Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

google redirect following Rustock infection


  • Please log in to reply

#1
jvandev

jvandev

    New Member

  • Member
  • Pip
  • 9 posts
Two weeks ago I struggled to get rid of a Rustock infection. After a lot of fiddelling around, I managed to get rid of the virus - I received help from handhfan on this forum, who checked logs from both OTList, and Malwarebytes.

The good news is that the infection seems to have gone - the computer glitches that I experienced when the virus was first detected have stopped, Malwarebytes, Superantispyware, and RootRepeal all fail to find anything suspicious. The bad news is that I don't think I have managed to clean all of the residue away, as Google links often redirect to what looks like a Russian site (incomeppc.com).

Unfortunately, I do not know how to look for the problem myself, and would be very grateful for any advice or help offered in this respect.

I include the log file from OTList, that I ran just before posting this topic.

Many thanks in advance,

Justin.

*****************************************
OTList log
*****************************************

OTListIt logfile created on: 09/05/2009 09:06:42 - Run 4
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Users\Justin van de Ven\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.46% Memory free
4.00 Gb Paging File | 2.92 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.38 Gb Total Space | 54.63 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JV-PC
Current User Name: Justin van de Ven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\system32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mstsc.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Justin van de Ven\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (Net Driver HPZ12 [Auto | Stopped]) -- C:\Windows\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NSUService [Auto | Running]) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (ose [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\Windows\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\system32\stacsv.exe (IDT, Inc.)
SRV - (uCamMonitor [Auto | Running]) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped]) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (ArcSoftKsUFilter [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\system32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\system32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwl2cap [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (DMICall [System | Running]) -- C:\Windows\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTPTSER [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\gtptser.sys (Option N.V.)
DRV - (GTUQBUS [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\gtuqbus.sys (Option N.V.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeapfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [System | Running]) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\Windows\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R5U870FLx86 [On_Demand | Running]) -- C:\Windows\System32\Drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86 [On_Demand | Running]) -- C:\Windows\System32\Drivers\R5U870FUx86.sys (Ricoh)
DRV - (regi [Auto | Running]) -- C:\Windows\system32\drivers\regi.sys (InterVideo)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SFEP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SFEP.sys (Sony Corporation)
DRV - (shpf [Boot | Running]) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SPI [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SonyPI.sys (Sony Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (TcUsb [On_Demand | Running]) -- C:\Windows\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (ti21sony [On_Demand | Running]) -- C:\Windows\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (TPM [On_Demand | Running]) -- C:\Windows\system32\drivers\tpm.sys (Microsoft Corporation)
DRV - (truecrypt [System | Running]) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WimFltr [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (XE104Sp50 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\XE104Sp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.niesr.ac.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {2EF1FF0A-7FF3-4BB5-8A98-D3F60B9F54C1}:1.0
FF - prefs.js..extensions.enabledItems: {5075DF38-EE07-4B74-81D1-0AA096F8C16C}:1.0
FF - prefs.js..extensions.enabledItems: {5AA2AF92-0E9A-4081-8372-4D69265D90AD}:1.0
FF - prefs.js..extensions.enabledItems: {5D0E6B2D-AA09-4AB8-B5D9-AAF86124116A}:1.0
FF - prefs.js..extensions.enabledItems: {6469C968-00BC-4659-9272-B70BC0B72F06}:1.0
FF - prefs.js..extensions.enabledItems: {6C893600-750B-482D-A66F-EBF26F3FE105}:1.0
FF - prefs.js..extensions.enabledItems: {BC3ABD95-D2C1-433C-96D5-88A22F6BF6DF}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/30 11:56:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 13:54:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 13:54:33 | 00,000,000 | ---D | M]

[2009/04/28 13:54:42 | 00,000,000 | ---D | M] -- C:\Users\Justin van de Ven\AppData\Roaming\mozilla\Extensions
[2009/04/28 13:54:42 | 00,000,000 | ---D | M] -- C:\Users\Justin van de Ven\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/08 14:07:39 | 00,000,000 | ---D | M] -- C:\Users\Justin van de Ven\AppData\Roaming\mozilla\Firefox\Profiles\0v50lq3l.default\extensions
[2009/04/30 08:47:56 | 00,000,000 | ---D | M] -- C:\Users\Justin van de Ven\AppData\Roaming\mozilla\Firefox\Profiles\0v50lq3l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/08 14:07:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/24 14:07:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{2EF1FF0A-7FF3-4BB5-8A98-D3F60B9F54C1}
[2009/04/27 14:23:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5075DF38-EE07-4B74-81D1-0AA096F8C16C}
[2009/04/27 14:01:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5AA2AF92-0E9A-4081-8372-4D69265D90AD}
[2009/04/27 19:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5D0E6B2D-AA09-4AB8-B5D9-AAF86124116A}
[2009/04/27 16:27:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6469C968-00BC-4659-9272-B70BC0B72F06}
[2009/04/27 13:33:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6C893600-750B-482D-A66F-EBF26F3FE105}
[2009/04/28 13:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/27 16:42:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{BC3ABD95-D2C1-433C-96D5-88A22F6BF6DF}
[2009/03/05 14:16:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/10 10:31:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/24 07:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 07:00:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (610270 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16295 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DRCU] "C:\Program Files\Sony\DRCU\DRCU.exe" (Sony Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" (Sony Corporation)
O4 - Startup: C:\Users\Justin van de Ven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\system32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a7c48a7-473e-11dd-b4e5-001e3d89f1d0}\Shell\AutoRun\command - "" = F:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/09 09:06:08 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Users\Justin van de Ven\Desktop\OTListIt2.exe
[2009/05/04 11:16:52 | 01,151,333 | ---- | C] () -- C:\Users\Justin van de Ven\Desktop\epp.pdf
[2009/04/30 10:16:16 | 00,000,000 | ---D | C] -- C:\Users\Justin van de Ven\AppData\Roaming\WinEdt
[2009/04/30 10:15:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinEdt Team
[2009/04/29 21:36:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/04/29 21:29:31 | 00,000,714 | ---- | C] () -- C:\Users\Justin van de Ven\Desktop\ERUNT.lnk
[2009/04/29 21:23:07 | 00,000,812 | ---- | C] () -- C:\Users\Justin van de Ven\Desktop\SpywareBlaster.lnk
[2009/04/29 21:23:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/04/29 21:19:37 | 00,000,796 | ---- | C] () -- C:\Users\Justin van de Ven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/04/29 21:19:37 | 00,000,792 | ---- | C] () -- C:\Users\Justin van de Ven\Desktop\SG Update.lnk
[2009/04/29 21:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2009/04/29 08:00:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/04/29 08:00:46 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/04/29 08:00:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/29 08:00:46 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/04/29 08:00:46 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/04/29 08:00:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/29 08:00:45 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/04/29 08:00:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/04/29 08:00:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/04/29 08:00:44 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/04/29 08:00:44 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/04/29 08:00:43 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/29 08:00:43 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/04/29 08:00:43 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/04/29 08:00:43 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/04/29 08:00:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/04/29 08:00:43 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/04/29 08:00:43 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/04/29 08:00:43 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/04/29 08:00:42 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/04/29 08:00:42 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/29 08:00:42 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/04/29 08:00:42 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/29 08:00:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/04/29 08:00:41 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/29 08:00:41 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/04/29 08:00:41 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/04/29 08:00:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/04/29 08:00:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/04/29 08:00:40 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/29 08:00:40 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/04/29 08:00:40 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/04/29 08:00:38 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/04/29 08:00:38 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/04/29 08:00:38 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/04/29 08:00:37 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/04/29 08:00:37 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/04/29 08:00:36 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/29 08:00:33 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/29 08:00:33 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/04/29 08:00:33 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/04/29 08:00:32 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/04/29 08:00:32 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/04/29 08:00:32 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/04/29 08:00:32 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/04/29 08:00:32 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/04/29 08:00:31 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/29 08:00:31 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/04/29 08:00:31 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/29 08:00:31 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/04/29 08:00:30 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/29 08:00:30 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/29 08:00:29 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/04/29 08:00:28 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/29 08:00:28 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/28 21:07:46 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/04/28 13:54:40 | 00,000,000 | ---D | C] -- C:\Users\Justin van de Ven\AppData\Roaming\Mozilla
[2009/04/27 21:07:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/27 19:29:09 | 21,457,05984 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/27 16:28:01 | 00,000,691 | ---- | C] () -- C:\Users\Justin van de Ven\AppData\Roaming\GetValue.vbs
[2009/04/27 16:28:01 | 00,000,035 | ---- | C] () -- C:\Users\Justin van de Ven\AppData\Roaming\SetValue.bat
[2009/04/27 14:56:11 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/04/27 14:55:57 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERasp.lnk
[2009/04/27 14:55:55 | 00,000,000 | ---D | C] -- C:\Users\Justin van de Ven\AppData\Roaming\SUPERAntiSpyware.com
[2009/04/27 14:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/04/27 14:36:18 | 00,000,000 | ---D | C] -- C:\Users\Justin van de Ven\AppData\Roaming\Malwarebytes
[2009/04/27 14:36:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/27 14:36:16 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2009/04/27 14:36:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/27 14:36:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/27 14:36:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/27 13:00:44 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/04/24 23:38:12 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/04/24 14:05:31 | 00,000,000 | ---D | C] -- C:\Users\Justin van de Ven\AppData\Roaming\WinRAR
[2009/04/23 16:34:46 | 08,426,896 | ---- | C] () -- C:\Users\Justin van de Ven\Desktop\uk benefits system.pdf
[2009/04/21 16:48:09 | 00,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2009/04/21 16:45:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/04/21 16:44:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/04/21 16:43:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/04/21 16:42:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/04/21 16:38:46 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/04/15 08:48:16 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/15 08:48:11 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/15 08:48:11 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/15 08:48:00 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/15 08:47:59 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/15 08:47:59 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/15 08:47:57 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/15 08:47:56 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/15 08:47:56 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/15 08:47:56 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/15 08:47:56 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/15 08:47:53 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/15 08:47:53 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/15 08:47:01 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/15 08:47:00 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/15 08:46:57 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/15 08:46:57 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/15 08:46:57 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/09 15:14:17 | 00,105,472 | ---- | C] () -- C:\Users\Justin van de Ven\Documents\tax_test.xls
[2008/11/07 19:07:18 | 00,000,094 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/01 22:01:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/08/01 22:01:18 | 00,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/08/01 21:57:42 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/07/22 09:05:26 | 00,000,157 | ---- | C] () -- C:\Windows\matlab.ini
[2008/07/09 17:40:32 | 00,000,319 | ---- | C] () -- C:\Windows\SWWATER.INI
[2008/05/27 22:11:51 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/05/27 22:11:46 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/27 22:11:46 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/05/27 22:11:46 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/05/27 22:11:44 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/05/27 22:11:44 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/23 16:54:57 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/05/23 15:55:00 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/02/19 19:03:34 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/02/19 18:49:03 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/01/09 10:08:32 | 00,962,560 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/12/03 23:22:39 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/03 23:22:39 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/12/03 23:22:39 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/10/30 19:44:52 | 00,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 11:23:31 | 00,000,387 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/01/03 11:10:44 | 00,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 22:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/05/09 09:06:13 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Users\Justin van de Ven\Desktop\OTListIt2.exe
[2009/05/09 08:29:39 | 00,001,778 | -H-- | M] () -- C:\Users\Justin van de Ven\Documents\Default.rdp
[2009/05/09 08:26:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/09 08:26:02 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/09 08:26:01 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/08 17:29:24 | 00,710,136 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/08 17:29:24 | 00,609,766 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/08 17:29:24 | 00,114,856 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/08 17:22:02 | 00,143,447 | ---- | M] () -- C:\Users\Justin van de Ven\AppData\Roaming\nvModes.001
[2009/05/08 17:21:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/08 17:21:22 | 21,457,05984 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/08 16:26:19 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/04 11:16:52 | 01,151,333 | ---- | M] () -- C:\Users\Justin van de Ven\Desktop\epp.pdf
[2009/04/29 21:29:31 | 00,000,714 | ---- | M] () -- C:\Users\Justin van de Ven\Desktop\ERUNT.lnk
[2009/04/29 21:27:21 | 00,610,270 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2009/04/29 21:27:21 | 00,610,270 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2009/04/29 21:23:07 | 00,000,812 | ---- | M] () -- C:\Users\Justin van de Ven\Desktop\SpywareBlaster.lnk
[2009/04/29 21:19:37 | 00,000,796 | ---- | M] () -- C:\Users\Justin van de Ven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/04/29 21:19:37 | 00,000,792 | ---- | M] () -- C:\Users\Justin van de Ven\Desktop\SG Update.lnk
[2009/04/29 15:05:23 | 00,143,447 | ---- | M] () -- C:\Users\Justin van de Ven\AppData\Roaming\nvModes.dat
[2009/04/28 21:02:51 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/27 22:05:14 | 00,446,464 | ---- | M] ( ) -- C:\Users\Justin van de Ven\Desktop\RootRepeal.exe
[2009/04/27 16:28:01 | 00,000,691 | ---- | M] () -- C:\Users\Justin van de Ven\AppData\Roaming\GetValue.vbs
[2009/04/27 16:28:01 | 00,000,035 | ---- | M] () -- C:\Users\Justin van de Ven\AppData\Roaming\SetValue.bat
[2009/04/27 14:55:57 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERasp.lnk
[2009/04/27 14:36:16 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2009/04/27 14:24:00 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090427-144703.backup
[2009/04/25 12:03:51 | 00,000,387 | ---- | M] () -- C:\Windows\win.ini
[2009/04/24 20:25:31 | 00,000,017 | -H-- | M] () -- C:\Windows\System32\servdat.slm
[2009/04/24 20:20:53 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2009/04/24 20:20:53 | 00,000,014 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2009/04/23 16:34:46 | 08,426,896 | ---- | M] () -- C:\Users\Justin van de Ven\Desktop\uk benefits system.pdf
[2009/04/21 18:50:38 | 00,499,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/21 16:48:13 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/04/13 12:10:14 | 00,000,936 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/04/09 15:14:17 | 00,105,472 | ---- | M] () -- C:\Users\Justin van de Ven\Documents\tax_test.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Users\Justin van de Ven\Desktop\PC 1st Rep.pdf:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP