT_is1" = ERUNT 1.1j
"Fat Content Creator_is1" = Fat Content Creator v2
"FeedDemon_is1" = FeedDemon
"Fiddler2" = Fiddler2
"GameBox Classics" = GameBox Classics
"GameBox Solitaire" = GameBox Solitaire
"Half-Life" = Half-Life
"Half-Life: Opposing Force" = Half-Life: Opposing Force
"Handbrake" = Handbrake 0.9.4
"IAW20" = IAW20
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
"InstallShield_{AF4EBCC6-C85F-4159-8B96-5EF47AA4F4F7}" = Mobile Media for PC
"Integrio Uptime Scout_is1" = Integrio Uptime Scout v. 1.0.4
"KeywordAdvantage" = KeywordAdvantage
"KeywordSnatcher" = KeywordSnatcher
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Laser Keyword Generator_is1" = Laser Keyword Generator 3.0
"MAGIX 3D Maker Download version US" = MAGIX 3D Maker Download version 6.0.0.4 (US)
"MAGIX Goya burnR US" = MAGIX Goya burnR 1.3.1.2 (US)
"MAGIX Movie Edit Pro 12 US" = MAGIX Movie Edit Pro 12 6.5.4.0 (US)
"MAGIX Photo Manager 2007 US" = MAGIX Photo Manager 2007 4.1.0.728 (US)
"MAGIX Photo Manager 9 UK" = MAGIX Photo Manager 9
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX_MSI_Foto_Grafik_Designer_6" = Xara Photo & Graphic Designer 6 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mitsubishi_caps" = Mitsubishi Computerized Automatic Parts Searching System (CAPS)
"Mitsubishi_Caps_Parts_Search_Version_2.66" = Mitsubishi Caps Parts Search Version 2.66
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas
"NewBlue VideoFX MSP" = NewBlue VideoFX MSP
"NewBlue VideoFX MSPP" = NewBlue VideoFX MSPP
"Notepad++" = Notepad++
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"PDFZilla_is1" = PDFZilla V1.2.9
"Precision" = EVGA Precision 1.9.0
"Production Assistant" = Production Assistant 1.0
"Punch! Home Design - AS4000" = Punch! Home Design - AS4000
"Replay Converter 4" = Replay Converter 4
"Replay Music3.98" = Replay Music
"Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.2.0.4
"Replay Video Capture4.2" = Replay Video Capture
"Replay_AV_807" = Replay AV 8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.9.1012
"RevWireKeyword_is1" = RevenueWire Keyword Manager
"Search Position Detective" = Search Position Detective
"SENuke_is1" = SENuke
"Sierra Utilities" = Sierra Utilities
"Site Sniper Pro_is1" = Site Sniper Pro 2.0
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SmartDraw 7" = SmartDraw 7
"SourceGuardian 8.2 for PHP demo" = SourceGuardian 8.2 for PHP demo
"ST6UNST #1" = CommissionAlert
"ST6UNST #2" = CommissionStats
"Swiff Player_is1" = Swiff Player 1.7.2
"The 5 Bucks a Day Action Enforcer_is1" = The 5 Bucks a Day Action Enforcer
"The KMPlayer" = The KMPlayer (remove only)
"TheBestSpinner" = TheBestSpinner
"Video Padlock1.14" = Video Padlock
"WebCompAnalyst" = WebCompAnalyst
"WebDataParser" = WebDataParser
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.0.2
"WM Capture" = WM Capture
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XMind" = XMind

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = SENukeUpdate
"8baf947b9fcb397a" = LlamaSpin
"ActiveTouchMeetingClient" = WebEx
"b768b3f6df6fff60" = cbSniper Marketplace Miner
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"LastPass" = LastPass (uninstall only)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Thanks again, and let me know what else I need to do.

Rex

ken545
2011-05-17, 11:26
Hi,

Just a few things jumping out at me, nothing earth shattering

Do you want these in your IE Trusted Zone ?
Trusted Zone: azoogleads.com\login
Trusted Zone: epicdirectnetwork.com\www


I also see an entry for Junky Toolbar, did you install that ?


Are you being redirected or getting any unwanted pop up windows ?


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Leaddog
2011-05-17, 18:37
Hi Ken,

I am not being redirected in Firefox at least. I pretty much never use IE. But best I know I am not being redirected.

I am not familiar with junkytoolbar. I do have an affiliate tracking program called "statsjunky" installed.

I looked under "uninstall software" in the control panel just to see if a junkytoolbar showed up. I didn't see it. Nor did it show up as an addon in FF or IE.

Then I went to find it in the logs you got from me and only see references to statsjunky. I am not sure if you are referring to statsjunky or not but this is an app I have had installed for 2 years.

The IE trusted zones of azoogleleads and epicdirectnetwork were both put in there by me as epicdirect(was azoogle) has login issues and I was hoping this would fix it. (It didn't) Epic Direct (Azoogle) is a CPA network and I am an online marketer. Those could be removed if necessary.

---------ESET online scanner-------------
First let me say that apparently they have changed things since your instructions were made. The links are all different for me. But starting out at http://eset.com/onlinescan which redirects to http://www.eset.com/us/online-scanner, I followed the instructions with IE. Even after checking the "I have read and agree..." checkbox the "start" button would never activate. I played with security levels and making sure .js ran but no help. It appears they may have a problem.

So I brought it up in Firefox and had to download the ESET Smart Installer and save to my desktop. I set it as you stated and ran it. I have 2 - 2TB drives. It took over 2 hours to run but came back clean and gave me no option to see a log. It only offered me options to buy or take a 30 day trial. ESET NOD32 V4 is what I use full time anyway. I know this is a good double check though.

---------------------------

So I have no new info other than that. Anything else to try?

Thanks very much,
Rex

ken545
2011-05-17, 19:25
You look like your good to go Rex.

Any problems in the future please post back


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Leaddog
2011-05-18, 02:33
Hi Ken thanks for all your help...

But why does Spybot S&D still find 2 problems EVERY time that I have the browser closed?

See the very first post. I repeated the spybot portion of the log below.

---------Spybot Search and Destroy Short log after cleaning --------
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

This shows up EVERY time. If I run it again now it will be there.

Just wondering...

Rex

ken545
2011-05-18, 03:30
Lets do this Rex

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
Win32.Small.ddx
:regfind
Win32.Small.ddx


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Leaddog
2011-05-18, 06:12
Hi Ken,

I did this and it came back with a warning that I was running wow64 and to use systemlook_x64.

I tracked that down and got the same results (except for the warning)

-------------
SystemLook 04.09.10 by jpshortstuff
Log created at 22:09 on 17/05/2011 by Rex
Administrator - Elevation successful

========== filefind ==========

Searching for "Win32.Small.ddx"
No files found.

========== regfind ==========

Searching for "Win32.Small.ddx"
No data found.

-= EOF =-

So I wonder why SS&D find it?

Thanks very much...

Rex

ken545
2011-05-18, 11:12
Try this one Rex

http://jpshortstuff.247fixes.com/beta/SystemLook/SystemLook_x64.exe

Leaddog
2011-05-18, 16:00
That is the one I used Ken. :)

Rex

ken545
2011-05-18, 19:12
Hello Rex

All the problems appear to be Firefox tracking cookies. Sometimes Spybot has trouble removing Firefox tracking cookies. There are suggestions in the following post on how to remove them as well as block them from being stored:

Read this
http://forums.spybot.info/showpost.php?p=64081&postcount=4

Leaddog
2011-05-18, 20:13
Hi Ken,

Are these Cookies or bookmarks? I viewed the cookie list and did not see them.

Anyway, I cleared ALL cookies and then closed firefox. Then ran SS&D.

Here is the report

--- Search result list ---
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)


Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)


Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---


Coool huh? Does SS&D detect Flash cookies? I could delete all those I guess. I just viewed my flash cookies and didn't see any that matched up with the ones that SS&D is complaining about.

Rex

ken545
2011-05-18, 20:43
You know what I would do is post in the Spybot forum. They are more familiar with that program than I am , I will keep this tread open for you so post back and let me know how it went.

http://forums.spybot.info/forumdisplay.php?f=4

Leaddog
2011-05-22, 23:26
Ken I wanted to come back here and let you know what was found. In the Spybot forum it was noted that those were bookmarks it was flagging.

Then after SS&D runs you can click on the plus sign where it refers to the error and it gives you the address of the website that was bookmarked and flagged as bad.

I then opened the "organize bookmarks" in firefox and tracked them down and deleted them.

Problem solved.

I just wanted to get back with you so that you would know the results and to thank you for your help again. I appreciated it so much.:thanks:

Rex

ken545
2011-05-23, 01:55
Thank you Rex for letting me know

Things running ok now ?

Leaddog
2011-05-23, 02:22
Yup everything is running fine now.

Thanks,

Rex

ken545
2011-05-23, 03:21
:bigthumb:

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Leaddog
2011-05-23, 06:24
Oh I forgot to mention I put $50 in the donation box. And I know it doesn't go to you but at least I can help where I can. Hopefully others will help some if they can.

Thanks again for your help Ken. :rockon:

Rex

ken545
2011-05-23, 10:59
Thank you Rex,

The donations go for research and to help keep us online, much appreciated

Take care

ken545
2011-05-27, 13:01
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.