Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Can't Remove Virtumonde and Win32.Small.ddx Good Grief!

  1. #1
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Question Can't Remove Virtumonde and Win32.Small.ddx Good Grief!

    Hi,
    My name is Rex. I have many years of computer experience and so have fought this awhile before coming here. Clearly malware is not my specialty. I have always been able to fix infections until now however, & now find myself a "newbie" here.

    Setup:

    These infections only show up on SS&D. Malwarebytes - Antimalware, ESET NOD32 V4, Vundofix, etc don't show anything.

    I searched for infection because my email account started sending spam. It took a day or so to figure out that it was ONLINE access not machine access that caused that but I *assume* that they got the un/pw from infection on the machine.

    Original SS&D infections were Doubleclick Tracking cookie, MTC.MakeMeSearch.com (registry key), Right Media cookie and Statcounter cookie.

    You can assume I have run just about every "fixer" type software on my machine (including combofix) before I ever showed up on this forum. I have not used any registry cleaner in probably 6 months however. Machine seems to be OK but I thought it was OK even while I was sending out spam emails. As I said they did not go out through desktop OUTLOOK channel.

    This next bit of info took awhile to figure out. What makes this maddening is that the SS&D scan will show clean if the Firefox browser is open. But it will come back infected if it is closed! If the browser is closed, you can clean the infection with SS&D and show infection on the next scan even without reboot. Reboot, of course, always shows return. Doesn't matter if I do the process in safe mode or not, it will not clean. I have even used rkill to stop root kit processes before cleaning with SS&D with no luck.

    Having no luck myself, I will stop dead in my tracks and work with you.

    I have run ERUNT & DDS

    Below are my attachments:

    --------------------DDS.txt Log--------------------------
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Rex at 10:27:30.27 on Tue 05/03/2011
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9557 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Compete Toolbar\Compete.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\MarkSpace\Missing Sync for Android\MSADSyncMarshaller.exe
    C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\WindowsMobile\WmdHost.exe
    C:\Program Files (x86)\Nevo\NevoBackup\NevoBackup.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\DllHost.exe
    C:\Masters\Anti-Malware programs\DDS - Documents system\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    BHO: agihelper.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: CI ToolHelper Class: {55825511-174a-4b4e-84b7-69aac4e294b6} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: IEInspector Browser Helper: {9b43b7b1-bf56-4708-81d2-332d708b0dd9} - C:\PROGRA~2\IEINSP~1\HTTPAN~1\IEINSP~1.DLL
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: Compete Toolbar: {9b393b85-708d-4e61-9529-2fa61d4a4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
    TB: {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [Steam] C:\Program Files (x86)\Valve\Steam\\Steam.exe -silent
    uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
    uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    uRun: [GoogleRdrNotify] "C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe"
    uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\TrayServer.exe
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Compete Toolbar] C:\Program Files (x86)\Compete Toolbar\Compete.exe
    mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini
    mRun: [Compete Toolbar Update] C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe
    StartupFolder: C:\Users\Rex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THE5BU~1.LNK - C:\Program Files (x86)\The 5 Bucks a Day Action Enforcer\ActionEnforcer.exe
    StartupFolder: C:\Users\Rex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MISSIN~1.LNK - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\SyncMarshallerLauncher.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: &Download by Orbit
    IE: &Grab video by Orbit
    IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Do&wnload selected by Orbit
    IE: Down&load all by Orbit
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    IE: {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - {92F2BF89-AEA4-4A97-993E-9128C11F400D} - C:\PROGRA~2\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    Trusted Zone: azoogleads.com\login
    Trusted Zone: epicdirectnetwork.com\www
    Trusted Zone: google.com\adwords
    Trusted Zone: google.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
    BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
    BHO-X64: Trend Micro NSC BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
    BHO-X64: LastPass Browser Helper Object - No File
    BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll
    BHO-X64: TmBpIeBHO - No File
    TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
    TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB-X64: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
    TB-X64: {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No File
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
    mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - component: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox\components\HttpAnalyzerFFV6.dll
    FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
    FF - component: C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
    FF - plugin: C:\Users\Rex\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Rex\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
    FF - Ext: YSlow: yslow@yahoo-inc.com - %profile%\extensions\yslow@yahoo-inc.com
    FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
    FF - Ext: SEO Doctor: seodoctor@prelovac.com - %profile%\extensions\seodoctor@prelovac.com
    FF - Ext: Save Complete: savecomplete@perlprogrammer.com - %profile%\extensions\savecomplete@perlprogrammer.com
    FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com
    FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com
    FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF - Ext: Http Analyzer V6: httpanalyzerv6ffaddon@ieinspector.com - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-30 55280]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-11-5 1263200]
    R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-5 3975088]
    R2 AGCoreService;AG Core Services;C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe [2010-1-23 20480]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-9-24 296808]
    R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-4 810144]
    R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
    R2 HttpAnalyzerV6 DllInjectService;HttpAnalyzerV6 CodeHook service;C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe [2010-12-13 466752]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-10-17 72216]
    R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-11-5 279136]
    R3 appliandMP;appliandMP;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
    R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-12 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-27 1153368]
    S3 appliand;Applian Network Service;C:\Windows\System32\drivers\appliand.sys [2010-6-24 33888]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-1-28 1038088]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-12 136176]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]
    S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-4 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2011-05-03 03:31:25 -------- d-sh--w- C:\Users\Rex\AppData\Roaming\.#
    2011-05-03 03:31:17 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-05-02 01:22:25 -------- d-----w- C:\SDFix
    2011-05-01 23:21:03 98816 ----a-w- C:\Windows\sed.exe
    2011-05-01 23:21:03 89088 ----a-w- C:\Windows\MBR.exe
    2011-05-01 23:21:03 256512 ----a-w- C:\Windows\PEV.exe
    2011-05-01 23:21:03 161792 ----a-w- C:\Windows\SWREG.exe
    2011-05-01 00:38:15 -------- d-----w- C:\Program Files (x86)\Sophos
    2011-04-30 21:38:58 -------- d-----w- C:\VundoFix Backups
    2011-04-21 02:16:31 -------- d-----w- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
    2011-04-21 02:16:29 -------- d-----w- C:\Program Files\Applian Technologies
    2011-04-15 15:39:18 -------- d-----w- C:\Program Files (x86)\Market Samurai
    2011-04-14 03:15:38 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-04-14 03:15:38 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-04-14 03:15:38 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-04-14 03:15:10 -------- d-----w- C:\Program Files\iPod
    2011-04-14 03:15:09 -------- d-----w- C:\Program Files\iTunes
    2011-04-14 03:15:09 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-04-14 03:13:27 -------- d-----w- C:\Program Files\Bonjour
    2011-04-14 03:13:27 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-04-14 01:43:45 -------- d-----w- C:\Program Files (x86)\XMind
    2011-04-13 15:44:16 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-04-13 15:44:15 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-04-13 15:23:34 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-04-13 15:22:45 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-13 15:22:45 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-13 15:22:44 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-13 15:22:42 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-04-13 15:22:42 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-13 15:22:03 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2011-04-13 15:21:28 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-04-13 15:21:28 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-13 15:21:28 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-13 15:21:28 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-11 23:59:24 -------- d-----w- C:\Users\Rex\AppData\Roaming\Summitsoft
    2011-04-11 23:59:24 -------- d-----w- C:\Program Files (x86)\Summitsoft
    2011-04-11 23:59:24 -------- d-----w- C:\PROGRA~3\Summitsoft
    2011-04-11 23:58:10 -------- d-----w- C:\Users\Rex\AppData\Local\Downloaded Installations
    2011-04-09 20:52:53 -------- d-----w- C:\Users\Rex\AppData\Roaming\alm
    2011-04-08 01:44:51 -------- d-----w- C:\Users\Rex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2011-04-06 02:53:08 -------- d-----w- C:\Users\Rex\AppData\Local\SENukeX
    .
    ==================== Find3M ====================
    .
    2011-04-20 19:01:43 805906 ----a-w- C:\Windows\XSitePro2 Uninstaller.exe
    2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-04 05:20:18 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-03-04 05:20:18 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-02-25 06:19:30 2871808 ----a-w- C:\Windows\explorer.exe
    2011-02-25 05:30:54 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-02-21 02:30:14 2868224 ----a-w- C:\Windows\System32\python32.dll
    2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
    2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi
    2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe
    2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi
    2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe
    2011-02-03 03:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 10:28:02.19 ===============

    ---------Spybot Search and Destroy Short log after cleaning --------
    Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


    Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


    Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-05-03 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-04-26 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-04-26 Includes\TrojansC-02.sbi (*)
    2011-04-26 Includes\TrojansC-03.sbi (*)
    2011-04-18 Includes\TrojansC-04.sbi (*)
    2011-04-26 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    ---I have attached "attach.zip" as requested in the instructions -----

    I appreciate any help you can give me.

    Thanks,
    Rex

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.


    Thank You Atribune






    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Default MBAM Log

    Hi Ken,

    Thanks very much for taking this on. I can certainly use the help.

    Thanks,
    Rex

    Here is the MBAM log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6594

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    5/16/2011 10:38:41 PM
    mbam-log-2011-05-16 (22-38-41).txt

    Scan type: Quick scan
    Objects scanned: 168857
    Time elapsed: 1 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -----------

    Next post(s) will have the OTL logs.

  4. #4
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Default OTL.txt log

    Here is the OTL.txt log

    OTL logfile created on: 5/16/2011 10:53:40 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rex\Desktop
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 72.00% Memory free
    24.00 Gb Paging File | 20.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1863.01 Gb Total Space | 1713.48 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 776.58 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
    Drive O: | 7.63 Gb Total Space | 7.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: REX950 | User Name: Rex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Rex\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\MarkSpace\Missing Sync for Android\MSADSyncMarshaller.exe (MarkSpace)
    PRC - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe ()
    PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
    PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe (AG Interactive)
    PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
    PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    PRC - C:\Windows\WindowsMobile\WmdHost.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe (Compete, Inc.)
    PRC - C:\Program Files (x86)\Compete Toolbar\Compete.exe (Compete, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Rex\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
    SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
    SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
    SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_8832f4b.dll ()
    SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
    SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (HttpAnalyzerV6 DllInjectService) -- C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\InjectWinSockServiceV6.exe ()
    SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe (AG Interactive)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
    DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
    DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
    DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
    DRV:64bit: - (appliand) -- C:\Windows\SysNative\drivers\appliand.sys (Applian Technologies Inc.)
    DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
    DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
    DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
    DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
    DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
    DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
    DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 0F 7E 8A 86 31 CB 01 [binary data]
    IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2010/01/19 17:15:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/18 11:18:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/16 00:25:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/01/21 01:00:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
    FF - HKLM\software\mozilla\Firefox\Extensions\\httpanalyzerv6ffaddon@ieinspector.com: C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\firefox [2010/12/13 01:10:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/30 23:12:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/01 15:29:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/29 17:27:56 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/11/28 21:15:51 | 000,000,000 | ---D | M]

    [2010/05/29 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Extensions
    [2010/05/29 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2011/05/15 22:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions
    [2011/03/13 21:09:56 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2011/05/14 22:38:06 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
    [2011/02/17 08:54:40 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
    [2011/04/02 11:08:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/01/13 09:44:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2011/03/28 12:12:49 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    [2011/02/04 09:40:30 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    [2011/02/07 16:10:21 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\firebug@software.joehewitt.com
    [2010/03/24 15:14:57 | 000,000,000 | ---D | M] (Font Finder) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\fontfinder@bendodson.com
    [2010/03/10 14:01:59 | 000,000,000 | ---D | M] (Google Semantics) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\goog@ind.net
    [2011/05/05 21:30:49 | 000,000,000 | ---D | M] ("RankChecker") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\rankchecker@seobook.com
    [2010/07/16 10:34:30 | 000,000,000 | ---D | M] (Save Complete) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\savecomplete@perlprogrammer.com
    [2011/03/28 12:12:52 | 000,000,000 | ---D | M] (SEO Doctor) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\seodoctor@prelovac.com
    [2011/05/14 22:38:08 | 000,000,000 | ---D | M] ("Seo Toolbar") -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\seotoolbar@seobook.com
    [2011/03/16 05:12:21 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\support@lastpass.com
    [2010/10/17 07:06:00 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\ep4bwz3f.default\extensions\yslow@yahoo-inc.com
    [2011/05/15 22:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/05/06 00:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/05 00:41:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/07 09:22:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/24 00:49:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/12 13:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2011/05/02 21:20:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - File not found
    O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - File not found
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (CI ToolHelper Class) - {55825511-174A-4b4e-84B7-69AAC4E294B6} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (IEInspector Browser Helper) - {9B43B7B1-BF56-4708-81D2-332D708B0DD9} - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\IEInspectorBHO.dll (IEInspector Software)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - File not found
    O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKLM\..\Toolbar: (Compete Toolbar) - {9B393B85-708D-4e61-9529-2FA61D4A4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (no name) - {1D417F37-A1EF-4D7B-AFEB-8FC8B2A404F6} - No CLSID value found.
    O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..\Toolbar\WebBrowser: (Compete Toolbar) - {9B393B85-708D-4E61-9529-2FA61D4A4904} - C:\Program Files (x86)\Compete Toolbar\CompeteToolbar.dll (Compete, Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [Compete Toolbar] C:\Program Files (x86)\Compete Toolbar\Compete.exe (Compete, Inc.)
    O4 - HKLM..\Run: [Compete Toolbar Update] C:\Program Files (x86)\Compete Toolbar\CompeteUa.exe (Compete, Inc.)
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_12\Trayserver.exe (MAGIX AG)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [GoogleRdrNotify] C:\Program Files (x86)\Yonizaf\GRaiN Google Reader Notifier\GoogleReaderNotifier.exe ()
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Rex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The 5 Bucks a Day Action Enforcer.lnk = C:\Program Files (x86)\The 5 Bucks a Day Action Enforcer\ActionEnforcer.exe (Dennis Becker d.b.a. MDM Sports)
    O4 - Startup: C:\Users\Rex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
    O9 - Extra Button: IE HTTPAnalyzer V6 - {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV6\IEHTTPAnalyzerV6.dll (IEInspector Software)
    O9 - Extra 'Tools' menuitem : IE HTTPAnalyzer V6 - {0EE59015-EBDF-4986-8F80-DB00975ABDCD} - Reg Error: Value error. File not found
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: azoogleads.com ([login] https in Trusted sites)
    O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: epicdirectnetwork.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: google.com ([adwords] https in Trusted sites)
    O15 - HKU\S-1-5-21-2742305908-3772588821-3740990406-1001\..Trusted Domains: google.com ([www] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - File not found
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - File not found
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - File not found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/07 19:33:03 | 000,000,000 | ---D | M] - D:\Auto Profit Machine Software -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/16 22:40:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
    [2011/05/11 08:33:39 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
    [2011/05/11 08:33:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
    [2011/05/11 08:12:02 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2011/05/11 08:12:00 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2011/05/11 08:11:59 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2011/05/11 08:11:51 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2011/05/11 08:11:51 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2011/05/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Rex\Documents\My NameFusion Projects
    [2011/05/03 11:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/02 22:55:38 | 000,000,000 | ---D | C] -- C:\Users\Rex\Desktop\CleanBigBox
    [2011/05/02 22:31:25 | 000,000,000 | -HSD | C] -- C:\Users\Rex\AppData\Roaming\.#
    [2011/05/02 22:31:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/02 22:10:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/02 22:06:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/01 23:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/05/01 23:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2011/05/01 20:22:25 | 000,000,000 | ---D | C] -- C:\SDFix
    [2011/05/01 18:21:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/01 18:21:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/01 18:21:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/01 18:21:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/01 18:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/30 19:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
    [2011/04/30 16:38:58 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
    [2011/04/29 17:10:47 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2011/04/29 17:10:47 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
    [2011/04/29 17:10:46 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/04/29 17:10:46 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/04/29 17:10:31 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
    [2011/04/29 17:10:31 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
    [2011/04/29 17:10:31 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
    [2011/04/29 17:10:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
    [2011/04/29 17:10:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
    [2011/04/29 17:10:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
    [2011/04/29 17:10:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
    [2011/04/29 17:10:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
    [2011/04/29 17:10:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
    [2011/04/20 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
    [2011/04/20 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies

    ========== Files - Modified Within 30 Days ==========

    [2011/05/16 22:40:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rex\Desktop\OTL.exe
    [2011/05/16 22:13:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/05/16 22:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2742305908-3772588821-3740990406-1001UA.job
    [2011/05/16 19:08:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2742305908-3772588821-3740990406-1001Core.job
    [2011/05/16 16:21:47 | 000,012,288 | ---- | M] () -- C:\Users\Rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/16 08:00:22 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2011/05/16 07:13:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/05/14 02:55:03 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2011/05/12 18:46:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/12 18:46:34 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/11 20:52:51 | 000,022,135 | ---- | M] () -- C:\Users\Rex\.recently-used.xbel
    [2011/05/11 18:38:30 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2011/05/11 18:37:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/11 18:37:41 | 1072,279,550 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/10 00:23:48 | 000,000,000 | ---- | M] () -- C:\Users\Rex\Desktop\index.html
    [2011/05/03 11:43:29 | 000,001,293 | ---- | M] () -- C:\Users\Rex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/05/03 11:43:29 | 000,001,269 | ---- | M] () -- C:\Users\Rex\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/03 00:22:21 | 000,326,388 | ---- | M] () -- C:\Users\Rex\Desktop\SPTDinst-v178-x64.exe
    [2011/05/02 21:20:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/04/23 00:38:41 | 001,064,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/23 00:38:41 | 000,861,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/23 00:38:41 | 000,197,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/04/20 16:45:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2011/04/20 14:01:43 | 000,805,906 | ---- | M] () -- C:\Windows\XSitePro2 Uninstaller.exe

    ========== Files Created - No Company Name ==========

    [2011/05/11 20:52:51 | 000,022,135 | ---- | C] () -- C:\Users\Rex\.recently-used.xbel
    [2011/05/10 00:23:48 | 000,000,000 | ---- | C] () -- C:\Users\Rex\Desktop\index.html
    [2011/05/03 11:43:29 | 000,001,293 | ---- | C] () -- C:\Users\Rex\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/05/03 11:43:29 | 000,001,269 | ---- | C] () -- C:\Users\Rex\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/03 00:22:19 | 000,326,388 | ---- | C] () -- C:\Users\Rex\Desktop\SPTDinst-v178-x64.exe
    [2011/05/01 18:21:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/01 18:21:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/01 18:21:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/01 18:21:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/01 18:21:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/01 12:58:28 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2011/04/07 20:29:33 | 000,001,456 | ---- | C] () -- C:\Users\Rex\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/02/04 09:24:37 | 000,000,600 | ---- | C] () -- C:\Users\Rex\AppData\Local\PUTTY.RND
    [2010/10/12 16:46:31 | 000,000,742 | R--- | C] () -- C:\Windows\MSPPWSV.ini
    [2010/09/22 20:20:03 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL
    [2010/09/07 14:08:24 | 000,001,699 | ---- | C] () -- C:\Windows\cdplayer.ini
    [2010/08/26 00:43:54 | 000,012,953 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2010/07/23 18:19:34 | 000,228,948 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2010/06/22 00:00:59 | 000,000,197 | ---- | C] () -- C:\Windows\keywordsetting.ini
    [2010/06/19 07:57:51 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/04/30 13:29:12 | 000,000,046 | ---- | C] () -- C:\Windows\Goya.INI
    [2010/04/17 17:30:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/03/23 22:41:34 | 000,000,116 | ---- | C] () -- C:\Windows\cool.ini
    [2010/03/23 22:38:40 | 000,000,011 | ---- | C] () -- C:\Windows\wordpad.ini
    [2010/03/16 14:26:01 | 000,805,906 | ---- | C] () -- C:\Windows\XSitePro2 Uninstaller.exe
    [2010/03/16 00:25:31 | 000,023,140 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/03/01 23:09:36 | 000,210,572 | ---- | C] () -- C:\Windows\hpoins21.dat
    [2010/03/01 23:09:36 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat
    [2010/02/19 23:34:08 | 000,000,025 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\bdfvconp.ini
    [2010/02/13 00:17:34 | 000,007,670 | ---- | C] () -- C:\Users\Rex\AppData\Local\Resmon.ResmonCfg
    [2010/01/28 18:43:35 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/01/28 18:43:35 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/01/28 17:42:59 | 000,012,288 | ---- | C] () -- C:\Users\Rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/23 02:52:21 | 000,004,903 | ---- | C] () -- C:\ProgramData\vsrenaae.pyv
    [2010/01/23 02:07:03 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrv08.dll
    [2010/01/23 02:02:09 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2010/01/23 01:54:49 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
    [2010/01/23 01:43:32 | 000,000,143 | ---- | C] () -- C:\Users\Rex\AppData\Roaming\default.pls
    [2010/01/22 20:46:21 | 000,000,587 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2010/01/19 00:28:28 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/01/18 20:18:59 | 001,051,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2007/11/06 15:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

    ========== LOP Check ==========

    [2011/05/11 18:39:03 | 000,000,000 | -HSD | M] -- C:\Users\Rex\AppData\Roaming\.#
    [2010/01/21 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Acoustica
    [2010/11/05 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Acronis
    [2010/06/28 22:18:37 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ADText Generator
    [2010/07/18 21:59:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\AdTextImage Creator 2.0
    [2010/07/10 01:15:03 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Affirma Consulting
    [2010/01/23 00:53:56 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Artisteer
    [2011/03/23 12:52:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Audacity
    [2010/11/25 13:36:12 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Auto Traffic Monopoly
    [2010/01/18 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BitDefender
    [2010/09/04 01:12:39 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
    [2010/12/12 13:04:46 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\BlueprintMarketing.Keynet.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
    [2011/04/07 20:44:51 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/06/29 00:11:33 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
    [2011/01/03 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
    [2010/09/14 16:21:13 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
    [2010/08/16 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\CommissionBlueprint.SERPy.A24874ABA585E72CC832DED473DD4E8BBFF88E58.1
    [2010/01/26 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\DAEMON Tools Lite
    [2010/04/07 13:18:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2011/01/30 14:04:21 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\EasyLeadFinder
    [2011/04/08 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\EditPlus 3
    [2010/08/13 23:39:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GetRightToGo
    [2010/01/26 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GlobalSCAPE
    [2011/05/16 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GoodSync
    [2011/04/27 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GrabPro
    [2011/01/30 12:36:25 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\GRaiN
    [2011/05/11 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\gtk-2.0
    [2010/06/20 01:45:15 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\HandBrake
    [2010/11/24 00:01:59 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Keyword Advantage
    [2010/09/22 20:21:35 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Likno Software
    [2010/08/04 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MAGIX
    [2010/02/17 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2011/01/26 14:04:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\MarkSpace
    [2011/04/30 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Notepad++
    [2011/02/15 14:20:02 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Nuance
    [2011/05/01 08:13:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Orbit
    [2010/10/04 01:32:01 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ProductKeywordTool
    [2010/08/02 11:46:40 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\ProgSense
    [2010/11/30 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Publish Providers
    [2010/08/01 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Punch! Software
    [2011/04/20 21:19:26 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Replay Media Catcher 4
    [2011/04/12 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SmartDraw
    [2010/01/23 04:22:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SmartDraw Image Plugin
    [2010/06/30 01:32:32 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Sony
    [2010/06/29 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Sony Creative Software
    [2011/03/16 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\SourceGuardian
    [2011/03/30 23:42:20 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/04/11 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Summitsoft
    [2010/02/25 08:44:20 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Web Content Studio LITE
    [2010/03/27 08:43:17 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\webex
    [2010/01/23 23:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Webshots
    [2010/02/23 15:12:27 | 000,000,000 | ---D | M] -- C:\Users\Rex\AppData\Roaming\Zeon
    [2010/07/06 23:10:02 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/05/14 02:55:03 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/11/25 15:45:37 | 000,000,000 | ---D | M](C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”
    [2010/11/25 15:45:37 | 000,000,000 | ---D | M](C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”
    (C:\Users\Rex\AppData\Local\??) -- C:\Users\Rex\AppData\Local\€”

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 268 bytes -> C:\ProgramData\TEMP:61B95C7A
    @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:20C84A5E
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DF7979FE
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F288433A

    < End of report >

  5. #5
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Default Extras.txt log

    Hi Ken,

    Here is the Extras.txt log.

    OTL Extras logfile created on: 5/16/2011 10:53:40 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rex\Desktop
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    12.00 Gb Total Physical Memory | 9.00 Gb Available Physical Memory | 72.00% Memory free
    24.00 Gb Paging File | 20.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 1863.01 Gb Total Space | 1713.48 Gb Free Space | 91.97% Space Free | Partition Type: NTFS
    Drive D: | 1863.01 Gb Total Space | 776.58 Gb Free Space | 41.68% Space Free | Partition Type: NTFS
    Drive O: | 7.63 Gb Total Space | 7.63 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: REX950 | User Name: Rex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F8B958D-3998-4FA3-B857-31B6E0BB9C98}" = ESET NOD32 Antivirus
    "{1DCE0BC6-CF4E-404F-959B-4AFEE131344F}" = Replay Media Catcher 4
    "{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.840
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
    "{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
    "{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{b2042d5e-986d-44ec-aee3-afe4108ccc94}" = Python 3.2 (64-bit)
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DB26471F-EE71-49EB-BF42-65C08AD6C74F}" = MySQL Server 5.1
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Search and Replace (x64 Shareware)_is1" = Search and Replace (x64)
    "Shop for HP Supplies" = Shop for HP Supplies
    "WinRAR archiver" = WinRAR archiver
    "XSitePro2" = XSitePro2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05D0E14D-7C27-48D2-B761-A9153729D7B0}" = Xara Photo & Graphic Designer 6 Download-Version
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08C090EE-5A86-480C-BB6F-6EA895DE8247}_is1" = HTTP Analyzer V6.1.2
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08E006D9-399A-4555-8067-609AE6BBD27D}" = ForumBot
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D16720D-8420-437E-8E7A-01F66A74DA83}" = GRaiN Google Reader Notifier
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{17555A4D-EEEB-3205-F0C6-11F103629374}" = OfferEvaluator
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1971EF88-532E-4DFF-AD5A-0F871ED75F51}_is1" = RegNow.com Marketplace Explorer 1.0
    "{1CCBCF78-EF12-4137-B3CA-99F30A2E7D21}" = CuteFTP 7 Professional
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F16518A-A9E4-C135-278C-2B4544B3A74C}" = Domain Samurai
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
    "{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{211F8CAD-D356-4F18-AC06-E65CAF4D9F87}" = WEB20Bot
    "{21878C15-0B11-40A0-A266-54B324965893}" = DSTfix
    "{26325EAB-CB92-4D82-81D6-0BDBB8299432}" = NameFusion
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{370158B8-2DAE-479F-91C6-98836170BC22}_is1" = PPV Keyword Transformation Wizard 1.0
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{41250615-4FA6-E496-BF28-550FEB9D4572}" = Keyword Blueprint 2
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{49B580CE-E1C7-4DC5-95D1-8008907BD2AE}" = Excel 2007 Visual Basic for Applications Step by Step
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58B52EDF-189F-97EB-CC36-54881BCBFE44}" = Market Samurai
    "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
    "{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
    "{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
    "{5E428373-4D26-4B40-A194-E8DDF4B68909}" = IndexBot
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{641267A2-C500-4E71-8D27-29943E9E5404}" = StatsJunky
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{757239E4-16E2-4A60-A30A-C52AF9610D44}_is1" = mobSqueeze Mobile Video Converter 1.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E5251D2-C1D7-4DE0-BD68-0B7B81A4CE31}_is1" = gKeywordTool 1.0
    "{7ED64F08-665B-42BD-81AC-2FB18754BF16}_is1" = Link Hopper 1.0
    "{7FF35F67-3A94-4A47-8E50-A4800FE5C58C}" = Punch! Home and Landscape Design Architectural Series
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{84214BD4-29F2-427C-B9C3-BEB2D494FE3E}" = Audio Record Wizard
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85B1BEBC-5100-4A5A-87E9-0ADFA96E2A84}" = Web Content Studio LITE
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C9324D7-F37F-C4E4-8FAE-E9C99EB95EC4}" = Easy Lead Finder
    "{8DE0B161-8D70-46BC-9A48-F76727B5C0DE}" = Microsoft adCenter Desktop
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{90BA26F9-6457-4DF6-AFDD-A40384330C98}_is1" = IM Warfare Tracking Server 2.0
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{9491DBE1-8C46-47C4-9E9B-F793E6508F97}_is1" = IM Warfare Tracking Client 2.0
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
    "{9740B7F2-C98E-4805-B1E3-B3136E173002}" = StatsJunky
    "{9772ED31-323D-8AF0-A300-166AD1068776}" = SERPy
    "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B7725E0-AD64-11DE-72AE-07302A752CD6}" = Missing Sync for Android (Web Update)
    "{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
    "{A0B1E09A-1FEA-4E45-9557-8B1871D43834}" = VideoBot
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
    "{A7793099-E7B8-4B91-B0BF-D407C1C7032C}_is1" = GoogleMapsCash.com Software 1.1
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A828C2B4-4BF6-B52C-0E81-986BF424C65D}" = KeywordBlueprint
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9B38FBE-B239-4EFC-8F12-6AED0D10AD4C}" = Product Name Keywords - Premium Edition
    "{AA9189EB-0AF8-4BDA-8DDB-D303A093BCED}" = SnagitHotfix
    "{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AE5BD91F-0280-424E-83E9-13BDC626712E}" = Sony DVD Architect Studio 4.0
    "{AF4EBCC6-C85F-4159-8B96-5EF47AA4F4F7}" = Mobile Media for PC
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD334DD1-3E56-4B66-B811-1BA2E205F9FE}_is1" = Keyword Sniper 2.5
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1A72360-F53F-4602-9C8A-7A3FB7CF0BB3}" = Manager for Amazon CloudFront
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C4FE7CD7-1DA8-4793-9CCE-E7902D915131}_is1" = Auto Traffic Monopoly 1.0.0
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
    "{C78743AF-F8FA-17E0-B638-DC615E132CE3}" = AuthorityHub
    "{C7B5688C-65E0-4E7B-90D9-24DE28DFC033}_is1" = Laser URL 1.2
    "{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
    "{CAA5CA1E-B94E-406E-A55B-DA0571460B00}" = Word Wizard
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC0B3C41-FED1-4245-97CD-F03BEEBDEE89}" = Media Manager 2.4
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D37C6152-89DF-4D29-83CF-666200D5F398}" = iPAQ WebReg
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D432C227-3FA3-44AB-BEE8-E665133BDD23}" = UBot
    "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
    "{D758B62A-6FCF-468F-A4EE-401C87C2BCFF}" = Real Time Clock Update
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
    "{DDD2DBF1-CB97-481E-9589-41D9EE92B259}_is1" = Hard Cash Hijack Traffic Control 1.0
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{EE5926BD-9590-48A3-AB1E-C1C49575823D}" = C7200
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F5887401-2CB2-44D2-BEF1-278707909FD9}_is1" = iFrame Magic 1.0
    "{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F93DF4D4-08DF-358F-366A-3D877E12921F}" = Keynet
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Adtext Generator" = Adtext Generator 1.4
    "AI RoboForm" = AI RoboForm (All Users)
    "Akamai" = Akamai NetSession Interface
    "AnswerAnalyst" = AnswerAnalyst
    "Applian Director2.1" = Applian Director
    "Applian Director2.10" = Applian Director
    "Artisteer 2" = Artisteer 2
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Audio Record Wizard_is1" = Audio Record Wizard v3.99
    "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
    "Blog Tracker_is1" = Blog Tracker
    "BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = AuthorityHub
    "BlueprintMarketing.Keynet.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = Keynet
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Clickbank Affiliate Spider_is1" = Clickbank Affiliate Spider v2.0
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = KeywordBlueprint
    "CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = Keyword Blueprint 2
    "CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = OfferEvaluator
    "CommissionBlueprint.SERPy.A24874ABA585E72CC832DED473DD4E8BBFF88E58.1" = SERPy
    "Compete Toolbar" = Compete Toolbar (remove only)
    "Cool Edit 2000" = Cool Edit 2000
    "Cool Edit Pro 2.0" = Cool Edit Pro 2.0
    "DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Domain Samurai
    "EasyLeadFinder" = Easy Lead Finder
    "EditPlus 3" = EditPlus 3
    "ERUNT_is1" = ERUNT 1.1j
    "Fat Content Creator_is1" = Fat Content Creator v2
    "FeedDemon_is1" = FeedDemon
    "Fiddler2" = Fiddler2
    "GameBox Classics" = GameBox Classics
    "GameBox Solitaire" = GameBox Solitaire
    "Half-Life" = Half-Life
    "Half-Life: Opposing Force" = Half-Life: Opposing Force
    "Handbrake" = Handbrake 0.9.4
    "IAW20" = IAW20
    "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM)
    "InstallShield_{AF4EBCC6-C85F-4159-8B96-5EF47AA4F4F7}" = Mobile Media for PC
    "Integrio Uptime Scout_is1" = Integrio Uptime Scout v. 1.0.4
    "KeywordAdvantage" = KeywordAdvantage
    "KeywordSnatcher" = KeywordSnatcher
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Laser Keyword Generator_is1" = Laser Keyword Generator 3.0
    "MAGIX 3D Maker Download version US" = MAGIX 3D Maker Download version 6.0.0.4 (US)
    "MAGIX Goya burnR US" = MAGIX Goya burnR 1.3.1.2 (US)
    "MAGIX Movie Edit Pro 12 US" = MAGIX Movie Edit Pro 12 6.5.4.0 (US)
    "MAGIX Photo Manager 2007 US" = MAGIX Photo Manager 2007 4.1.0.728 (US)
    "MAGIX Photo Manager 9 UK" = MAGIX Photo Manager 9
    "MAGIX Screenshare UK" = MAGIX Screenshare
    "MAGIX_MSI_Foto_Grafik_Designer_6" = Xara Photo & Graphic Designer 6 Download-Version
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mitsubishi_caps" = Mitsubishi Computerized Automatic Parts Searching System (CAPS)
    "Mitsubishi_Caps_Parts_Search_Version_2.66" = Mitsubishi Caps Parts Search Version 2.66
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas
    "NewBlue VideoFX MSP" = NewBlue VideoFX MSP
    "NewBlue VideoFX MSPP" = NewBlue VideoFX MSPP
    "Notepad++" = Notepad++
    "Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
    "PDFZilla_is1" = PDFZilla V1.2.9
    "Precision" = EVGA Precision 1.9.0
    "Production Assistant" = Production Assistant 1.0
    "Punch! Home Design - AS4000" = Punch! Home Design - AS4000
    "Replay Converter 4" = Replay Converter 4
    "Replay Music3.98" = Replay Music
    "Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.2.0.4
    "Replay Video Capture4.2" = Replay Video Capture
    "Replay_AV_807" = Replay AV 8
    "Replay_Media_Splitter_1.2" = Replay Media Splitter 1.9.1012
    "RevWireKeyword_is1" = RevenueWire Keyword Manager
    "Search Position Detective" = Search Position Detective
    "SENuke_is1" = SENuke
    "Sierra Utilities" = Sierra Utilities
    "Site Sniper Pro_is1" = Site Sniper Pro 2.0
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "SmartDraw 7" = SmartDraw 7
    "SourceGuardian 8.2 for PHP demo" = SourceGuardian 8.2 for PHP demo
    "ST6UNST #1" = CommissionAlert
    "ST6UNST #2" = CommissionStats
    "Swiff Player_is1" = Swiff Player 1.7.2
    "The 5 Bucks a Day Action Enforcer_is1" = The 5 Bucks a Day Action Enforcer
    "The KMPlayer" = The KMPlayer (remove only)
    "TheBestSpinner" = TheBestSpinner
    "Video Padlock1.14" = Video Padlock
    "WebCompAnalyst" = WebCompAnalyst
    "WebDataParser" = WebDataParser
    "Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
    "Winamp" = Winamp
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinPcapInst" = WinPcap 4.0.2
    "WM Capture" = WM Capture
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM
    "XMind" = XMind

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2742305908-3772588821-3740990406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "065b42c809538e1c" = SENukeUpdate
    "8baf947b9fcb397a" = LlamaSpin
    "ActiveTouchMeetingClient" = WebEx
    "b768b3f6df6fff60" = cbSniper Marketplace Miner
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "LastPass" = LastPass (uninstall only)
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >


    Thanks again, and let me know what else I need to do.

    Rex

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Just a few things jumping out at me, nothing earth shattering

    Do you want these in your IE Trusted Zone ?
    Trusted Zone: azoogleads.com\login
    Trusted Zone: epicdirectnetwork.com\www


    I also see an entry for Junky Toolbar, did you install that ?


    Are you being redirected or getting any unwanted pop up windows ?


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Default

    Hi Ken,

    I am not being redirected in Firefox at least. I pretty much never use IE. But best I know I am not being redirected.

    I am not familiar with junkytoolbar. I do have an affiliate tracking program called "statsjunky" installed.

    I looked under "uninstall software" in the control panel just to see if a junkytoolbar showed up. I didn't see it. Nor did it show up as an addon in FF or IE.

    Then I went to find it in the logs you got from me and only see references to statsjunky. I am not sure if you are referring to statsjunky or not but this is an app I have had installed for 2 years.

    The IE trusted zones of azoogleleads and epicdirectnetwork were both put in there by me as epicdirect(was azoogle) has login issues and I was hoping this would fix it. (It didn't) Epic Direct (Azoogle) is a CPA network and I am an online marketer. Those could be removed if necessary.

    ---------ESET online scanner-------------
    First let me say that apparently they have changed things since your instructions were made. The links are all different for me. But starting out at http://eset.com/onlinescan which redirects to http://www.eset.com/us/online-scanner, I followed the instructions with IE. Even after checking the "I have read and agree..." checkbox the "start" button would never activate. I played with security levels and making sure .js ran but no help. It appears they may have a problem.

    So I brought it up in Firefox and had to download the ESET Smart Installer and save to my desktop. I set it as you stated and ran it. I have 2 - 2TB drives. It took over 2 hours to run but came back clean and gave me no option to see a log. It only offered me options to buy or take a 30 day trial. ESET NOD32 V4 is what I use full time anyway. I know this is a good double check though.

    ---------------------------

    So I have no new info other than that. Anything else to try?

    Thanks very much,
    Rex

  8. #8
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You look like your good to go Rex.

    Any problems in the future please post back




    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    May 2011
    Posts
    17

    Default

    Hi Ken thanks for all your help...

    But why does Spybot S&D still find 2 problems EVERY time that I have the browser closed?

    See the very first post. I repeated the spybot portion of the log below.

    ---------Spybot Search and Destroy Short log after cleaning --------
    Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


    Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)


    Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    This shows up EVERY time. If I run it again now it will be there.

    Just wondering...

    Rex

  10. #10
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets do this Rex

    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      Win32.Small.ddx
      :regfind
      Win32.Small.ddx
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •