Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

possible malware? sptd.sys?

Started by xmm , Sep 12 2010 12:05 PM

  • Please log in to reply

#1
xmm
Posted 12 September 2010 - 12:05 PM

xmm

    New Member

  • Member
  • Pip
  • 3 posts
My daughter downloaded a .pdf version of an Excel tutorial book of of a warez website (BayW.org.
She is home for the weekend from college. She is (was!) using my desktop because I have a 32" monitor.

I came into the room an saw a new Acrobat file icon on my desktop along with a .jpg of a baby that I've never seen before.
I asked her what she was doing. She clicked on the acrobat icon and it disappeared. I asked her what the file was called and attempted to search for it.
I could not find any acrobat file that I was unfamiliar with.

First, let me say that the computer appears to be working fine. I know that in of itself, does not indicate a lack of infection, so....

I started to worry and ran a Trojan remover utility. The utility stopped on a file named sptd.sys and said it was locked. I then searched for that file and came to the conclusion that sptd.sys was a part of daemon (?) and was likely ok. Since my trojan program advised NOT removing or renaming the file unless it was concluded to be malicious, I allowed the scan to continue. No malware, trojan, etc was detected.

I am now running my Norton 360 complete system scan. It's been running for an hour and has not detected anything so far.

I ran Hijack this and created a log. I have never seen entries such as (file missing) before. Other than that, I don't see anything unusual, but I really don't know waht to look for.

I am an engineer and use this desktop to make my living. I try to be extremely careful when I am online. I have gone so far as installing key scrambler and a program to hide my IP address (much of my business is in the Far East and Russia).



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:22 AM, on 8/21/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...75v135k48i1r241
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...75v135k48i1r241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...75v135k48i1r241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...75v135k48i1r241
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [nryedaba] C:\Users\Dad\AppData\Local\finnckijf\inbvxnhtssd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\DRMBuster\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\DRMBuster\YouTubeRipper.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: SMServer - SMServer - C:\Windows\SysWOW64\snmvtsvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12572 bytes

Thanks for your help, my daughter is really afraid I'm going to be very angry with her.
  • 0

Advertisements

#2
xmm
Posted 12 September 2010 - 02:27 PM

xmm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I'm really beginning to worry.

I read back through a few pages of posts. I found geeks-to-go does not use Hijack This any longer.
I ran OTL and gmer. Files are below.
Gmer program will not let me do anything except run a scan of C:\ and only for libraries, services and files. I have downloaded the program twice. Once from the link in one of the posts I read and once from gmer.net. Both times when I double click on the program icon, the window that opens, is preset to run only the above scans and only in the rootkit/malware tab.

OTL Extras logfile created on: 9/12/2010 3:11:41 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Dad\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 818.12 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADS-OFFICEPC
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [RapidShareManagerMail] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- C:\Program Files (x86)\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java™ 6 Update 18 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"HDMI" = Intel® Graphics Media Accelerator Driver
"NVIDIA Drivers" = NVIDIA Drivers
"priPrinter" = priPrinter
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18AE8ACB-0419-45F6-9CF6-155E128A4BCE}_is1" = WinTools.net 10.8.1 Ultimate
"{1A722192-4AEA-4911-9F71-EBECEDC970B5}" = Newsflash
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24F576B7-B797-4A52-AABE-2EB21D01D505}" = ARC XT PRO for Uniden XT series
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B1D6DF0-EAA2-012B-AE51-000000000000}" = TurboTax 2009 wnjiper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745B0755-1233-4F7F-A021-9C104B3C7E02}" = FreeSCAN
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC263FFC-23D9-4C78-BBA2-61A41DD947C7}" = MyProfessionalBusinessCards
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D935FB2D-31E6-4DD7-807C-F1D6740BBE6A}" = MMDS Inbetriebnahme V4.0.3 beta
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}" = WinWay Resume Deluxe
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C521D8-1577-469E-B6F6-BFD09645E8AC}" = FormTool 6
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
"3herosoft iPhone to Computer Transfer" = 3herosoft iPhone to Computer Transfer
"AAA Logo 3.10 Business_is1" = AAA Logo Business Edition 3.10
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.2
"Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar
"BearShare Pro_is1" = BearShare Pro 5.3.0.0
"BitTorrent" = BitTorrent
"BlackBerry_{EE024764-FA19-4CD4-AA9E-E06DE4B766E8}" = BlackBerry Desktop Software 5.0.1
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CDisplay_is1" = CDisplay 1.8
"Comical_is1" = Comical 0.8
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cricut DesignStudio" = Cricut DesignStudio
"DivX Setup.divx.com" = DivX Setup
"DRMBuster_is1" = DRMBuster 3.9.6
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"HideIPEasy" = Hide IP Easy
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"Jasc Paint Shop Pro 9 GDI+ Patch" = Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)" = Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 - Mapped drive patch" = Jasc Paint Shop Pro 9.01 - Mapped drive patch
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"KeyScrambler" = KeyScrambler
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"Linkman" = Linkman 7.9.0.71
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"N360" = Norton 360
"Nursing Student Success Made Incredibly Easy" = Nursing Student Success Made Incredibly Easy
"Office14.SingleImage" = Microsoft Office Professional 2010
"Password Protect USB 3.6.1_is1" = Password Protect USB 3.6.1
"Picasa 3" = Picasa 3
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"Product_Name" = HistoryKill 2010
"Quicken WillMaker Plus 2007" = Quicken WillMaker Plus 2007
"RapidShare Manager" = RapidShare Manager
"Recover My Files_is1" = Recover My Files
"RegGenie" = RegGenie v2.1
"Registry Mechanic_is1" = Registry Mechanic 10.0
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SCAL Lib It Up 2_is1" = SCAL Lib It Up 2.000
"Spyware Doctor" = Spyware Doctor 7.0
"Sure Cuts A Lot 2_is1" = Sure Cuts A Lot 2.008
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Ultimate Reference Suite" = Ultimate Reference Suite
"UltraISO_is1" = UltraISO Premium V9.36
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinWatermark_is1" = WinWatermark 2.9.2 Business Edition
"Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.0.3.0)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 2:38:15 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/10/2010 2:38:16 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/10/2010 2:38:16 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/10/2010 9:01:19 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 9/10/2010 9:01:19 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 9/10/2010 11:20:57 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 9/10/2010 11:20:57 AM | Computer Name = Dads-OfficePC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 9/10/2010 5:04:59 PM | Computer Name = Dads-OfficePC | Source = VSS | ID = 22
Description =

Error - 9/10/2010 5:04:59 PM | Computer Name = Dads-OfficePC | Source = VSS | ID = 8193
Description =

Error - 9/10/2010 10:26:28 PM | Computer Name = Dads-OfficePC | Source = BackItUp5 | ID = 5225
Description =

[ Media Center Events ]
Error - 3/3/2010 9:19:26 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 8:19:26 AM - Error connecting to the internet. 8:19:26 AM - Unable
to contact server..

Error - 3/3/2010 9:19:32 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 8:19:31 AM - Error connecting to the internet. 8:19:31 AM - Unable
to contact server..

Error - 3/3/2010 10:19:37 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 9:19:37 AM - Error connecting to the internet. 9:19:37 AM - Unable
to contact server..

Error - 3/3/2010 10:19:43 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 9:19:42 AM - Error connecting to the internet. 9:19:42 AM - Unable
to contact server..

Error - 3/3/2010 7:07:38 PM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:07:38 PM - Error connecting to the internet. 6:07:38 PM - Unable
to contact server..

Error - 3/3/2010 7:07:44 PM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:07:43 PM - Error connecting to the internet. 6:07:43 PM - Unable
to contact server..

Error - 3/4/2010 7:23:40 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:23:40 AM - Error connecting to the internet. 6:23:40 AM - Unable
to contact server..

Error - 3/4/2010 7:23:46 AM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:23:45 AM - Error connecting to the internet. 6:23:45 AM - Unable
to contact server..

Error - 3/4/2010 7:34:43 PM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:34:43 PM - Error connecting to the internet. 6:34:43 PM - Unable
to contact server..

Error - 3/4/2010 7:34:49 PM | Computer Name = Dads-OfficePC | Source = MCUpdate | ID = 0
Description = 6:34:48 PM - Error connecting to the internet. 6:34:48 PM - Unable
to contact server..

[ System Events ]
Error - 9/9/2010 3:01:03 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

Error - 9/9/2010 3:01:03 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office InfoPath 2007 (KB979441).

Error - 9/9/2010 3:01:03 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office Excel 2007 (KB982308).

Error - 9/9/2010 3:01:03 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Update for Microsoft Office OneNote 2007 (KB980729).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for the 2007 Microsoft Office System (KB978380).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for the 2007 Microsoft Office System (KB976321).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office InfoPath 2007 (KB979441).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Security Update for Microsoft Office Excel 2007 (KB982308).

Error - 9/10/2010 3:01:02 AM | Computer Name = Dads-OfficePC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007066f: Update for Microsoft Office OneNote 2007 (KB980729).


< End of report >


OTL logfile created on: 9/12/2010 3:11:41 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Dad\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 818.12 Gb Free Space | 89.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DADS-OFFICEPC
Current User Name: Dad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/12 15:07:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2010/09/11 18:45:49 | 001,095,608 | ---- | M] (PC Tools Labs) -- C:\Users\Dad\Desktop\Utilities\passutils.exe
PRC - [2010/09/10 09:32:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/10 09:32:24 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/06 22:44:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/09/06 00:46:46 | 001,529,584 | ---- | M] (Outertech) -- C:\Program Files (x86)\Linkman\Linkman.exe
PRC - [2010/09/01 02:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/04/03 22:32:44 | 000,353,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/29 20:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/18 21:50:50 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/20 22:59:26 | 000,271,384 | ---- | M] () -- C:\Program Files (x86)\RegGenie\RegGenieScheduler.exe
PRC - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 17:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 17:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2005/08/24 23:10:04 | 000,174,592 | -HS- | M] (Password Protect Software) -- C:\Windows\SysWOW64\ncfpsys.exe


========== Modules (SafeList) ==========

MOD - [2010/09/12 15:07:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/09/09 16:42:57 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\rswin_3746.dll -- (Akamai)
SRV - [2010/09/06 22:44:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/18 21:50:50 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 10:42:30 | 000,249,856 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 15:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2007/12/06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HMFAxCore75ca3402712a351591f68adfd9ebf51f.sys -- (HMFAxCore75ca3402712a351591f68adfd9ebf51f)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HMFAxCore0ad0c39557b13aeb3585f857b85005af.sys -- (HMFAxCore0ad0c39557b13aeb3585f857b85005af)
DRV:64bit: - [2010/09/11 19:07:49 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\53B1.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/03/29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/02/18 21:51:01 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/02/18 21:50:51 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/18 21:50:51 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/02/18 21:50:51 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/02/18 21:50:51 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/02/18 21:50:51 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2010/02/18 21:50:51 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2010/02/18 21:50:51 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2010/02/18 21:50:51 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/02/18 21:50:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/18 21:50:51 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/11 11:04:54 | 000,130,696 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2010/01/15 13:49:14 | 000,033,336 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DbusAudio.sys -- (DbusAudio)
DRV:64bit: - [2009/10/22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/08/13 22:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/12 06:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 20:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/07/31 20:04:48 | 000,090,112 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2010/07/13 04:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100911.002\EX64.SYS -- (NAVEX15)
DRV - [2010/07/13 04:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100911.002\ENG64.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100909.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/26 04:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/01/29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2010/01/24 17:58:07 | 000,022,304 | ---- | M] (Eltima Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\HMFAxCore75ca3402712a351591f68adfd9ebf51f.sys -- (HMFAxCore75ca3402712a351591f68adfd9ebf51f)
DRV - [2010/01/24 17:36:44 | 000,022,304 | ---- | M] (Eltima Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\HMFAxCore0ad0c39557b13aeb3585f857b85005af.sys -- (HMFAxCore0ad0c39557b13aeb3585f857b85005af)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...75v135k48i1r241
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...75v135k48i1r241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...75v135k48i1r241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...75v135k48i1r241
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files (x86)\Avanquest_App'-Anwendungsleiste\tbAvan.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...75v135k48i1r241
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...75v135k48i1r241
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files (x86)\Avanquest_App'-Anwendungsleiste\tbAvan.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Avanquest App'-Anwendungsleiste Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com"
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {A81031F3-6CEE-4A19-809F-4E26C1D9C1D1}:7.90.6
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 13:00:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/10 09:32:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/10 09:32:25 | 000,000,000 | ---D | M]

[2010/01/06 15:09:24 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2010/09/11 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\1y5ancg7.default\extensions
[2010/09/07 16:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\1y5ancg7.default\extensions\{A81031F3-6CEE-4A19-809F-4E26C1D9C1D1}
[2010/08/04 13:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\1y5ancg7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/09/08 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\1y5ancg7.default\extensions\[email protected]
[2010/06/08 11:32:10 | 000,000,965 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\1y5ancg7.default\searchplugins\conduit.xml
[2010/09/11 22:03:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files (x86)\Avanquest_App'-Anwendungsleiste\tbAvan.dll (Conduit Ltd.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files (x86)\Avanquest_App'-Anwendungsleiste\tbAvan.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Linkman) - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\Program Files (x86)\Linkman\LinkmanCom.dll (Outertech)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [Password Protect USB 3.6.1] C:\Windows\SysWOW64\ncfpsys.exe (Password Protect Software)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Hide IP Easy] C:\Program Files (x86)\HideIPEasy\HideIPEasy.exe (easy-hideip.com)
O4 - HKCU..\Run: [Linkman] C:\Program Files (x86)\Linkman\Linkman.exe (Outertech)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O8:64bit: - Extra context menu item: >Search in Linkman - C:\Users\Dad\Documents\Linkman\iescript_search.htm ()
O8:64bit: - Extra context menu item: Add to Linkman - C:\Users\Dad\Documents\Linkman\iescript_add.htm ()
O8:64bit: - Extra context menu item: Add to Linkman (all tabs) - C:\Users\Dad\Documents\Linkman\iescript_addall.htm ()
O8:64bit: - Extra context menu item: Add to Linkman and Edit - C:\Users\Dad\Documents\Linkman\iescript_edit.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Show Linkman - C:\Users\Dad\Documents\Linkman\iescript_show.htm ()
O8 - Extra context menu item: >Search in Linkman - C:\Users\Dad\Documents\Linkman\iescript_search.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Linkman - C:\Users\Dad\Documents\Linkman\iescript_add.htm ()
O8 - Extra context menu item: Add to Linkman (all tabs) - C:\Users\Dad\Documents\Linkman\iescript_addall.htm ()
O8 - Extra context menu item: Add to Linkman and Edit - C:\Users\Dad\Documents\Linkman\iescript_edit.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show Linkman - C:\Users\Dad\Documents\Linkman\iescript_show.htm ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\DRMBuster\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\DRMBuster\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.194 68.87.64.146 68.87.64.150
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{557bb11f-2b64-11df-b46d-002511ae7fa1}\Shell - "" = AutoRun
O33 - MountPoints2\{557bb11f-2b64-11df-b46d-002511ae7fa1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/12 15:07:37 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/09/11 22:02:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\DriverGenius
[2010/09/11 21:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2010/09/11 21:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/11 21:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest_App'-Anwendungsleiste
[2010/09/11 18:39:01 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Saved Outlook files
[2010/09/11 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Outlook Files
[2010/09/11 11:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/09/11 11:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/11 11:09:31 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/11 10:34:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\TeamViewer
[2010/09/11 10:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2010/09/11 10:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/09/11 02:29:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/09/11 02:24:58 | 000,000,000 | ---D | C] -- C:\Movie Label Databases
[2010/09/11 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Movie Label
[2010/09/11 02:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2010/09/11 02:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2010/09/11 02:05:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\My ISO Files
[2010/09/11 01:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegGenie
[2010/09/10 23:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/09/10 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/09/10 20:43:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\GetRightToGo
[2010/09/10 01:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kindle Auto eBook Converter
[2010/09/09 22:51:17 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\Kindle temp
[2010/09/09 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Kindle Books
[2010/09/09 13:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LWW
[2010/09/09 10:47:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\To do
[2010/09/09 01:21:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\DivX Movies
[2010/09/08 00:14:32 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\books
[2010/09/07 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Linkman
[2010/09/07 16:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linkman
[2010/09/07 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\HideIPEasy
[2010/09/07 13:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HideIPEasy
[2010/09/07 13:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HideIPEasy
[2010/09/07 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Anthropics
[2010/09/07 12:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portrait Professional Max 6
[2010/09/07 08:30:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\eBooks (other)
[2010/09/07 00:13:56 | 000,000,000 | ---D | C] -- C:\DOWNLOADS
[2010/09/07 00:13:56 | 000,000,000 | ---D | C] -- C:\!Temp
[2010/09/07 00:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Pro
[2010/09/06 23:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3herosoft
[2010/09/06 23:04:51 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Downloaded Installations
[2010/09/06 22:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/09/06 22:44:10 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/09/06 22:42:54 | 000,052,568 | R--- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2010/09/06 22:34:24 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/09/06 21:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2010/09/06 21:56:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\ABBYY
[2010/09/06 21:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2010/09/06 21:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A-PDF Restrictions Remover
[2010/09/06 21:17:18 | 000,559,024 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.SkinFramework.v12.1.1.ocx
[2010/09/06 21:17:17 | 002,254,768 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v12.1.1.ocx
[2010/09/06 18:22:56 | 000,000,000 | ---D | C] -- C:\Windows\86B3F2D6AC2B00148AE1F2F77F781B0C.TMP
[2010/09/06 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\EndNote
[2010/09/06 17:59:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd
[2010/09/06 17:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2010/09/06 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2010/09/06 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2010/09/06 17:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/09/06 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Godlike
[2010/09/06 17:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinTools Software
[2010/09/06 16:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/09/06 16:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest update
[2010/09/06 16:06:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\InstallShield
[2010/09/06 15:13:27 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp50.DLL
[2010/09/06 15:13:27 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC30.DLL
[2010/09/06 15:13:27 | 000,133,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCANS32.DLL
[2010/09/06 15:13:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCUIA32.DLL
[2010/09/06 15:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MySoftware
[2010/09/06 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySoftware
[2010/09/06 12:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/09/06 00:19:39 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/09/06 00:08:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Collectorz.com
[2010/09/06 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Photo Collector
[2010/09/06 00:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Collectorz.com
[2010/09/05 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Grammatica
[2010/09/05 23:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grammatica 7
[2010/09/05 23:39:35 | 000,000,000 | R--D | C] -- C:\Users\Dad\Documents\Scanned Documents
[2010/09/05 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Fax
[2010/09/05 23:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010/09/05 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetData
[2010/09/05 22:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AAALOGO2010
[2010/09/05 22:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinWatermark 2
[2010/09/05 22:00:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Text Documents
[2010/09/05 18:46:06 | 000,174,592 | -HS- | C] (Password Protect Software) -- C:\Windows\SysWow64\ncfpsys.exe
[2010/09/05 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uninstall Password Protect USB
[2010/09/05 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Protect USB
[2010/09/05 16:01:37 | 001,753,088 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExGrid.dll
[2010/09/05 16:01:37 | 000,614,400 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExButton.dll
[2010/09/05 16:01:37 | 000,602,112 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExMenu.dll
[2010/09/05 16:01:37 | 000,516,096 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExTab.dll
[2010/09/05 16:01:37 | 000,307,200 | ---- | C] (Exontrol Inc.) -- C:\Windows\SysWow64\ExPMenu.dll
[2010/09/05 16:01:36 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eSellerateEngine.dll
[2010/09/05 16:01:36 | 000,118,784 | ---- | C] (eSellerate Inc.) -- C:\Windows\SysWow64\eWebControl.dll
[2010/09/05 16:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2010/09/05 16:01:35 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2010/09/05 16:01:35 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2010/09/05 16:01:34 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2010/09/05 16:01:34 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2010/09/05 16:01:34 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2010/09/05 16:01:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2010/09/05 16:01:33 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2010/09/05 16:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnswersThatWork
[2010/09/05 14:52:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Wondershare Video Converter Platinum
[2010/09/05 14:52:29 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/09/05 14:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2010/09/05 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Registry Mechanic
[2010/09/05 14:40:15 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2010/09/05 14:40:15 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2010/09/05 14:40:15 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2010/09/05 14:40:15 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2010/09/05 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2010/09/05 11:38:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\priPrinter files
[2010/09/05 11:38:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Pelikan Software KFT
[2010/09/05 11:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\priPrinter
[2010/09/05 11:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\priPrinter
[2010/09/05 11:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/09/05 11:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jasc Software Inc
[2010/09/05 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\My PSP Files
[2010/09/05 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Jasc Software Inc
[2010/09/05 11:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[2010/09/05 09:13:22 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2010/09/05 09:13:22 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\CheeseSoft
[2010/09/05 09:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller
[2010/09/05 05:30:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\VirtualDJ
[2010/09/05 05:30:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2010/08/28 23:32:30 | 000,116,256 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\KeyScramblerLogon.dll
[2010/08/25 06:57:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/23 22:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/08/23 22:11:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2010/08/23 22:11:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll
[2010/08/23 22:11:30 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
[2010/08/23 22:11:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2010/08/23 22:11:30 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2010/08/23 22:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/08/23 12:55:40 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\Threat Expert
[2010/08/22 11:59:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\Desktop\Utilities
[2010/08/21 11:03:48 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2010/08/21 11:03:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/21 11:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/21 11:03:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/21 11:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/21 09:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/21 09:36:24 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/08/21 08:48:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/21 08:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/21 08:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/21 08:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/21 07:48:29 | 000,130,696 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2010/08/21 07:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2010/08/21 07:42:58 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/21 07:20:13 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/08/21 07:20:12 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/08/21 07:20:12 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/08/21 07:19:35 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/08/21 07:19:35 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/08/21 07:19:32 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/08/21 07:19:29 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/08/21 07:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010/08/21 07:19:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\PC Tools
[2010/08/21 07:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/08/21 07:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/08/20 13:38:09 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010/08/20 13:37:36 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/08/20 13:37:08 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010/08/20 13:36:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/08/20 13:36:15 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010/08/20 13:35:47 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010/08/20 07:02:57 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010/08/20 06:21:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\Documents\Simply Super Software
[2010/08/20 06:21:36 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2010/08/20 06:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/08/20 06:21:35 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Simply Super Software
[2010/08/20 06:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/08/17 07:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/12 15:11:27 | 003,145,728 | ---- | M] () -- C:\Users\Dad\NTUSER.DAT
[2010/09/12 15:07:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
[2010/09/12 15:00:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 15:00:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/12 14:48:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/12 13:09:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/12 13:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/11 22:02:36 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/11 22:02:36 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/11 22:02:36 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/11 21:57:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/11 21:57:46 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/11 21:56:48 | 005,096,503 | -H-- | M] () -- C:\Users\Dad\AppData\Local\IconCache.db
[2010/09/11 19:07:49 | 000,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/09/11 13:56:41 | 000,001,259 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/09/11 12:05:20 | 000,001,098 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/09/11 11:21:44 | 000,000,000 | -HS- | M] () -- C:\Windows\SysWow64\+
[2010/09/11 11:21:37 | 000,124,080 | ---- | M] () -- C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/11 11:21:02 | 000,462,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/11 11:17:01 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/09/11 00:09:25 | 000,001,097 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/10 22:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TMContainer00000000000000000002.regtrans-ms
[2010/09/10 22:16:55 | 000,524,288 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TMContainer00000000000000000001.regtrans-ms
[2010/09/10 22:16:55 | 000,065,536 | -HS- | M] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TM.blf
[2010/09/10 22:09:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/09/10 22:09:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/09/10 01:03:26 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/09 14:50:32 | 037,217,698 | ---- | M] () -- C:\Users\Dad\Desktop\iPad_iPhone_User_08_2010.zip
[2010/09/09 13:52:15 | 000,001,203 | ---- | M] () -- C:\Users\Dad\Desktop\Nursing Student Success Made Incredibly Easy.lnk
[2010/09/08 23:59:35 | 000,000,070 | ---- | M] () -- C:\Users\Dad\Videos.rar
[2010/09/08 18:42:50 | 128,020,688 | ---- | M] () -- C:\Users\Dad\ Videos.___ppp
[2010/09/07 16:24:35 | 000,000,020 | -HS- | M] () -- C:\Users\Dad\ntuser.ini
[2010/09/07 12:42:55 | 000,001,105 | ---- | M] () -- C:\Users\Dad\Desktop\Portrait Professional Max.lnk
[2010/09/07 08:30:05 | 000,001,185 | ---- | M] () -- C:\Users\Dad\Documents\eBooks - Shortcut.lnk
[2010/09/07 06:39:03 | 002,883,584 | -HS- | M] () -- C:\Users\Dad\ntuser.dat.rmbak
[2010/09/06 23:34:05 | 000,001,284 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\3herosoft iPhone to Computer Transfer.lnk
[2010/09/06 18:27:36 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/09/06 16:05:56 | 000,000,316 | ---- | M] () -- C:\Windows\mybc32.INI
[2010/09/06 15:14:44 | 000,000,102 | ---- | M] () -- C:\Windows\bizpub32.INI
[2010/09/05 22:45:19 | 000,000,930 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2010/09/05 11:04:19 | 000,002,683 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2010/08/28 23:32:30 | 000,116,256 | ---- | M] (QFX Software Corporation) -- C:\Windows\SysNative\KeyScramblerLogon.dll
[2010/08/21 09:36:24 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/11 19:07:49 | 000,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/09/11 13:56:41 | 000,001,259 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/09/11 12:05:20 | 000,001,098 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/09/11 00:09:25 | 000,001,097 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/09/10 22:13:40 | 000,053,551 | ---- | C] () -- C:\Windows\Professional.xml
[2010/09/10 01:03:26 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/09 14:50:30 | 037,217,698 | ---- | C] () -- C:\Users\Dad\Desktop\iPad_iPhone_User_08_2010.zip
[2010/09/09 13:52:15 | 000,001,203 | ---- | C] () -- C:\Users\Dad\Desktop\Nursing Student Success Made Incredibly Easy.lnk
[2010/09/08 23:59:35 | 000,000,070 | ---- | C] () -- C:\Users\Dad\Videos.rar
[2010/09/08 18:06:26 | 128,020,688 | ---- | C] () -- C:\Users\Dad\ Videos.___ppp
[2010/09/07 12:42:55 | 000,001,105 | ---- | C] () -- C:\Users\Dad\Desktop\Portrait Professional Max.lnk
[2010/09/07 08:30:05 | 000,001,185 | ---- | C] () -- C:\Users\Dad\Documents\eBooks - Shortcut.lnk
[2010/09/07 06:41:27 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TMContainer00000000000000000002.regtrans-ms
[2010/09/07 06:41:27 | 000,524,288 | -HS- | C] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TMContainer00000000000000000001.regtrans-ms
[2010/09/07 06:41:27 | 000,065,536 | -HS- | C] () -- C:\Users\Dad\NTUSER.DAT{23de5542-ba66-11df-b89b-002511ae7fa1}.TM.blf
[2010/09/07 06:38:51 | 000,000,000 | -HS- | C] () -- C:\Users\Dad\S-1-5-21-1784654675-878407806-1313860542-1001.rrr.LOG2
[2010/09/07 06:38:51 | 000,000,000 | -HS- | C] () -- C:\Users\Dad\S-1-5-21-1784654675-878407806-1313860542-1001.rrr.LOG1
[2010/09/06 23:34:05 | 000,001,284 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\3herosoft iPhone to Computer Transfer.lnk
[2010/09/06 17:46:05 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/09/06 16:05:56 | 000,000,316 | ---- | C] () -- C:\Windows\mybc32.INI
[2010/09/06 15:14:44 | 000,000,102 | ---- | C] () -- C:\Windows\bizpub32.INI
[2010/09/06 15:13:27 | 000,027,025 | ---- | C] () -- C:\Windows\SysWow64\OLE2.REG
[2010/09/05 22:45:19 | 000,000,930 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\AAA Logo 2010.lnk
[2010/09/05 18:39:28 | 000,000,000 | -HS- | C] () -- C:\Windows\SysWow64\+
[2010/09/05 14:52:31 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2010/09/05 14:52:29 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/09/05 14:52:29 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/09/05 14:40:15 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2010/09/05 11:27:52 | 000,012,528 | ---- | C] () -- C:\Windows\SysNative\plkmon64.dll
[2010/09/05 11:05:00 | 000,002,683 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2010/08/21 07:20:13 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/08/21 07:20:13 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/08/21 07:20:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/08/21 07:20:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/08/21 07:20:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/08/21 07:19:35 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010/08/21 07:19:32 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010/08/21 07:19:29 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010/08/20 06:21:36 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/08/20 06:21:36 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/08/20 06:21:36 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/08/20 06:21:36 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/08/04 12:48:37 | 000,000,117 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/29 07:21:08 | 000,004,608 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/09 13:17:25 | 000,000,158 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\BBMS_EXCEPTION.txt
[2010/01/18 18:45:17 | 000,350,720 | ---- | C] () -- C:\Program Files\hjsplit.exe
[2010/01/08 19:38:14 | 000,000,628 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 54 bytes -> C:\Users\Dad\ntuser.ini:l_encryption_d
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:D2F2F703
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:264A9BB7
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-12 15:45:21
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----
  • 0

#3
xmm
Posted 12 September 2010 - 03:21 PM

xmm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I downloaded it, followed the instructions, double clicked....There is no evidence that it is running?

Also downloaded catchme and mbr. Both panels opened and closed down right away with these results:

catchme

disk not found C:\

please note that you need administrator rights to perform deep scan

mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP