Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential Klez attack

Started by mark smith , May 03 2010 08:18 AM

  • Please log in to reply

#1
mark smith
Posted 03 May 2010 - 08:18 AM

mark smith

    Member

  • Member
  • PipPip
  • 55 posts
so, here are my logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/2/2010 9:37:14 PM
mbam-log-2010-05-02 (21-37-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 325832
Time elapsed: 54 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



rootkit scan was blank.

***********************************
OTL logfile created on: 5/3/2010 9:06:35 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.00 Gb Total Space | 18.58 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 395.76 Gb Total Space | 330.89 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/03 09:05:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
PRC - [2010/04/01 12:25:38 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/19 12:05:32 | 004,515,000 | ---- | M] (Novosoft LLC) -- D:\Program Files (x86)\filesanywhere\hbagent.exe
PRC - [2010/02/19 12:05:28 | 000,031,928 | ---- | M] (Novosoft LLC) -- D:\Program Files (x86)\filesanywhere\BackupNetworkCoordinator.exe
PRC - [2010/02/13 15:14:14 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\452\g2mstart.exe
PRC - [2010/02/13 15:14:14 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\452\g2mlauncher.exe
PRC - [2010/02/13 15:14:14 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\452\g2mcomm.exe
PRC - [2010/01/30 11:48:16 | 002,752,832 | ---- | M] () -- D:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
PRC - [2009/12/03 13:04:32 | 003,118,344 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Jing\Jing.exe
PRC - [2009/11/17 17:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/10/07 07:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/10/01 18:49:34 | 000,096,816 | ---- | M] () -- D:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2009/09/27 20:40:08 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- d:\Program Files (x86)\microsoft\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/19 12:41:54 | 003,896,832 | ---- | M] (Insight Software Solutions) -- C:\Program Files (x86)\Macro Marketer\MacExp.exe
PRC - [2008/09/30 16:04:26 | 000,905,512 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2008/09/30 16:04:26 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2008/09/30 16:04:22 | 000,251,176 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2008/09/30 16:04:12 | 000,592,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2008/05/21 13:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008/05/16 02:57:38 | 000,615,424 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
PRC - [2008/05/10 13:36:08 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- D:\program files\pptd40nt.exe
PRC - [2008/02/01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- D:\TBS2\pgsql\bin\pg_ctl.exe
PRC - [2008/02/01 04:00:54 | 003,661,824 | ---- | M] (PostgreSQL Global Development Group) -- D:\TBS2\pgsql\bin\postgres.exe


========== Modules (SafeList) ==========

MOD - [2010/05/03 09:05:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/01/19 12:31:14 | 000,181,248 | ---- | M] (Insight Software Solutions) -- C:\Program Files (x86)\Macro Marketer\mexhook.dll
MOD - [2008/01/20 21:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/12/09 21:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/06/24 21:12:50 | 000,898,560 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/19 12:05:28 | 000,031,928 | ---- | M] (Novosoft LLC) [Auto | Running] -- D:\Program Files (x86)\filesanywhere\BackupNetworkCoordinator.exe -- (NovosoftBackupNetworkCoordinator)
SRV - [2010/01/30 11:48:16 | 002,752,832 | ---- | M] () [On_Demand | Running] -- D:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/11/17 17:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/11/12 16:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/10/07 07:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/10/01 18:49:36 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/09/28 20:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files (x86)\microsoft\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/09/30 16:04:26 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2008/08/11 13:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/01 04:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- D:\TBS2\pgsql\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/10/01 18:41:44 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2009/09/28 20:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2009/04/11 00:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2008/08/11 13:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 13:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/06/24 21:53:56 | 004,596,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/29 03:00:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/04/28 08:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/01/20 21:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 21:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 21:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2006/10/31 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2008/08/11 13:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2007/12/17 04:14:14 | 000,014,392 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\AsIO.sys -- (AsIO)
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 38.96.193.61:9090

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.97
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.1.4
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.16
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/05/15 14:09:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/01 12:25:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/13 14:02:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/02/15 08:38:40 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Mozilla\Extensions
[2010/02/15 08:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/05/03 08:16:52 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions
[2010/04/28 20:59:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 10:00:34 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/28 20:59:08 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/02/23 22:15:57 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/17 16:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/03/22 14:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/02/23 22:15:57 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Mozilla\Firefox\Profiles\wper78qe.default\extensions\[email protected]
[2010/05/03 08:06:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/08 21:36:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2009/11/19 10:53:42 | 000,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/02/24 10:46:47 | 000,000,847 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 216.55.133.9 handybackup.com www.handybackup.com www.softlogica.com softlogica.com
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] D:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\program files\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [IndexSearch] D:\program files\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] D:\program files\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] D:\program files\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\452\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Handy Backup] D:\Program Files (x86)\filesanywhere\hbagent.exe (Novosoft LLC)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\HMIPCore.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://xoconferenci...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 22:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 22:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/03 09:04:56 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2010/05/03 08:14:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/03 08:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/02 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Malwarebytes
[2010/05/02 19:22:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/02 19:22:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/02 19:22:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/02 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/31 08:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/03/20 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\EurekaLog
[2010/03/16 20:44:39 | 000,000,000 | ---D | C] -- C:\Users\mark\Desktop\Utilization Management - Improving Utilization of Hospital Resources - Feb 2010 DRAFT4
[2010/03/12 12:41:53 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\GlarySoft
[2010/03/11 14:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/03/08 21:36:01 | 000,266,552 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\SysWow64\HMIPCore.dll
[2010/03/08 21:33:16 | 002,300,224 | ---- | C] (My Privacy Tools, Inc. ) -- C:\Users\mark\Desktop\hidemyip.exe
[2010/03/03 15:49:20 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Local\Apple Computer
[2010/03/03 09:50:30 | 000,000,000 | ---D | C] -- C:\Users\mark\Documents\Vegas Movie Studio PE 9.0 Projects
[2010/03/03 09:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2010/02/15 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\mark\Documents\KeywordRockstar
[2010/02/15 08:38:39 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Google
[2010/02/10 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\mark\Documents\Niches in a box
[2010/02/10 09:07:14 | 000,000,000 | ---D | C] -- C:\Users\mark\Documents\BCE
[2010/02/08 16:20:33 | 000,000,000 | ---D | C] -- C:\Users\mark\AppData\Roaming\Novosoft

========== Files - Modified Within 90 Days ==========

[2010/05/03 09:08:36 | 002,883,584 | -HS- | M] () -- C:\Users\mark\NTUSER.DAT
[2010/05/03 09:05:04 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\mark\Desktop\OTL.exe
[2010/05/03 08:54:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1411429754-4169151927-820508409-1000UA.job
[2010/05/03 08:14:17 | 000,000,763 | ---- | M] () -- C:\Users\mark\Desktop\NTREGOPT.lnk
[2010/05/03 08:14:17 | 000,000,744 | ---- | M] () -- C:\Users\mark\Desktop\ERUNT.lnk
[2010/05/03 08:11:40 | 000,756,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/03 08:11:40 | 000,642,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/03 08:11:40 | 000,118,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/03 08:05:35 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/05/03 08:05:13 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/03 08:05:13 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/03 08:05:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/03 08:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/03 08:04:11 | 000,524,288 | -HS- | M] () -- C:\Users\mark\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/05/03 08:04:11 | 000,065,536 | -HS- | M] () -- C:\Users\mark\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/05/03 08:04:09 | 003,485,368 | -H-- | M] () -- C:\Users\mark\AppData\Local\IconCache.db
[2010/05/03 08:01:39 | 000,002,393 | ---- | M] () -- C:\Users\Public\Desktop\FacebookManyFriends.lnk
[2010/05/03 05:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1411429754-4169151927-820508409-1000Core.job
[2010/05/02 19:22:39 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 20:36:08 | 000,002,341 | ---- | M] () -- C:\Users\Public\Desktop\EVO2.lnk
[2010/04/29 15:55:36 | 000,002,441 | ---- | M] () -- C:\Users\Public\Desktop\Traffic Mania - BlogBot.lnk
[2010/04/29 15:55:24 | 000,002,313 | ---- | M] () -- C:\Users\mark\Desktop\Document Poster.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/28 18:27:10 | 000,000,512 | ---- | M] () -- C:\Users\mark\Documents\ChatLog New meeting 2010_04_28 18_27.rtf
[2010/04/27 15:58:48 | 000,002,037 | ---- | M] () -- C:\Users\mark\Desktop\Google Chrome.lnk
[2010/04/22 13:50:11 | 000,000,852 | ---- | M] () -- C:\Users\mark\Desktop\Traffic Travis.lnk
[2010/04/21 14:07:10 | 000,072,080 | ---- | M] () -- C:\Users\mark\g2mdlhlpx.exe
[2010/04/19 13:25:12 | 000,000,342 | ---- | M] () -- C:\Users\mark\Desktop\KeywordRockstar.appref-ms
[2010/04/15 01:24:17 | 000,000,680 | ---- | M] () -- C:\Users\mark\AppData\Local\d3d9caps.dat
[2010/04/13 14:02:54 | 000,001,506 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/13 14:00:33 | 000,002,495 | ---- | M] () -- C:\Users\mark\Desktop\SocialBot.lnk
[2010/04/10 20:28:09 | 000,002,361 | ---- | M] () -- C:\Users\mark\Desktop\market maven updated.bfacc
[2010/04/02 08:35:15 | 000,000,623 | ---- | M] () -- C:\Users\mark\Desktop\Glary Utilities.lnk
[2010/03/31 08:50:23 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/29 13:16:58 | 000,000,750 | ---- | M] () -- C:\Users\mark\Desktop\CCleaner.lnk
[2010/03/12 13:56:47 | 000,002,760 | ---- | M] () -- C:\Users\mark\Documents\Default.sfvidcap
[2010/03/11 14:57:40 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/03/08 21:35:59 | 000,000,602 | ---- | M] () -- C:\Users\mark\Desktop\Hide My IP.lnk
[2010/03/08 21:33:51 | 002,300,224 | ---- | M] (My Privacy Tools, Inc. ) -- C:\Users\mark\Desktop\hidemyip.exe
[2010/03/04 14:19:23 | 000,012,800 | ---- | M] () -- C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 09:36:48 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2010/03/02 15:01:08 | 000,000,136 | ---- | M] () -- C:\Users\mark\cloakfish.ini
[2010/03/01 14:47:51 | 000,053,768 | ---- | M] () -- C:\Users\mark\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/01 14:09:06 | 000,246,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/24 10:46:44 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\Handy Backup.lnk
[2010/02/13 15:14:20 | 000,002,028 | ---- | M] () -- C:\Users\mark\Desktop\GoToWebinar.lnk
[2010/02/13 15:14:20 | 000,001,196 | ---- | M] () -- C:\Users\mark\Desktop\GoToMeeting.lnk
[2010/02/12 16:45:28 | 000,000,822 | ---- | M] () -- C:\Users\mark\Desktop\TheBestSpinner.lnk
[2010/02/12 15:58:10 | 000,002,527 | ---- | M] () -- C:\Users\mark\Desktop\Mass Article Creator.lnk
[2010/02/12 14:32:13 | 000,000,626 | ---- | M] () -- C:\Users\mark\Desktop\ProxyFirewall.lnk

========== Files Created - No Company Name ==========

[2010/05/03 08:15:27 | 000,293,376 | ---- | C] () -- C:\Users\mark\Desktop\gmer.exe
[2010/05/03 08:14:17 | 000,000,763 | ---- | C] () -- C:\Users\mark\Desktop\NTREGOPT.lnk
[2010/05/03 08:14:17 | 000,000,744 | ---- | C] () -- C:\Users\mark\Desktop\ERUNT.lnk
[2010/05/02 19:22:39 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/28 18:27:10 | 000,000,512 | ---- | C] () -- C:\Users\mark\Documents\ChatLog New meeting 2010_04_28 18_27.rtf
[2010/04/21 16:25:15 | 000,002,393 | ---- | C] () -- C:\Users\Public\Desktop\FacebookManyFriends.lnk
[2010/04/12 21:14:41 | 000,002,361 | ---- | C] () -- C:\Users\mark\Desktop\market maven updated.bfacc
[2010/03/31 08:50:23 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/12 12:11:59 | 000,000,322 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/03/12 12:11:58 | 000,000,623 | ---- | C] () -- C:\Users\mark\Desktop\Glary Utilities.lnk
[2010/03/08 21:35:59 | 000,000,602 | ---- | C] () -- C:\Users\mark\Desktop\Hide My IP.lnk
[2010/03/03 11:03:25 | 000,002,760 | ---- | C] () -- C:\Users\mark\Documents\Default.sfvidcap
[2010/03/03 09:36:48 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Movie Studio Platinum 9.0.lnk
[2010/02/12 16:42:43 | 000,000,822 | ---- | C] () -- C:\Users\mark\Desktop\TheBestSpinner.lnk
[2010/02/08 16:20:26 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\Handy Backup.lnk
[2010/02/03 21:20:40 | 000,002,341 | ---- | C] () -- C:\Users\Public\Desktop\EVO2.lnk
[2009/11/27 12:30:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/27 12:29:44 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/11/19 10:54:44 | 000,051,304 | ---- | C] () -- C:\Windows\SysWow64\drivers\atnt40k.sys
[2009/10/08 16:03:46 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/27 21:51:45 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/09 13:48:42 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/15 14:03:34 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009/05/15 14:03:34 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009/05/15 14:03:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2009/05/15 14:03:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2009/05/15 10:48:15 | 000,031,690 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009/05/15 10:47:34 | 000,031,378 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2009/06/09 14:04:21 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\.oit
[2009/08/18 15:22:07 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Affilorama
[2009/10/02 09:04:08 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1
[2009/07/09 23:04:32 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\com.mesiablabs.Hummingbird.BB8322EE315EE935F2A40D201B9B55028E9E352B.1
[2009/05/15 16:20:34 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\ESET
[2010/03/20 21:48:55 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\EurekaLog
[2009/09/23 09:12:15 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\FileZilla
[2010/03/12 12:41:53 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\GlarySoft
[2010/04/16 14:23:31 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\GoodSync
[2010/04/19 13:27:37 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\KeywordRockstar
[2010/02/08 16:20:33 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Novosoft
[2009/11/12 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\OpenOffice.org
[2009/10/30 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Publish Providers
[2009/06/09 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\ScanSoft
[2010/03/04 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Sony
[2009/10/12 16:20:53 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\TeamViewer
[2009/12/15 23:46:16 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Web2Mayhem
[2009/11/19 10:56:21 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\webex
[2009/06/09 14:04:15 | 000,000,000 | ---D | M] -- C:\Users\mark\AppData\Roaming\Zeon
[2010/05/03 08:05:35 | 000,000,322 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/05/03 08:04:13 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/07 18:46:46 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/15 13:21:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/05/15 13:59:35 | 001,193,014 | ---- | M] () -- C:\everything.log
[2005/09/23 00:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/03 08:05:01 | 4070,957,055 | -HS- | M] () -- C:\pagefile.sys
[2009/05/15 11:28:32 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2009/05/15 13:58:54 | 000,000,046 | -H-- | M] () -- C:\splash.idx
[2008/07/01 10:13:32 | 000,005,552 | -H-- | M] () -- C:\version

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >


OTL Extras logfile created on: 5/3/2010 9:06:35 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\mark\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
15.00 Gb Paging File | 13.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.00 Gb Total Space | 18.58 Gb Free Space | 26.54% Space Free | Partition Type: NTFS
Drive D: | 395.76 Gb Total Space | 330.89 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE-PC
Current User Name: mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 06 D5 F3 F5 92 6F CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23F44127-F41D-4068-82F7-0C812C308A49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3011C489-03B1-43F2-8A25-5AC2E989DB6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{31B8926D-3689-4974-B0A0-D22F94122087}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F9C9B56-2FE0-4D75-A4E3-6164225DB68A}" = lport=445 | protocol=6 | dir=in | app=system |
"{452F01B6-8206-48CA-9E6F-637DC9C87051}" = rport=139 | protocol=6 | dir=out | app=system |
"{6E955ACC-7564-4812-8CB3-E49861346D54}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D4D1D33-4FD0-4F55-824F-C54D7A33331E}" = rport=445 | protocol=6 | dir=out | app=system |
"{EBB12165-1E8A-41B0-9545-5DDD9FCB4D7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC126069-9A11-45F4-9B91-9251B760DC10}" = lport=139 | protocol=6 | dir=in | app=system |
"{F0D0A439-849B-4151-AFB7-37A6A16BAD30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018EB25E-3935-486B-B278-6FD443F8D987}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0DE05119-09B1-4A74-943B-EA3C353A2484}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"{0E2964F9-03B7-4640-8BAB-EE4A31730150}" = protocol=1 | dir=in | [email protected],-28543 |
"{15038ADC-E84E-417E-BDEC-C55987225F38}" = protocol=6 | dir=in | app=d:\tbs2\spider.exe |
"{15846A00-3EDA-4B06-A586-A7E8D88D1A9A}" = protocol=58 | dir=out | [email protected],-28546 |
"{29450FA4-744E-49C1-87E0-74675851D27B}" = protocol=6 | dir=in | app=d:\tbs2\poster.exe |
"{2B381ABA-8BBD-4AE3-A586-74E47924B518}" = protocol=17 | dir=in | app=c:\program files (x86)\citrix\gotomypc\g2svc.exe |
"{3D87A52E-87E1-429E-A4E7-BF36ECA70DCA}" = protocol=6 | dir=in | app=c:\program files (x86)\citrix\gotomypc\g2svc.exe |
"{437CABA3-D26F-43D1-B4C2-60595F49F68E}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4D97BC0A-958C-4D27-B413-6883967BE042}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4EE0A106-9341-4714-A475-99BC1EFC1290}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{513DEC7B-4386-4FDF-9997-A101B76C6FCD}" = protocol=17 | dir=in | app=d:\tbs2\poster.exe |
"{5411798E-2527-4F26-8211-A06DAB368786}" = protocol=1 | dir=out | [email protected],-28544 |
"{65E5615C-8CE9-4FC1-8891-F9CD1CF97892}" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{82F11A5D-88F6-4964-8FAB-461498C9A2D1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8A3A80D0-36CF-4E16-82B6-76B2CB5D77C1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{8CAFAA68-6705-45AE-B9A5-378C7E1232B3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version4\teamviewer.exe |
"{B4FCECD4-CECA-4676-B12A-E7422B1AC01D}" = protocol=17 | dir=in | app=d:\tbs2\spider.exe |
"{B71C2583-510D-471A-A965-7142BCAEF77D}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{BA3AD56A-36CE-4514-A2BC-A4817DCB02BD}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{C3B42B01-B77C-46F2-AF0E-0DB8BE077ABC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA2181C7-B9A3-4C0D-8A91-3422BB344918}" = protocol=58 | dir=in | [email protected],-28545 |
"{FED54059-9408-4D49-AB2B-9D38680D412A}" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\google\google talk plugin\googletalkplugin.dll |
"TCP Query User{2C86F653-C0DB-4D96-90B0-40F9987B2B6A}D:\program files (x86)\filesanywhere\hbagent.exe" = protocol=6 | dir=in | app=d:\program files (x86)\filesanywhere\hbagent.exe |
"TCP Query User{5E7A257C-8FC7-443E-B755-0932BCD67BF5}C:\windows\lmi5ee5.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi5ee5.tmp\lmi_rescue.exe |
"TCP Query User{60EBA331-7666-4AC2-8523-4E684CF070B5}C:\windows\lmi9acc.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi9acc.tmp\lmi_rescue.exe |
"TCP Query User{631EEAEA-FE5C-4C70-9DD1-F689E893689E}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{69588F1B-7482-4A28-BBDB-53601C00230C}C:\windows\lmi18e.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi18e.tmp\lmi_rescue.exe |
"TCP Query User{6D609939-37A3-455B-BBDC-DD5C8A355FDA}D:\program files (x86)\filesanywhere\backup.exe" = protocol=6 | dir=in | app=d:\program files (x86)\filesanywhere\backup.exe |
"TCP Query User{8D297F5B-E87C-4926-9513-3A98F8B49C97}C:\windows\lmi53df.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\windows\lmi53df.tmp\lmi_rescue.exe |
"TCP Query User{ED14A21C-1003-48A6-B574-71679AE968C1}D:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=d:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{282F4635-295A-454F-94B8-B0B36DF0DABA}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{29BEFC50-25CD-4AC3-9E14-9ED63B4EDFB7}D:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=d:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{3F56D4C7-D8A3-4247-926F-0CF9CD7BE228}C:\windows\lmi53df.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi53df.tmp\lmi_rescue.exe |
"UDP Query User{538C57FB-4B37-4E7F-8607-9926E0E23A62}C:\windows\lmi9acc.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi9acc.tmp\lmi_rescue.exe |
"UDP Query User{574D1C84-A1E8-484E-B40A-D27CBD8B3E11}D:\program files (x86)\filesanywhere\hbagent.exe" = protocol=17 | dir=in | app=d:\program files (x86)\filesanywhere\hbagent.exe |
"UDP Query User{BD0A6D20-890B-4402-B135-837CBB717D48}C:\windows\lmi5ee5.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi5ee5.tmp\lmi_rescue.exe |
"UDP Query User{D3A8469B-5C2C-49FE-BF8F-A2E2A40CD67F}D:\program files (x86)\filesanywhere\backup.exe" = protocol=17 | dir=in | app=d:\program files (x86)\filesanywhere\backup.exe |
"UDP Query User{FA7ADA71-006B-4FFC-80F2-B64A6F6F6BA3}C:\windows\lmi18e.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\windows\lmi18e.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A059D1DD-1B8B-C69B-B184-64BDF333D734}" = ccc-utility64
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E818BEF3-A54D-9A30-8F47-D5AB549830BD}" = ATI Catalyst Install Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004D74B3-09AC-AD15-0CD3-F7CDDBF6F713}" = CCC Help Russian
"{03439355-7264-2B70-70F6-A944B4B64F85}" = CCC Help Italian
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{04A58E6A-FB5D-2883-9656-0BAE68D91B86}" = Catalyst Control Center Localization Russian
"{09E0C274-61B7-1DD7-2E32-C9228A826DF7}" = CCC Help Japanese
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F6F939C-8734-DE7D-0EA6-764167FC7BB1}" = Catalyst Control Center Graphics Previews Vista
"{144777D5-85F5-8468-D7C0-1D7B6DB04F96}" = Catalyst Control Center Localization French
"{19CB728B-83DA-6E77-6FEC-538FEBD46F87}" = Skins
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1B31B68D-7197-4636-9C75-E508CF7321F8}" = Social Poster
"{1BB744F5-793A-4F94-A019-4EFD792370B8}" = BlogBot
"{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}" = MassArticleCreator
"{1EE43CFA-4828-227E-2CD1-893887D13027}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20A2EB6F-47AD-CB8C-4B0F-530DA1E8460D}" = Catalyst Control Center Localization Danish
"{21A08081-9B0C-4B00-BD07-0EE2D44D971C}" = Document Poster
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2955D809-F829-149B-367A-DC273A16625B}" = Catalyst Control Center Localization Chinese Standard
"{29FC0BE8-6528-FF69-B849-0DFBD3CD2B12}" = Catalyst Control Center Core Implementation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3268169C-A68A-204D-ADA6-C7C0F5D179EC}" = Catalyst Control Center Localization Turkish
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{357A40C0-9155-6C9E-9B0C-C9504D3B3952}" = Catalyst Control Center Graphics Full New
"{37E39344-CEA9-0EB7-773E-5BF6414EA01D}" = Catalyst Control Center Localization Dutch
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A0B402D-9869-4199-9923-3935D9A55CFE}" = MassArticleSubmitter
"{3AFAEDCA-C9DE-055D-3F38-0DF92EBF6055}" = CCC Help Dutch
"{3B048F9A-A7FF-40E1-9179-F51F652ED999}" = KeywordCorral
"{406749FD-4473-43B9-9124-B860C2259B0E}" = Brute Force Keyword Generator
"{40CF4964-6E7B-E7C7-A898-8316DE44A4CB}" = Catalyst Control Center Localization Thai
"{43BED844-B4C2-9818-A650-04867F652348}" = CCC Help Czech
"{489CF7C0-C282-0290-624D-8A49BDFC84A5}" = CCC Help Portuguese
"{49A8CF41-4806-6E16-CD15-D9CDBAF1E6E9}" = Catalyst Control Center Localization Swedish
"{521F829A-CBDD-4525-A94C-05D4650E9F71}" = DVD Architect Pro 5.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{59CA57BF-1B2E-2F8D-2B4A-0035D630529E}" = CCC Help Turkish
"{5E997224-2038-0710-F934-2A354A01635E}" = Catalyst Control Center Localization Portuguese
"{6562ABCA-801C-DA27-8417-BAC436A23C9C}" = Catalyst Control Center Localization Japanese
"{65CBABEB-6A93-03EF-7093-022D935C4FC9}" = Catalyst Control Center Localization Korean
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{70E3D22B-3BBE-C15E-0095-C7BF499F677D}" = CCC Help Finnish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780209ED-872D-B782-0959-7EAF5236A93C}" = Catalyst Control Center Localization German
"{7AD6346F-23E1-6641-C25E-5D45A3708906}" = CCC Help Polish
"{7BCEC17A-62AC-4AB2-92F1-CB6BE24F445C}" = Brute Force Linking Loophole
"{81EB39F4-A7AC-F338-478A-47E7917D6EBB}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88D1DE09-4FED-FDF7-0A2F-622FDAEC8598}" = CCC Help Hungarian
"{898B44E1-BC36-04D6-7861-516A007353C6}" = CCC Help Thai
"{8EAA36CC-E2CA-44AA-B113-CD65FD0F3AC8}" = ScanSoft PaperPort 11
"{94A069F8-18BF-F08D-166C-ACE112140EC2}" = Hummingbird
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{9B66F4B4-66BD-7A11-465F-22AF1CB3CD01}" = CCC Help Danish
"{9BDF7671-528F-D66F-A204-C53D45F1D0DF}" = CCC Help Chinese Standard
"{9D189F79-E650-04B9-C253-1E86F62CB87A}" = Catalyst Control Center Localization Chinese Traditional
"{9D55B34A-FC60-1E76-EDD7-6032CA76ACE2}" = Catalyst Control Center Localization Norwegian
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A1C62BBA-61A3-92C8-D603-EBBC1CF03F79}" = HydraVision
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AAAD0A2E-8E28-419E-ADC2-227E4BD6ECD0}" = EVO2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B30D2474-C584-97FC-7C9E-EEFB99A49F0D}" = Catalyst Control Center Localization Hungarian
"{B636502A-81ED-52B3-E67F-6567EE77CE86}" = Catalyst Control Center Localization Spanish
"{B65C0664-41D6-CF32-A334-95C6B7F8B970}" = CCC Help Norwegian
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BF5A96D1-A74A-73BC-202E-C4CA95828639}" = Catalyst Control Center Localization Polish
"{C1787587-2D07-4D76-DC1D-E22468B4E283}" = Catalyst Control Center Localization Finnish
"{C8831445-8EED-1359-7B91-04BAFE597015}" = Catalyst Control Center Graphics Light
"{CC8C9B9F-4CC4-4E80-B0E6-F891B2DA32A3}_is1" = Cloakfish 1.06.01
"{CF520E2A-9139-A905-0661-65D441A91868}" = Catalyst Control Center Localization Greek
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5AAC34C-98F9-5706-C9AC-C342B5811C98}" = Catalyst Control Center Graphics Previews Common
"{D763C1CE-4867-A8FE-E052-2995CD951F19}" = CCC Help Korean
"{E032E3EC-1591-8A3A-1C25-366C8C770696}" = CCC Help Spanish
"{E0F20F2B-A2AF-B92C-7916-27A2F7FDC64A}" = Catalyst Control Center HydraVision Full
"{E261F989-0257-DABC-ED61-D0DA34AADF03}" = Catalyst Control Center Graphics Full Existing
"{E3392AFF-5EF9-4BE0-9F50-41C45DBE9777}" = Brute Force Twitter
"{E543358B-B8E9-4759-8FF3-01722B1FC2E1}" = Handy Backup
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E71A511A-6039-224E-C5E9-33CC3720B97E}" = Catalyst Control Center Localization Czech
"{E7D786B0-348B-205B-47EC-8D55BC37F39D}" = ccc-core-static
"{EAEE1C1B-302C-A6C3-819C-B999387C988C}" = Hummingbird
"{EC432F27-77D0-4EE3-A2B4-026004118A91}" = Web Page Analyzer
"{ED1B8062-A19B-35DB-018F-654324C90D3B}" = CCC Help French
"{EDA117A2-FDC1-4B4E-9E5A-3596EE217499}" = Jing
"{F01F9A32-DF69-B2AD-F681-2D3CDA6FECDB}" = CCC Help German
"{F0942B2A-9867-BE7D-C901-36449457169F}" = CCC Help Greek
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2284788-4312-9982-DAD0-37FFB80FF07F}" = CCC Help English
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FAB88294-6EE7-4F83-9097-8E7819724EF8}" = Brute Force Seo
"{FFACAFE5-DD26-3F6D-CD48-FEE43CEF1690}" = Catalyst Control Center Localization Italian
"A Submitter" = NSIS A Submitter
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"CCleaner" = CCleaner
"com.mesiablabs.Hummingbird.4F508AB529C1EC8AC04A1919276966C36BC93650.1" = Hummingbird
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.7.1
"Glary Utilities_is1" = Glary Utilities 2.21.0.863
"HMIP50_is1" = Hide My IP 5.0
"HotspotShield" = Hotspot Shield 1.34
"Macro Marketer" = Macro Marketer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0.0.13
"ProxyFirewall_is1" = ProxyFirewall 1.0.4 Beta
"SENuke_is1" = SENuke
"ST6UNST #1" = ADwizard
"TeamViewer 4" = TeamViewer 4
"TheBestSpinner" = TheBestSpinner
"Traffic Travis_is1" = Traffic Travis 3.2.3
"Tube Thumper" = Tube Thumper
"Web 2.0 Mayhem" = Web 2.0 Mayhem 1.0.0.1
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"56bdabcd3c64b109" = KeywordRockstar
"b22aa859ef7c6893" = Hummingbird
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"TrackbackSpider" = Trackback Spider

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1101
Description = Could not allocate a new page for database 'KeywordRockStarDB' because
of insufficient disk space in filegroup 'PRIMARY'. Create the necessary space by
dropping objects in the filegroup, adding additional files to the filegroup, or
setting autogrowth on for existing files in the filegroup.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1101
Description = Could not allocate a new page for database 'KeywordRockStarDB' because
of insufficient disk space in filegroup 'PRIMARY'. Create the necessary space by
dropping objects in the filegroup, adding additional files to the filegroup, or
setting autogrowth on for existing files in the filegroup.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1101
Description = Could not allocate a new page for database 'KeywordRockStarDB' because
of insufficient disk space in filegroup 'PRIMARY'. Create the necessary space by
dropping objects in the filegroup, adding additional files to the filegroup, or
setting autogrowth on for existing files in the filegroup.

Error - 11/12/2009 10:03:44 PM | Computer Name = office-PC | Source = MSSQL$SQLEXPRESS | ID = 1827
Description = CREATE DATABASE or ALTER DATABASE failed because the resulting cumulative
database size would exceed your licensed limit of 4096 MB per database.

[ System Events ]
Error - 11/19/2009 3:51:53 PM | Computer Name = office-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/19/2009 9:24:09 PM | Computer Name = office-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 11/20/2009 9:37:39 PM | Computer Name = office-PC | Source = HTTP | ID = 15016
Description =

Error - 11/21/2009 3:00:37 PM | Computer Name = office-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 11/23/2009 2:39:40 AM | Computer Name = office-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 11/24/2009 1:32:35 PM | Computer Name = office-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 11/24/2009 1:42:10 PM | Computer Name = office-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.11.130.32 for the Network Card with network
address 00FFBC94730A has been denied by the DHCP server 10.17.47.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/25/2009 4:32:36 PM | Computer Name = office-PC | Source = Schannel | ID = 36874
Description = An SSL connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 11/27/2009 12:40:19 PM | Computer Name = office-PC | Source = HTTP | ID = 15016
Description =

Error - 11/27/2009 1:40:24 PM | Computer Name = office-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =


< End of report >




Thanks for your assistance.

Mark
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP