Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected keylogger and browser redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected keylogger and browser redirect

Unread postby Brood » January 30th, 2010, 11:02 am

Hi

I have just had my World of Warcraft account hacked and the only way would be a keylogger. I also occasionally get a problem where I click on a url in google and it takes me to a different website.

I am on Windows XP SP2, I use AVG free and regularly scan with at least 2 anti-spyware programs (Adaware, SuperAntiSpyware, MalwareBytes' Anti-Malware, SpyBot)

Please find below the requested information.

Thanks for any help!
Barry

HijackThis

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:54:26, on 30/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\AVG\AVG9\avgchsvx.exe
E:\Program Files\AVG\AVG9\avgrsx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\AVG\AVG9\avgnsx.exe
E:\Program Files\Kilgray\MemoQ\AUClient.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\WINDOWS\system32\oodag.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PrintCtrl.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\PROGRA~1\AVG\AVG9\avgtray.exe
E:\WINDOWS\system32\PrintDisp.exe
E:\WINDOWS\system32\ctfmon.exe
C:\steam\steam.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Rainlendar2\Rainlendar2.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\AVG\AVG9\avgui.exe
E:\Program Files\AVG\AVG9\avgscanx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
E:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ISUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AVG9_TRAY] E:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PrintDisp] E:\WINDOWS\system32\PrintDisp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Rainlendar2] E:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [esentclbClient] rundll32.exe "E:\Documents and Settings\Barry\Local Settings\Application Data\esentclbClient\esentclbClient.dll", DllInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: SYSTRAN Lookup - res://E:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: SYSTRAN Translate - res://E:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate this web page with Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kilgray: MemoQ update permissions manager. 978527. - Unknown owner - E:\Program Files\Kilgray\MemoQ\AUClient.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NewServiceInstall1 - Unknown owner - E:\Program.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - E:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - E:\WINDOWS\system32\PrintCtrl.exe

--
End of file - 14488 bytes




------------------------------------------------------------------------------------------------------------------------------------------------

Uninstall List

µTorrent
ABBYY FineReader 9.0 Professional Edition
Acronis True Image Home
Act of War: Direct Action
Ad-Aware
Ad-Aware
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Altitude 1.0.0
Amazon MP3 Downloader 1.0.8
ATI Display Driver
ATI Parental Control & Encoder
AVG Free 9.0
Babylon
Battlefield 2142
Battlefield Bad Company 2 - BETA
Beyond Good and Evil
Broken Sword: The Sleeping Dragon
Call of Juarez - Bound in Blood
Canon iP5200
Canon PhotoRecord
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Catalyst Control Center - Branding
CDDRV_Installer
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 3.8.0.193j
Counter-Strike: Source
Crayon Physics Deluxe - release 53
Crysis
Crysis Warhead
Crysis Wars
Darwinia
Defense Grid: The Awakening
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dragon Age: Origins
EA Download Manager
EA Shared Game Component: Activation
EA Shared Game Component: Activation
EASEUS Partition Master 3.0.2 Professional
EasyRecovery DataRecovery Trial
Easy-WebPrint
EXPERTool ATI 4.0
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.0.0526
France Topo 1 Alpes
France Topo 2 Pyrénées
France Topo 3 Provence Côte d'Azur Méditerranée
France Topo 4 Bretagne Normandie
France Topo 5 Ile de France
France Topo 6 Alsace Lorraine - Vosges Jura
France Topo 7 Massif Central
Freedom Force
Freedom Force vs. the 3rd Reich
FreeSpace 2
Frontlines: Fuel of War
Full Spectrum Warrior: Ten Hammers
Galactic Civilizations II - Ultimate Edition
Garmin MapSource
Garmin USB Drivers
GetDataBack FAT NTFS 4.0.0
Ghostbusters
GOG.com Downloader
GOG.com Downloader
Google Earth
Google Update Helper
GPGNet
GpsViewer
Grand Theft Auto IV
Half-Life 2: Deathmatch
Handy Backup Outlook Plugin
Handy Recovery 4.0
High Definition Audio Driver Package - KB888111
HiJackThis
HOLUX GPS USB DEVICE
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Impulse
Impulse
Indigo Prophecy
Infix 4.05
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 14
Java(TM) 6 Update 17
Juiced 2: Hot Import Nights
KhalInstallWrapper
Killing Floor
kuler
Left 4 Dead 2 Add-on Support
Logitech GamePanel Software 3.02.173
Logitech Registration
Logitech SetPoint
LogMeIn
Machinarium
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Medieval II: Total War
MemoQ 3.6
Memory-Map OS Edition Version 5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Multiwinia
NCsoft Launcher
Neverwinter Nights Platinum Edition
NVIDIA PhysX
O&O Defrag Professional Edition
Oddworld: Abe's Exoddus
Oddworld: Abe's Oddysee
OpenAL
PDF Settings CS4
Photoshop Camera Raw
Power Data Recovery 4.1.1
PowerQuest PartitionMagic 8.0
Psychonauts
PunkBuster Services
Quake Live Mozilla Plugin
Rainlendar2 (remove only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Red Faction II
Red Faction: Guerrilla
Saints Row 2
SDL Passolo 2009 Essential SR3
SDL Trados 2007 Freelance
SDL Trados Studio 2009 SP1
SDLX
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Shadowgrounds
Shadowgrounds Survivor
Sins of a Solar Empire
Sins of a Solar Empire
Spybot - Search & Destroy
STALKER: Clear Sky
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Supreme Commander
Supreme Commander - Forged Alliance
SYSTRAN
TeamViewer 4
Tesco Download Manager
Titan Quest
Titan Quest: Immortal Throne
TmUnitedForever
Torchlight
Uniblue ProcessScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WebEx
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinX DVD Ripper Platinum 5.1.1
World of Warcraft
Xtreme-G 9.11 XP32 AGP
Zombie Shooter
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am
Advertisement
Register to Remove

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 5th, 2010, 1:08 pm

Hi

Apologies for your wait. Can you please run the following two scans.

DDS
Download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt and Attach.txt
  • A window will open instructing you save and post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs and post, not attach, in your next reply

Gmer
Download GMER Rootkit Scanner from here.

Please physically disconnect from the internet and disable the computer's security programs as these may interfere with GMER.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO << Important!

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. UNcheck the following ...
    • UNcheck Sections
    • UNcheck IAT/EAT
    • UNcheck Drives/Partition other than Systemdrive (typically C:\)
    • UNcheck Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Re-enable the computer's security programs and connect to the internet.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log

Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 6th, 2010, 8:01 am

Hi and thanks for helping.

I will have to run gmer again tonight while I'm in bed as it still hadn't finished after 5 hours of running today and I need to do some work!

Please find below the DDS and Attach logs.

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Barry at 18:43:17.79 on 05/02/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3063.1112 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
E:\Program Files\AVG\AVG9\avgchsvx.exe
E:\Program Files\AVG\AVG9\avgrsx.exe
E:\Program Files\AVG\AVG9\avgcsrvx.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\AVG\AVG9\avgnsx.exe
E:\Program Files\Kilgray\MemoQ\AUClient.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\WINDOWS\system32\oodag.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PrintCtrl.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
E:\PROGRA~1\AVG\AVG9\avgtray.exe
E:\WINDOWS\system32\PrintDisp.exe
E:\WINDOWS\system32\ctfmon.exe
C:\steam\steam.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Rainlendar2\Rainlendar2.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\SYSTRAN\6\SystranToolbar.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Outlook Express\msimn.exe
E:\Documents and Settings\Barry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SYSTRAN Toolbar: {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - e:\program files\canon\easy-webprint\Toolband.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\steam\steam.exe" -silent
uRun: [H/PC Connection Agent] "e:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Rainlendar2] e:\program files\rainlendar2\Rainlendar2.exe
uRun: [esentclbClient] rundll32.exe "e:\documents and settings\barry\local settings\application data\esentclbclient\esentclbClient.dll", DllInit
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "e:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Launch LgDeviceAgent] "e:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LGDCore] "e:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [TrueImageMonitor.exe] e:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "e:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [ISUSPM] "e:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG9_TRAY] e:\progra~1\avg\avg9\avgtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PrintDisp] e:\windows\system32\PrintDisp.exe
mRun: [Easy-PrintToolBox] e:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
StartupFolder: e:\documents and settings\barry\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: e:\docume~1\barry\startm~1\programs\startup\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - e:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - e:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - e:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - e:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - e:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - e:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: SYSTRAN Lookup - e:\program files\systran\6\\GUIres.dll/lookup.js
IE: SYSTRAN Translate - e:\program files\systran\6\\GUIres.dll/translate.js
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - e:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - e:\progra~1\micros~3\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/fl ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg9\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - e:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\barry\applic~1\mozilla\firefox\profiles\hwpdatzi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.proz.com/?sp=index
FF - plugin: e:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: e:\documents and settings\barry\application data\mozilla\firefox\profiles\hwpdatzi.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
user_pref(network.http.accept.default,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5,application/x-tsmxml);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2009-10-26 64288]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);e:\windows\system32\drivers\tdrpm251.sys [2009-11-5 902432]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [2010-1-5 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;e:\windows\system32\drivers\avgmfx86.sys [2010-1-5 28424]
R1 AvgTdiX;AVG Free Network Redirector;e:\windows\system32\drivers\avgtdix.sys [2010-1-5 360584]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;e:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 afcdpsrv;Acronis Nonstop Backup service;e:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-11-5 2326920]
R2 avg9wd;AVG Free WatchDog;e:\program files\avg\avg9\avgwdsvc.exe [2010-1-5 285392]
R2 Kilgray: MemoQ update permissions manager. 978527.;Kilgray: MemoQ update permissions manager. 978527.;e:\program files\kilgray\memoq\auclient.exe -permissionmanagerrun --> e:\program files\kilgray\memoq\AUClient.exe -PermissionManagerRun [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;e:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;e:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-9 47640]
R2 Printer Control;Printer Control;e:\windows\system32\PrintCtrl.exe [2010-1-15 77824]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);e:\program files\microsoft sql server\msrs10.sqlexpress\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 afcdp;afcdp;e:\windows\system32\drivers\afcdp.sys [2009-11-5 159168]
R3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S2 NewServiceInstall1;NewServiceInstall1;e:\program files\sdl international\t2007_fl\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2009-9-26 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-7 25832]
S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [2009-11-12 8704]
S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [2009-11-12 3072]
S3 MEMSWEEP2;MEMSWEEP2;\??\e:\windows\system32\21f.tmp --> e:\windows\system32\21F.tmp [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);e:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\fdlauncher.exe [2008-7-10 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;e:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-8-11 47128]
S4 RsFx0102;RsFx0102 Driver;e:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);e:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-8-11 369688]

=============== Created Last 30 ================

2010-02-05 13:51:11 0 d-----w- e:\program files\Microsoft Web Designer Tools
2010-02-04 13:14:09 50200 ----a-w- e:\windows\system32\perf-ReportServer$SQLEXPRESS-rsctr.dll
2010-02-04 13:12:45 50200 ----a-w- e:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-02-04 13:12:36 79896 ----a-w- e:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-02-04 13:11:40 0 d-----w- e:\program files\Microsoft Analysis Services
2010-02-04 13:09:21 0 d-----w- e:\program files\common files\Merge Modules
2010-02-04 13:05:42 0 d-----w- e:\windows\system32\RsFx
2010-02-03 18:01:37 0 d-----w- e:\program files\Microsoft SQL Server
2010-02-03 18:01:31 0 d-----w- e:\program files\Microsoft Synchronization Services
2010-02-03 18:01:30 0 d-----w- e:\program files\Microsoft SQL Server Compact Edition
2010-02-02 14:54:15 0 d-----w- e:\program files\Sophos
2010-02-01 09:23:29 0 d-----w- e:\docume~1\barry\applic~1\Six-Updater
2010-02-01 09:23:14 0 d-----w- e:\documents and settings\barry\.gem
2010-02-01 09:22:39 0 d-----w- e:\program files\Six-Updater
2010-01-31 16:34:04 0 d-----w- e:\program files\YomaTools
2010-01-30 14:42:57 0 d-----w- e:\program files\TrendMicro
2010-01-30 14:14:38 0 d-----w- e:\program files\Uniblue
2010-01-30 12:58:24 0 d-----w- e:\program files\common files\DirectX
2010-01-28 20:44:15 138056 ----a-w- e:\docume~1\barry\applic~1\PnkBstrK.sys
2010-01-28 20:43:52 2434856 ----a-w- e:\windows\system32\pbsvc_bc2.exe
2010-01-28 09:31:22 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-28 09:31:14 0 d-----w- e:\program files\SUPERAntiSpyware
2010-01-28 09:31:14 0 d-----w- e:\docume~1\barry\applic~1\SUPERAntiSpyware.com
2010-01-26 12:54:20 163840 ----a-w- e:\windows\BJPSUNST.EXE
2010-01-26 12:53:29 0 ----a-w- e:\windows\OpPrintServer.INI
2010-01-26 12:52:43 0 d-----w- e:\windows\StartHtmico
2010-01-26 12:51:30 0 d-----w- e:\program files\Canon
2010-01-26 12:41:52 25856 -c--a-w- e:\windows\system32\dllcache\usbprint.sys
2010-01-26 12:41:52 25856 ----a-w- e:\windows\system32\drivers\usbprint.sys
2010-01-26 12:40:31 8704 ----a-w- e:\windows\system32\CNMVS79.DLL
2010-01-26 12:40:30 140288 ----a-w- e:\windows\system32\CNMLM79.DLL
2010-01-26 12:40:28 90112 ----a-r- e:\windows\system32\CNMCP79.exe
2010-01-26 09:38:56 0 d--h--w- e:\windows\PIF
2010-01-25 19:23:02 0 d-----w- e:\program files\Spybot - Search & Destroy
2010-01-25 19:23:02 0 d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-25 19:22:11 0 d-----w- e:\docume~1\barry\applic~1\Malwarebytes
2010-01-25 19:22:08 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 19:22:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-01-25 19:22:07 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-01-25 19:22:07 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-25 19:14:50 0 d-----w- e:\program files\Citrix
2010-01-25 19:14:25 70984 ----a-w- e:\documents and settings\barry\g2mdlhlpx.exe
2010-01-20 12:31:06 0 d-----w- e:\program files\MSECache
2010-01-20 09:23:46 0 d-----w- e:\docume~1\barry\applic~1\SDL
2010-01-20 08:55:04 0 d-----w- e:\documents and settings\barry\WebEx
2010-01-20 08:54:54 0 d-----w- e:\docume~1\barry\applic~1\WebEx
2010-01-19 19:46:58 0 d-----w- e:\program files\common files\SDL
2010-01-19 19:45:43 0 d-----w- e:\docume~1\barry\applic~1\Passolo 2009
2010-01-19 19:45:41 0 d-----w- e:\docume~1\alluse~1\applic~1\Passolo 2009
2010-01-19 19:45:20 44544 ----a-w- e:\windows\system32\msxml4a.dll
2010-01-19 19:45:17 262328 ----a-w- e:\windows\system32\msdatgrd.ocx
2010-01-19 19:45:06 0 d-----w- e:\program files\SDL Passolo 2009
2010-01-19 19:43:21 0 d-----w- e:\docume~1\alluse~1\applic~1\SDL
2010-01-19 19:43:09 0 d-----w- e:\program files\SDL
2010-01-15 18:28:01 0 d-----w- e:\docume~1\barry\applic~1\Iceni
2010-01-15 18:28:01 0 d-----w- e:\docume~1\alluse~1\applic~1\Iceni
2010-01-15 18:28:01 0 d-----w- e:\docume~1\alluse~1\applic~1\Aspell
2010-01-15 18:27:59 0 d-----w- e:\program files\Iceni
2010-01-15 18:27:59 0 d-----w- e:\docume~1\barry\applic~1\Aspell
2010-01-14 10:27:25 0 d-----w- e:\program files\Bonjour
2010-01-12 19:46:46 471552 -c----w- e:\windows\system32\dllcache\aclayers.dll
2010-01-12 09:15:21 0 d-----w- e:\docume~1\barry\applic~1\Crayon Physics Deluxe
2010-01-09 22:17:33 0 d-----w- e:\program files\THQ
2010-01-07 22:07:48 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-01-07 10:02:54 0 d-----w- e:\documents and settings\barry\.rainlendar2
2010-01-07 10:02:42 0 d-----w- e:\program files\Rainlendar2

==================== Find3M ====================

2010-02-04 22:24:52 138504 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-02-04 22:24:41 214488 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-02-04 09:59:22 200296 ----a-w- e:\windows\fonts\AdobeFnt09.lst
2010-01-28 20:43:52 75064 ----a-w- e:\windows\system32\PnkBstrA.exe
2010-01-27 13:38:28 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-01-14 10:44:57 220296 ----a-w- e:\windows\fonts\HelveticaNeueLTCom-LtIt.ttf
2010-01-14 10:43:59 89160 ----a-w- e:\windows\fonts\HelveticaNeueLTCom-ExO.ttf
2010-01-05 07:50:27 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-01-05 07:36:36 12464 ----a-w- e:\windows\system32\avgrsstx.dll
2010-01-05 07:36:35 360584 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-01-05 07:36:32 333192 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-01-01 20:33:35 2373712 ----a-w- e:\windows\system32\pbsvc.exe
2009-12-22 05:21:05 667136 ----a-w- e:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ----a-w- e:\windows\system32\ieencode.dll
2009-11-29 13:50:55 444952 ----a-w- e:\windows\system32\wrap_oal.dll
2009-11-29 13:50:55 109080 ----a-w- e:\windows\system32\OpenAL32.dll
2009-11-17 10:21:43 878080 ----a-w- e:\windows\system32\iconv.dll
2009-11-17 10:21:43 721920 ----a-w- e:\windows\system32\libxml2.dll
2009-11-17 10:21:43 51200 ----a-w- e:\windows\system32\libexslt.dll
2009-11-17 10:21:43 150016 ----a-w- e:\windows\system32\libxslt.dll
2009-11-16 18:27:35 19288 ----a-w- e:\docume~1\barry\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 18:43:43.59 ===============

ATTACH


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 26/09/2009 08:33:53
System Uptime: 02/05/2010 11:54:39 (-2057 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | P55-GD65 (MS-7583)
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2613/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 168.598 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 195 GiB total, 74.882 GiB free.
F: is FIXED (NTFS) - 736 GiB total, 175.632 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 418.114 GiB free.
H: is CDROM (UDF)
I: is CDROM (CDFS)
J: is FIXED (NTFS) - 466 GiB total, 295.121 GiB free.
K: is CDROM ()
L: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75831462&REV_03\4&2046277B&0&00E0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75831462&REV_03\4&2046277B&0&00E0
Service: RTLE8023xp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AAC Decoder
ABBYY FineReader 9.0 Professional Edition
Acronis True Image Home
Act of War: Direct Action
Ad-Aware
Addon Sync 2009
Adobe Acrobat 7.0 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Altitude 1.0.0
Amazon MP3 Downloader 1.0.8
ATI Catalyst Install Manager
ATI Display Driver
ATI Parental Control & Encoder
µTorrent
AutoUpdate
AVG Free 9.0
Battlefield 2142
Battlefield Bad Company 2 - BETA
Beyond Good and Evil
Broken Sword: The Sleeping Dragon
Call of Juarez - Bound in Blood
Canon iP5200
Canon PhotoRecord
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
Connect
ConvertXtoDVD 3.8.0.193j
Counter-Strike: Source
Crayon Physics Deluxe - release 53
Crysis
Crysis Warhead
Crysis Wars
Curse Client
Darwinia
Defense Grid: The Awakening
Dell Driver Download Manager
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Dragon Age: Origins
EA Download Manager
EA Installer
EA Shared Game Component: Activation
EASEUS Partition Master 3.0.2 Professional
Easy-WebPrint
EasyRecovery DataRecovery Trial
EXPERTool ATI 4.0
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.0.0526
Freedom Force
Freedom Force vs. the 3rd Reich
FreeSpace 2
Frontlines: Fuel of War
Full Spectrum Warrior: Ten Hammers
Galactic Civilizations II - Ultimate Edition
GetDataBack FAT NTFS 4.0.0
Ghostbusters
GOG.com Downloader
Google Earth
Google Update Helper
GPGNet
GpsViewer
Grand Theft Auto IV
H.264 Decoder
Half-Life 2: Deathmatch
Handy Recovery 4.0
High Definition Audio Driver Package - KB888111
HiJackThis
HOLUX GPS USB DEVICE
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Impulse
Indigo Prophecy
Infix 4.05
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 14
Java(TM) 6 Update 17
Juiced 2: Hot Import Nights
KhalInstallWrapper
Killing Floor
kuler
Left 4 Dead 2 Add-on Support
Logitech GamePanel Software 3.02.173
Logitech Registration
Logitech SetPoint
LogMeIn
Machinarium
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Medieval II: Total War
MemoQ 3.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Platform Installer 2.0
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MKV Splitter
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Multiwinia
NCsoft Launcher
Neverwinter Nights Platinum Edition
NVIDIA PhysX
O&O Defrag Professional Edition
Oddworld: Abe's Exoddus
Oddworld: Abe's Oddysee
OpenAL
PartitionMagic
PDF Settings CS4
Photoshop Camera Raw
Power Data Recovery 4.1.1
PowerQuest PartitionMagic 8.0
Psychonauts
PunkBuster Services
Quake Live Mozilla Plugin
Rainlendar2 (remove only)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Red Faction II
Red Faction: Guerrilla
Saints Row 2
SDL Passolo 2009 Essential SR3
SDL Trados 2007 Freelance
SDL Trados Studio 2009 SP1
SDLX
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Shadowgrounds
Shadowgrounds Survivor
Sins of a Solar Empire
Six Updater Suite
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
STALKER: Clear Sky
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
Supreme Commander
Supreme Commander - Forged Alliance
SYSTRAN
Tesco Download Manager
Titan Quest
Titan Quest: Immortal Throne
TmUnitedForever
Torchlight
Uniblue ProcessScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WebEx
WebFldrs XP
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
WinX DVD Ripper Platinum 5.1.1
World of Warcraft
Xtreme-G 9.11 XP32 AGP
Zombie Shooter

==== Event Viewer Messages From Past Week ========

31/01/2010 16:52:45, error: MRxSmb [8003] - The master browser has received a server announcement from the computer GATEWAY-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E34522B1-7CC5. The master browser is stopping or an election is being forced.
31/01/2010 13:32:47, error: Print [6161] - The document Best-ever brownies recipe -... owned by Barry failed to print on printer Canon iP5200. Data type: NT EMF 1.008. Size of the spool file in bytes: 1692964. Number of bytes printed: 1692964. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\YOUR-F5195DC0D4. Win32 error code returned by the print processor: 6 (0x6).
31/01/2010 13:31:13, error: Print [6161] - The document Best-ever brownies recipe -... owned by Barry failed to print on printer Canon iP5200. Data type: NT EMF 1.008. Size of the spool file in bytes: 1418048. Number of bytes printed: 963032. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\YOUR-F5195DC0D4. Win32 error code returned by the print processor: 0 (0x0).
29/01/2010 17:11:45, error: MRxSmb [8003] - The master browser has received a server announcement from the computer NAT-NEWDELL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E34522B1-7CC5-43. The master browser is stopping or an election is being forced.
29/01/2010 13:04:47, error: Print [6161] - The document Freelancer_International_FR.pdf owned by Barry failed to print on printer Canon iP5200. Data type: NT EMF 1.008. Size of the spool file in bytes: 416212. Number of bytes printed: 26804. Total number of pages in the document: 4. Number of pages printed: 0. Client machine: \\YOUR-F5195DC0D4. Win32 error code returned by the print processor: 0 (0x0).
29/01/2010 08:00:40, error: Service Control Manager [7000] - The NewServiceInstall1 service failed to start due to the following error: %1 is not a valid Win32 application.
05/02/2010 08:19:22, error: Service Control Manager [7022] - The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.
02/02/2010 14:04:51, error: Print [6161] - The document Microsoft Word - Candidature spontanée.doc owned by Barry failed to print on printer Canon iP5200. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 46832. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\YOUR-F5195DC0D4. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 6th, 2010, 2:43 pm

Hi

Brood wrote:I will have to run gmer again tonight while I'm in bed as it still hadn't finished after 5 hours of running today and I need to do some work!

OK, please try running OTL as follows:

1 - System Scan
Please download OTL (by OldTimer) from >here< and save it to your Desktop
  • Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Double click on the OTL icon to run it. Keep all other windows closed and let OTL run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Minimal Output is selected.
  • Under the Standard Registry box change it to All.
  • Check/tick the boxes beside LOP Check and Purity Check.
  • Highlight the following bold text with your mouse and press Ctrl + C on your keyboard:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  • Click under the Custom Scan box and press Ctrl + V on your keyboard to paste the above.
  • Click the Run Scan button. The scan won't take long.
  • When the scan completes, it will open two Notepad windows - OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • In Notepad with OTL.txt, click Edit > Select all then Edit > Copy
  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log
  • Submit your reply and close the Notepad window with OTL.txt
  • Also OTL's Extras.txt log file will be minimised in the Taskbar (and located on your Desktop) - click on this and maximise the window
  • In Notepad, click Edit > Select all then Edit > Copy
  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log
Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 7th, 2010, 5:19 am

I tried gmer again overnight, but it froze my whole system and wouldn't allow me to save the results. Do you want me to try it again?

Results from OTL

OTL logfile created on: 07/02/2010 09:47:50 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = E:\Documents and Settings\Barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 465.75 Gb Total Space | 168.54 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 2.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 195.31 Gb Total Space | 74.84 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
Drive F: | 736.19 Gb Total Space | 175.63 Gb Free Space | 23.86% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 418.11 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
Drive H: | 1.59 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 347.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 465.75 Gb Total Space | 295.12 Gb Free Space | 63.36% Space Free | Partition Type: NTFS

Computer Name: YOUR-F5195DC0D4
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Documents and Settings\Barry\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\WINDOWS\system32\PnkBstrA.exe ()
PRC - E:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Steam\Steam.exe (Valve Corporation)
PRC - E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - E:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - E:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - E:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - E:\Program Files\Kilgray\MemoQ\AUClient.exe ()
PRC - E:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
PRC - E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - E:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - E:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
PRC - E:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - E:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - E:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation)
PRC - E:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
PRC - E:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - E:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)


========== Modules (SafeList) ==========

MOD - E:\Documents and Settings\Barry\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\Documents and Settings\Barry\Local Settings\Application Data\esentclbClient\esentclbClient.dll ()
MOD - E:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - E:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PnkBstrA) -- E:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (avg9wd) -- E:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gupdate) Google Update Service (gupdate) -- E:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (afcdpsrv) -- E:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (JavaQuickStarterService) -- E:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LMIMaint) -- E:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (AcrSch2Svc) -- E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Kilgray: MemoQ update permissions manager. 978527.) -- E:\Program Files\Kilgray\MemoQ\AUClient.exe ()
SRV - (Ati HotKey Poller) -- E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- E:\WINDOWS\system32\ati2sgag.exe ()
SRV - (DAUpdaterSvc) -- E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (LBTServ) -- E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Printer Control) -- E:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- E:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- E:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- E:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (LogMeIn) -- E:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (msvsmon90) -- C:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (SQLWriter) -- E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- E:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (ReportServer$SQLEXPRESS) SQL Server Reporting Services (SQLEXPRESS) -- E:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation)
SRV - (MSSQLFDLauncher$SQLEXPRESS) SQL Full-text Filter Daemon Launcher (SQLEXPRESS) -- E:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- E:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (O&O Defrag) -- E:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (NewServiceInstall1) -- E:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()
SRV - (ose) -- E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- E:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (IDriverT) -- E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- E:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- E:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- E:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASENUM) -- E:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (afcdp) -- E:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- E:\WINDOWS\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- E:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- E:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (pcouffin) -- E:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (LMIRfsClientNP) -- E:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (Lbd) -- E:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LMouFilt) -- E:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- E:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (mcdbus) -- E:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (epmntdrv) -- E:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- E:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (adfs) -- E:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LMIRfsDriver) -- E:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- E:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- E:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (Ambfilt) -- E:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RsFx0102) -- E:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (PxHelp20) -- E:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (usb_rndisx) -- E:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (Secdrv) -- E:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Monfilt) -- E:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (PQNTDrv) -- E:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Ptilink) -- E:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.proz.com/?sp=index"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.45
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/28 14:52:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Program Files\AVG\AVG9\Firefox [2010/01/05 08:36:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/13 11:13:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/01/29 18:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/01/20 09:54:53 | 000,000,000 | ---D | M]

[2009/10/08 08:22:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Mozilla\Extensions
[2009/10/08 08:22:21 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Barry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/06 13:34:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions
[2009/10/08 09:26:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/30 15:06:34 | 000,000,000 | ---D | M] (Flashblock) -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/05 17:58:32 | 000,000,000 | ---D | M] (NoScript) -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/16 12:59:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/12/19 10:11:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\foxyproxy@eric.h.jung
[2009/11/21 14:08:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\hwpdatzi.default\extensions\LogMeInClient@logmein.com
[2010/02/06 13:34:17 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2010/01/06 20:14:54 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/19 20:46:30 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/13 11:13:21 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/04 11:19:41 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/06 20:14:51 | 000,023,512 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/06 20:14:51 | 000,137,176 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/20 09:54:25 | 000,027,960 | ---- | M] (WebEx Communications, Inc) -- E:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/01/20 09:54:26 | 000,126,344 | ---- | M] (WebEx Communications, Inc) -- E:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/09/25 17:41:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2010/01/20 09:54:24 | 000,060,808 | ---- | M] (WebEx Communications, Inc) -- E:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/10/11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 17:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 17:41:34 | 000,098,304 | ---- | M] (DivX, Inc) -- E:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2010/01/06 20:14:52 | 000,064,984 | ---- | M] (mozilla.org) -- E:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 11:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/25 17:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,002,193 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/17 10:53:27 | 000,002,204 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,001,534 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,002,371 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 000,001,178 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/01/25 20:28:09 | 000,373,619 | R--- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12877 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SYSTRAN Toolbar) - {95daa571-4def-4a6d-97d8-98a346672a24} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] E:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easy-PrintToolBox] E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ISUSPM] E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [PrintDisp] E:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RTHDCPL] E:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [esentclbClient] File not found
O4 - HKCU..\Run: [H/PC Connection Agent] E:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Rainlendar2] E:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Steam] c:\steam\steam.exe (Valve Corporation)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = E:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: E:\Documents and Settings\Barry\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - E:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - E:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - E:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - E:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: SYSTRAN Lookup - E:\Program Files\SYSTRAN\6\GUIres.dll ()
O8 - Extra context menu item: SYSTRAN Translate - E:\Program Files\SYSTRAN\6\GUIres.dll ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/fl ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - E:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - E:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - E:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - E:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - E:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - E:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - E:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - E:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - e:\program files\common files\logitech\bluetooth\LBTWlgn.dll - e:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - E:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - E:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: E:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - E:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - E:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - E:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/18 21:25:50 | 000,061,640 | R--- | M] (Stardock Entertainment, Inc.) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/01/18 21:25:50 | 000,000,079 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/26 07:32:27 | 000,000,000 | ---- | M] () - M:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (OODBS) - E:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - E:\WINDOWS\system32\ias [2009/09/26 00:17:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/02/06 20:03:35 | 000,549,376 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Barry\Desktop\OTL.exe
[2010/02/05 17:45:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Desktop\Leatrix Latency Fix 1.18
[2010/02/05 14:51:11 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Web Designer Tools
[2010/02/05 14:50:52 | 000,000,000 | RH-D | C] -- E:\MSOCache
[2010/02/04 18:45:04 | 000,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/04 14:14:09 | 000,050,200 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\perf-ReportServer$SQLEXPRESS-rsctr.dll
[2010/02/04 14:13:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Integration Services Script Component
[2010/02/04 14:13:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Integration Services Script Task
[2010/02/04 14:12:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\SQL Server Management Studio
[2010/02/04 14:12:45 | 000,050,200 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
[2010/02/04 14:12:36 | 000,079,896 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
[2010/02/04 14:11:40 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Analysis Services
[2010/02/04 14:09:21 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Merge Modules
[2010/02/04 14:05:42 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\RsFx
[2010/02/04 14:04:59 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Visual Studio 9.0
[2010/02/04 13:27:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\Temporary Projects
[2010/02/04 13:19:51 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\windowspowershell
[2010/02/03 19:01:37 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft SQL Server
[2010/02/03 19:01:31 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Synchronization Services
[2010/02/03 19:01:30 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft SQL Server Compact Edition
[2010/02/03 19:00:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Visual Studio 2008
[2010/02/03 19:00:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\Microsoft Help
[2010/02/03 18:59:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/03 18:59:24 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft SDKs
[2010/02/02 15:54:15 | 000,000,000 | ---D | C] -- E:\Program Files\Sophos
[2010/02/01 10:23:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Six-Updater
[2010/02/01 10:23:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\.gem
[2010/02/01 10:22:39 | 000,000,000 | ---D | C] -- E:\Program Files\Six-Updater
[2010/01/31 17:34:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\Yoma_Tools
[2010/01/31 17:34:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\ArmaAddonSync2009
[2010/01/31 17:34:04 | 000,000,000 | ---D | C] -- E:\Program Files\YomaTools
[2010/01/30 15:42:57 | 000,000,000 | ---D | C] -- E:\Program Files\TrendMicro
[2010/01/30 15:14:38 | 000,000,000 | ---D | C] -- E:\Program Files\Uniblue
[2010/01/30 13:58:24 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\DirectX
[2010/01/30 13:58:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Overlord
[2010/01/30 00:15:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ATI
[2010/01/28 23:12:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\BFBC2Beta
[2010/01/28 10:31:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/28 10:31:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\SUPERAntiSpyware.com
[2010/01/28 10:31:14 | 000,000,000 | ---D | C] -- E:\Program Files\SUPERAntiSpyware
[2010/01/26 14:19:30 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/26 13:54:20 | 000,163,840 | ---- | C] (CANON INC.) -- E:\WINDOWS\BJPSUNST.EXE
[2010/01/26 13:52:43 | 000,000,000 | ---D | C] -- E:\WINDOWS\StartHtmico
[2010/01/26 13:51:30 | 000,000,000 | ---D | C] -- E:\Program Files\Canon
[2010/01/26 13:41:52 | 000,025,856 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\usbprint.sys
[2010/01/26 13:40:30 | 000,140,288 | ---- | C] (CANON INC.) -- E:\WINDOWS\System32\CNMLM79.DLL
[2010/01/26 13:40:28 | 000,090,112 | R--- | C] (CANON INC.) -- E:\WINDOWS\System32\CNMCP79.exe
[2010/01/26 13:38:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Desktop\printer
[2010/01/26 10:39:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Desktop\font
[2010/01/26 10:38:56 | 000,000,000 | -H-D | C] -- E:\WINDOWS\PIF
[2010/01/25 20:23:02 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2010/01/25 20:23:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/25 20:22:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Malwarebytes
[2010/01/25 20:22:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/25 20:22:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/01/25 20:22:07 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010/01/25 20:22:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/25 20:19:46 | 000,050,688 | ---- | C] (Atribune.org) -- E:\Documents and Settings\Barry\Desktop\ATF-Cleaner.exe
[2010/01/25 20:14:50 | 000,000,000 | ---D | C] -- E:\Program Files\Citrix
[2010/01/25 13:22:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Translation E-Book
[2010/01/20 13:31:06 | 000,000,000 | ---D | C] -- E:\Program Files\MSECache
[2010/01/20 10:24:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\SDL
[2010/01/20 10:23:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\SDL
[2010/01/20 09:55:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\WebEx
[2010/01/20 09:54:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\WebEx
[2010/01/20 09:54:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\WebEx
[2010/01/19 20:46:58 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\SDL
[2010/01/19 20:45:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Passolo 2009
[2010/01/19 20:45:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Passolo 2009
[2010/01/19 20:45:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Passolo 2009
[2010/01/19 20:45:32 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft.NET
[2010/01/19 20:45:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\msxml4a.dll
[2010/01/19 20:45:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Documents\Passolo 2009
[2010/01/19 20:45:17 | 000,262,328 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\msdatgrd.ocx
[2010/01/19 20:45:06 | 000,000,000 | ---D | C] -- E:\Program Files\SDL Passolo 2009
[2010/01/19 20:43:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\SDL
[2010/01/19 20:43:09 | 000,000,000 | ---D | C] -- E:\Program Files\SDL
[2010/01/19 10:17:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Desktop\FR-EN TRANSLATION COURSE
[2010/01/18 11:38:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\Iceni
[2010/01/15 19:28:44 | 000,888,832 | ---- | C] (ActMask http://www.all2pdf.com) -- E:\WINDOWS\System32\SaveTo.dll
[2010/01/15 19:28:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- E:\WINDOWS\System32\CPDF.dll
[2010/01/15 19:28:16 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- E:\WINDOWS\System32\PrintDisp.exe
[2010/01/15 19:28:16 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- E:\WINDOWS\System32\PrintCtrl.exe
[2010/01/15 19:28:11 | 000,000,000 | RHSD | C] -- E:\Documents and Settings\All Users\Application Data\Temp
[2010/01/15 19:28:07 | 001,700,352 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\gdiplus.dll
[2010/01/15 19:28:07 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- E:\WINDOWS\System32\PrtClient.exe
[2010/01/15 19:28:07 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- E:\WINDOWS\System32\SetupDrv.exe
[2010/01/15 19:28:07 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- E:\WINDOWS\System32\PrtTools.exe
[2010/01/15 19:28:07 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- E:\WINDOWS\System32\SetPrinter.exe
[2010/01/15 19:28:07 | 000,000,000 | ---D | C] -- E:\WINDOWS\Infix PDF
[2010/01/15 19:28:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Iceni
[2010/01/15 19:28:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Iceni
[2010/01/15 19:28:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Aspell
[2010/01/15 19:27:59 | 000,000,000 | ---D | C] -- E:\Program Files\Iceni
[2010/01/15 19:27:59 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Aspell
[2010/01/15 19:27:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\esentclbClient
[2010/01/14 11:27:25 | 000,000,000 | ---D | C] -- E:\Program Files\Bonjour
[2010/01/13 01:43:22 | 000,017,272 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\spmsg.dll
[2010/01/12 20:46:46 | 000,471,552 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 13:02:24 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Silverlight
[2010/01/12 13:02:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Desktop\Adobe
[2010/01/12 10:16:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\My Documents\Crayon Physics Deluxe
[2010/01/12 10:15:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Application Data\Crayon Physics Deluxe
[2010/01/09 23:17:33 | 000,000,000 | ---D | C] -- E:\Program Files\THQ
[2010/01/09 13:52:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Barry\Local Settings\Application Data\Gas Powered Games
[2010/01/05 08:34:36 | 000,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/05 08:34:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/05 08:34:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/26 14:39:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/26 14:34:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/09 12:21:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/10/16 11:41:44 | 000,047,360 | ---- | C] (VSO Software) -- E:\Documents and Settings\Barry\Application Data\pcouffin.sys
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[1 E:\Documents and Settings\Barry\My Documents\*.tmp files -> E:\Documents and Settings\Barry\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/07 09:46:51 | 055,199,147 | ---- | M] () -- E:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/07 09:39:00 | 000,000,884 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/07 08:49:08 | 000,000,604 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/07 08:43:25 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/07 08:43:24 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/07 08:41:53 | 000,002,335 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/07 08:41:37 | 000,000,880 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/07 08:40:51 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/02/07 08:40:44 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/02/07 08:40:24 | 000,176,226 | ---- | M] () -- E:\WINDOWS\System32\oodbs.lor
[2010/02/07 00:28:23 | 000,004,096 | ---- | M] () -- E:\WINDOWS\System32\crash
[2010/02/06 20:03:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Barry\Desktop\OTL.exe
[2010/02/06 15:32:09 | 000,138,504 | ---- | M] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/02/06 15:31:58 | 000,214,488 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrB.xtr
[2010/02/06 15:31:58 | 000,214,488 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrB.exe
[2010/02/06 13:04:51 | 000,801,516 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\PUR-120703-9_Order_documents.zip
[2010/02/06 09:36:56 | 000,000,654 | ---- | M] () -- E:\WINDOWS\win.ini
[2010/02/06 09:36:56 | 000,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010/02/05 23:57:19 | 010,485,760 | -H-- | M] () -- E:\Documents and Settings\Barry\NTUSER.DAT
[2010/02/05 23:57:19 | 000,000,278 | -HS- | M] () -- E:\Documents and Settings\Barry\ntuser.ini
[2010/02/05 23:43:17 | 000,001,915 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/05 21:49:18 | 000,137,216 | ---- | M] () -- E:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 18:55:38 | 002,624,872 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/05 18:43:02 | 000,524,288 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\dds.scr
[2010/02/05 18:42:57 | 000,293,376 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\mvjvsng3.exe
[2010/02/05 14:52:47 | 000,052,352 | ---- | M] () -- E:\Documents and Settings\Barry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/05 14:46:22 | 016,243,229 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\531_TC1_Sub1_IntroPlateauAdmin_V05_B01.pdf
[2010/02/05 11:33:02 | 000,628,254 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/05 11:33:02 | 000,516,672 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/02/05 11:33:02 | 000,099,798 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/02/04 14:33:55 | 000,659,603 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\00-WebDevIntro-lab.zip
[2010/02/03 19:02:00 | 000,001,355 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010/02/03 12:42:01 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010/02/03 09:39:37 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/02/01 14:25:34 | 000,026,624 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\About me.doc
[2010/02/01 10:50:08 | 000,012,610 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\IMG_2217.jpg
[2010/01/30 14:58:59 | 000,725,628 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\passport.JPG
[2010/01/28 23:43:05 | 003,177,662 | -H-- | M] () -- E:\Documents and Settings\Barry\Local Settings\Application Data\IconCache.db
[2010/01/28 21:47:42 | 000,001,494 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Battlefield Bad Company 2 - BETA.lnk
[2010/01/28 21:44:15 | 000,138,056 | ---- | M] () -- E:\Documents and Settings\Barry\Application Data\PnkBstrK.sys
[2010/01/28 21:43:52 | 002,434,856 | ---- | M] () -- E:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/28 21:43:52 | 000,075,064 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrA.exe
[2010/01/28 14:14:29 | 000,072,192 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\Nathalie Warner CV_EN.doc
[2010/01/27 14:38:28 | 000,015,880 | ---- | M] () -- E:\WINDOWS\System32\lsdelete.exe
[2010/01/27 13:33:42 | 000,019,968 | ---- | M] () -- E:\Documents and Settings\Barry\My Documents\Staying in France.doc
[2010/01/26 13:53:29 | 000,000,000 | ---- | M] () -- E:\WINDOWS\OpPrintServer.INI
[2010/01/25 20:28:09 | 000,373,619 | R--- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010/01/25 20:19:46 | 000,050,688 | ---- | M] (Atribune.org) -- E:\Documents and Settings\Barry\Desktop\ATF-Cleaner.exe
[2010/01/25 20:14:26 | 000,070,984 | ---- | M] () -- E:\Documents and Settings\Barry\g2mdlhlpx.exe
[2010/01/20 09:21:57 | 000,142,495 | ---- | M] () -- E:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 09:52:20 | 000,007,791 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\Nat-Profile.jpg
[2010/01/10 21:47:49 | 000,000,882 | ---- | M] () -- E:\Documents and Settings\Barry\Desktop\World of Warcraft Installer.lnk
[2010/01/10 10:22:12 | 000,002,027 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Steam.lnk
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[1 E:\Documents and Settings\Barry\My Documents\*.tmp files -> E:\Documents and Settings\Barry\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/06 13:04:49 | 000,801,516 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\PUR-120703-9_Order_documents.zip
[2010/02/05 23:43:17 | 000,001,915 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/05 20:25:13 | 016,243,229 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\531_TC1_Sub1_IntroPlateauAdmin_V05_B01.pdf
[2010/02/05 18:43:01 | 000,524,288 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\dds.scr
[2010/02/05 18:42:57 | 000,293,376 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\mvjvsng3.exe
[2010/02/04 14:33:55 | 000,659,603 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\00-WebDevIntro-lab.zip
[2010/02/02 12:50:16 | 000,072,192 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\Nathalie Warner CV_EN.doc
[2010/02/01 12:15:13 | 000,026,624 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\About me.doc
[2010/02/01 10:50:08 | 000,012,610 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\IMG_2217.jpg
[2010/01/30 15:00:56 | 000,725,628 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\passport.JPG
[2010/01/28 21:47:42 | 000,001,494 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Battlefield Bad Company 2 - BETA.lnk
[2010/01/28 21:44:15 | 000,138,056 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\PnkBstrK.sys
[2010/01/28 21:43:52 | 002,434,856 | ---- | C] () -- E:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/27 13:33:41 | 000,019,968 | ---- | C] () -- E:\Documents and Settings\Barry\My Documents\Staying in France.doc
[2010/01/26 13:53:29 | 000,000,000 | ---- | C] () -- E:\WINDOWS\OpPrintServer.INI
[2010/01/26 13:40:31 | 000,008,704 | ---- | C] () -- E:\WINDOWS\System32\CNMVS79.DLL
[2010/01/25 20:14:25 | 000,070,984 | ---- | C] () -- E:\Documents and Settings\Barry\g2mdlhlpx.exe
[2010/01/25 17:29:06 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/25 17:29:06 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/25 17:29:06 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/25 17:29:06 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/19 09:52:20 | 000,007,791 | ---- | C] () -- E:\Documents and Settings\Barry\Desktop\Nat-Profile.jpg
[2010/01/15 19:28:44 | 001,391,616 | ---- | C] () -- E:\WINDOWS\System32\ActPDF.dll
[2010/01/15 19:28:07 | 000,691,200 | ---- | C] () -- E:\WINDOWS\System32\PrintLog.exe
[2010/01/15 19:28:07 | 000,524,288 | ---- | C] () -- E:\WINDOWS\System32\PrtPass.exe
[2010/01/15 19:28:07 | 000,097,016 | ---- | C] () -- E:\WINDOWS\System32\Cancel.wav
[2010/01/15 19:28:07 | 000,010,398 | ---- | C] () -- E:\WINDOWS\System32\START.WAV
[2010/01/15 19:28:07 | 000,004,486 | ---- | C] () -- E:\WINDOWS\System32\FINISH.WAV
[2009/12/29 23:49:13 | 000,138,504 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/14 21:21:06 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\$_hpcst$.hpc
[2009/12/11 14:35:19 | 000,000,401 | ---- | C] () -- E:\WINDOWS\MD.INI
[2009/12/05 11:28:12 | 000,722,416 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2009/11/17 11:46:02 | 000,036,352 | ---- | C] () -- E:\WINDOWS\System32\SX32W.DLL
[2009/11/17 11:30:04 | 000,000,128 | ---- | C] () -- E:\Documents and Settings\Barry\Local Settings\Application Data\fusioncache.dat
[2009/11/17 11:18:06 | 000,878,080 | ---- | C] () -- E:\WINDOWS\System32\iconv.dll
[2009/11/17 11:18:06 | 000,721,920 | ---- | C] () -- E:\WINDOWS\System32\libxml2.dll
[2009/11/17 11:18:06 | 000,150,016 | ---- | C] () -- E:\WINDOWS\System32\libxslt.dll
[2009/11/17 11:18:06 | 000,051,200 | ---- | C] () -- E:\WINDOWS\System32\libexslt.dll
[2009/11/14 17:43:59 | 000,000,000 | ---- | C] () -- E:\WINDOWS\oodcnt.INI
[2009/11/12 16:58:59 | 000,093,184 | ---- | C] () -- E:\WINDOWS\System32\Partition.dll
[2009/11/12 16:58:59 | 000,086,528 | ---- | C] () -- E:\WINDOWS\System32\NTFSLib.dll
[2009/11/12 16:58:59 | 000,086,016 | ---- | C] () -- E:\WINDOWS\System32\ResizeNTFS.dll
[2009/11/12 16:58:59 | 000,017,920 | ---- | C] () -- E:\WINDOWS\System32\SectorCopy.dll
[2009/11/12 16:58:58 | 000,472,064 | ---- | C] () -- E:\WINDOWS\System32\NTFSFormat.dll
[2009/11/12 16:58:58 | 000,139,776 | ---- | C] () -- E:\WINDOWS\System32\NTFSCopy.dll
[2009/11/12 16:58:58 | 000,061,952 | ---- | C] () -- E:\WINDOWS\System32\FatResizeMove.dll
[2009/11/12 16:58:58 | 000,045,568 | ---- | C] () -- E:\WINDOWS\System32\FileSystemCheck.dll
[2009/11/12 16:58:58 | 000,031,744 | ---- | C] () -- E:\WINDOWS\System32\FatLib.dll
[2009/11/12 16:58:58 | 000,024,576 | ---- | C] () -- E:\WINDOWS\System32\NTFSFileSystemAnalyser.dll
[2009/11/12 16:58:58 | 000,021,504 | ---- | C] () -- E:\WINDOWS\System32\Fixup.dll
[2009/11/12 16:58:58 | 000,014,848 | ---- | C] () -- E:\WINDOWS\System32\FileSystemAnalyser.dll
[2009/11/12 16:58:57 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\DeviceManager.dll
[2009/11/12 16:58:57 | 000,068,096 | ---- | C] () -- E:\WINDOWS\System32\Device.dll
[2009/11/12 16:58:57 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\FatCopy.dll
[2009/11/12 16:58:57 | 000,025,088 | ---- | C] () -- E:\WINDOWS\System32\FATFileSystemAnalyser.dll
[2009/11/12 16:58:57 | 000,022,016 | ---- | C] () -- E:\WINDOWS\System32\FatFormat.dll
[2009/11/12 16:58:57 | 000,014,848 | ---- | C] () -- E:\WINDOWS\System32\EuEpmGdi.dll
[2009/11/12 16:58:57 | 000,010,752 | ---- | C] () -- E:\WINDOWS\System32\DeviceAdapter.dll
[2009/11/12 16:58:56 | 000,008,704 | ---- | C] () -- E:\WINDOWS\System32\epmntdrv.sys
[2009/11/12 16:58:56 | 000,006,656 | ---- | C] () -- E:\WINDOWS\System32\CallbackOperator.dll
[2009/11/12 16:58:56 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\EuGdiDrv.sys
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
[2009/10/16 13:00:06 | 000,000,028 | ---- | C] () -- E:\WINDOWS\v2d.INI
[2009/10/16 11:41:54 | 000,001,044 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\vso_ts_preview.xml
[2009/10/16 11:41:48 | 000,000,034 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\pcouffin.log
[2009/10/16 11:41:44 | 000,087,608 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\inst.exe
[2009/10/16 11:41:44 | 000,007,887 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\pcouffin.cat
[2009/10/16 11:41:44 | 000,001,144 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\pcouffin.inf
[2009/10/08 13:58:19 | 001,494,728 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/29 09:05:16 | 000,000,111 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/28 08:49:43 | 000,137,216 | ---- | C] () -- E:\Documents and Settings\Barry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 08:49:15 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2009/09/26 08:05:38 | 000,000,760 | ---- | C] () -- E:\Documents and Settings\Barry\Application Data\setup_ldm.iss
[2009/09/26 07:39:18 | 000,073,728 | R--- | C] () -- E:\WINDOWS\System32\RtNicProp32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- E:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- E:\WINDOWS\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2009/11/23 10:41:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1.0.0.0
[2009/10/14 09:23:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\2DBoy
[2009/11/05 10:39:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/05 08:36:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\avg9
[2009/11/06 16:30:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\BioWare
[2010/01/26 14:19:30 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/05 14:16:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/11/06 16:28:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/01 18:45:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Gamerizon
[2010/01/02 19:48:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\GARMIN
[2010/01/15 19:28:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Iceni
[2010/01/01 21:33:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\id Software
[2009/11/09 12:21:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/11 10:33:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MemoQ
[2010/01/19 20:45:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Passolo 2009
[2010/01/19 20:47:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\SDL
[2009/11/18 13:30:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\SDL International
[2009/12/18 20:57:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Stardock
[2010/01/28 10:41:16 | 000,000,000 | RHSD | M] -- E:\Documents and Settings\All Users\Application Data\Temp
[2009/11/30 13:17:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TrackMania
[2009/10/16 12:01:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/07 13:31:03 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2009/12/18 20:57:51 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
[2009/10/26 08:27:38 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/11/23 10:41:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\1.0.0.0
[2009/11/17 09:32:46 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Acronis
[2009/12/21 18:02:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2010/01/12 10:17:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Crayon Physics Deluxe
[2009/12/05 11:28:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\DAEMON Tools Pro
[2010/01/02 19:48:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\GARMIN
[2009/10/16 11:41:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\GetRightToGo
[2010/01/15 19:28:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Iceni
[2010/01/01 21:35:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\id Software
[2009/09/26 07:57:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Leadertech
[2010/01/11 10:35:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\MemoQ
[2010/01/20 10:34:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Passolo 2009
[2009/12/07 17:30:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\runic games
[2010/01/20 10:44:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\SDL
[2010/02/01 10:25:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Six-Updater
[2010/01/09 13:44:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Stardock
[2009/11/17 11:30:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\SYSTRAN
[2009/11/09 12:17:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\TeamViewer
[2009/11/04 19:13:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\The Creative Assembly
[2009/11/23 19:22:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Trados
[2010/02/06 09:30:49 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\uTorrent
[2009/10/16 13:21:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\Vso
[2010/01/29 17:13:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Barry\Application Data\WebEx
[2010/02/07 08:43:24 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/07 08:43:25 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/07 08:43:26 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/09/28 16:57:39 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/09/28 16:57:39 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/09/28 16:57:39 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/09/28 16:57:39 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/04 06:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\system32\netlogon.dll
[2009/02/06 19:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- E:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

-----------------------------------------------------------------------------------------------------------------------------
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 7th, 2010, 5:20 am

Results from Extras.txt

OTL Extras logfile created on: 07/02/2010 09:47:50 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = E:\Documents and Settings\Barry\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 465.75 Gb Total Space | 168.54 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 2.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 195.31 Gb Total Space | 74.84 Gb Free Space | 38.32% Space Free | Partition Type: NTFS
Drive F: | 736.19 Gb Total Space | 175.63 Gb Free Space | 23.86% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 418.11 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
Drive H: | 1.59 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 347.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 465.75 Gb Total Space | 295.12 Gb Free Space | 63.36% Space Free | Partition Type: NTFS

Computer Name: YOUR-F5195DC0D4
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "E:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "E:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\Messenger\msmsgs.exe" = E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
"E:\Program Files\Steam\steamapps\liquidsun\team fortress 2\hl2.exe" = E:\Program Files\Steam\steamapps\liquidsun\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"E:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = E:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"E:\Program Files\Steam\steamapps\common\arma 2\arma2.exe" = E:\Program Files\Steam\steamapps\common\arma 2\arma2.exe:*:Enabled:ARMA 2 -- File not found
"D:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = D:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- File not found
"D:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = D:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- File not found
"E:\Program Files\Steam\steamapps\common\empire total war\Empire.exe" = E:\Program Files\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- File not found
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Dragon Age\bin_ship\daorigins.exe" = E:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"E:\Program Files\Dragon Age\DAOriginsLauncher.exe" = E:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found
"E:\Program Files\Steam\steamapps\common\overlord\Overlord.exe" = E:\Program Files\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- File not found
"E:\Program Files\Steam\steamapps\common\overlord\Config.exe" = E:\Program Files\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- File not found
"E:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe" = E:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- File not found
"E:\Program Files\Steam\steamapps\common\overlord ii\Config.exe" = E:\Program Files\Steam\steamapps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- File not found
"E:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = E:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- File not found
"E:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = E:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- File not found
"E:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe" = E:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- File not found
"E:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = E:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- File not found
"E:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = E:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = E:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Dawn of War Gold: Winter Assault -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war gold\W40k.exe" = E:\Program Files\Steam\steamapps\common\dawn of war gold\W40k.exe:*:Enabled:Dawn of War Gold -- File not found
"E:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = E:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- File not found
"E:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = E:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Tales of Valor -- File not found
"G:\D\GAMES DIR\CALLOFJUAREZ\COJBIBGAME_X86.EXE" = G:\D\GAMES DIR\CALLOFJUAREZ\COJBIBGAME_X86.EXE:*:ENABLED:CALL OF JUAREZ - BOUND IN BLOOD -- File not found
"E:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = E:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = E:\Program Files\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Dawn of War: Dark Crusade -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = E:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm -- File not found
"E:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = E:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- File not found
"E:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- File not found
"C:\Steam\Steam.exe" = C:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Steam\steamapps\common\empire total war\Empire.exe" = C:\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- File not found
"C:\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = C:\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Dawn of War Gold: Winter Assault -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = C:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()
"C:\Steam\steamapps\common\overlord\Config.exe" = C:\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()
"C:\Steam\steamapps\common\dawn of war gold\W40k.exe" = C:\Steam\steamapps\common\dawn of war gold\W40k.exe:*:Enabled:Dawn of War Gold -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = C:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Dawn of War: Dark Crusade -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\chronicles of riddick - assault on dark athena\System\Win32_x86\DarkAthena.exe" = C:\Steam\steamapps\common\chronicles of riddick - assault on dark athena\System\Win32_x86\DarkAthena.exe:*:Enabled:Chronicles of Riddick: Assault on Dark Athena -- (Starbreeze Studios)
"C:\Steam\steamapps\common\arma 2\arma2.exe" = C:\Steam\steamapps\common\arma 2\arma2.exe:*:Enabled:ARMA 2 -- (Bohemia Interactive)
"C:\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\company of heroes\help.htm" = C:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Steam\steamapps\common\trine\trine_launcher.exe" = C:\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- ()
"C:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = C:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- (EA Digital Illusions CE AB)
"C:\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- ()
"C:\Steam\steamapps\common\overlord ii\Overlord2.exe" = C:\Steam\steamapps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- ()
"C:\Steam\steamapps\common\overlord ii\Config.exe" = C:\Steam\steamapps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- ()
"C:\Steam\steamapps\common\overlord\Overlord.exe" = C:\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord - Raising Hell -- (Triumph Studios)
"C:\Steam\steamapps\common\red faction\RedFaction.exe" = C:\Steam\steamapps\common\red faction\RedFaction.exe:*:Enabled:Red Faction -- (Volition, Inc.)
"C:\Games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Steam\steamapps\common\full spectrum warrior\Launcher.exe" = C:\Steam\steamapps\common\full spectrum warrior\Launcher.exe:*:Enabled:Full Spectrum Warrior -- ()
"C:\Steam\steamapps\common\full spectrum warrior\help.htm" = C:\Steam\steamapps\common\full spectrum warrior\help.htm:*:Enabled:Full Spectrum Warrior -- ()
"C:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = C:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = C:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- ()
"C:\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe" = C:\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe:*:Enabled:Frontlines: Fuel of War -- (Kaos Studios)
"C:\Steam\steamapps\common\titan quest\help.htm" = C:\Steam\steamapps\common\titan quest\help.htm:*:Enabled:Titan Quest -- ()
"C:\Steam\steamapps\common\titan quest immortal throne\Tqit.exe" = C:\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:*:Enabled:Titan Quest: Immortal Throne -- ()
"C:\Steam\steamapps\common\titan quest immortal throne\help.htm" = C:\Steam\steamapps\common\titan quest immortal throne\help.htm:*:Enabled:Titan Quest: Immortal Throne -- ()
"C:\Steam\steamapps\common\saints row 2\SR2_pc.exe" = C:\Steam\steamapps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2 -- ()
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Steam\steamapps\common\broken sword 3\BSTSD.exe" = C:\Steam\steamapps\common\broken sword 3\BSTSD.exe:*:Enabled:Broken Sword: The Sleeping Dragon -- ()
"C:\Steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe" = C:\Steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe:*:Enabled:Full Spectrum Warrior: Ten Hammers -- (Pandemic Studios LLC)
"C:\Steam\steamapps\common\full spectrum warrior ten hammers\help.htm" = C:\Steam\steamapps\common\full spectrum warrior ten hammers\help.htm:*:Enabled:Full Spectrum Warrior: Ten Hammers -- ()
"C:\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Steam\steamapps\common\juiced 2 hot import nights\j2launcher.exe" = C:\Steam\steamapps\common\juiced 2 hot import nights\j2launcher.exe:*:Enabled:Juiced 2: Hot Import Nights -- (Juice Games)
"C:\Steam\steamapps\common\zombie shooter\ZombieShooter.exe" = C:\Steam\steamapps\common\zombie shooter\ZombieShooter.exe:*:Enabled:Zombie Shooter -- (SigmaTeam)
"C:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"C:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe" = C:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil -- (Ubisoft)
"C:\Steam\steamapps\common\freedom force\fforce.exe" = C:\Steam\steamapps\common\freedom force\fforce.exe:*:Enabled:Freedom Force -- (Irrational Games)
"C:\Steam\steamapps\common\act of war direct action\ACTOFWAR.EXE" = C:\Steam\steamapps\common\act of war direct action\ACTOFWAR.EXE:*:Enabled:Act of War: Direct Action -- ()
"C:\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe" = C:\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe:*:Enabled:Freedom Force vs. the 3rd Reich -- (Irrational Games)
"C:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" = C:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus -- (Oddworld Inhabitants, Inc.)
"C:\Steam\steamapps\common\ghostbusters\ghost_w32.exe" = C:\Steam\steamapps\common\ghostbusters\ghost_w32.exe:*:Enabled:Ghostbusters -- (Terminal Reality Inc.)
"C:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" = C:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee -- (Oddworld Inhabitants, Inc.)
"C:\Games\Battlefield 2142\BF2142.exe" = C:\Games\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" = C:\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"C:\Games\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe" = C:\Games\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Games\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Games\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe" = C:\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon -- File not found
"C:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe:*:Enabled:Crysis Warhead -- (Crytek GmbH)
"E:\Program Files\AVG\AVG9\avgupd.exe" = E:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG9\avgnsx.exe" = E:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Steam\steamapps\common\osmos\osmos.exe" = C:\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)
"C:\Steam\steamapps\common\crysis wars\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis wars\Bin32\Crysis.exe:*:Enabled:Crysis Wars -- (Crytek GmbH)
"C:\Steam\steamapps\common\crysis\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis\Bin32\Crysis.exe:*:Enabled:Crysis -- (Crytek GmbH)
"C:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe" = C:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:*:Enabled:Shadowgrounds -- (Frozenbyte Oy)
"C:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe" = C:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:*:Enabled:Shadowgrounds -- ()
"C:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe" = C:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe:*:Enabled:Shadowgrounds Survivor -- (Frozenbyte)
"C:\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe" = C:\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:STALKER: Clear Sky -- ()
"C:\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War -- ( )
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Steam\steamapps\common\red faction guerrilla\rfg_launcher.exe" = C:\Steam\steamapps\common\red faction guerrilla\rfg_launcher.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"C:\Games\BFBC2\BFBC2BetaUpdater.exe" = C:\Games\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"C:\Games\BFBC2\BFBC2Game.exe" = C:\Games\BFBC2\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"C:\Games\Altitude\altitude.exe" = C:\Games\Altitude\altitude.exe:*:Enabled:altitude -- ()
"C:\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Games\World of Warcraft\Launcher.exe" = C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"E:\Program Files\SYSTRAN\6\SystranToolbar.exe" = E:\Program Files\SYSTRAN\6\SystranToolbar.exe:*:Enabled:SYSTRAN Translation Toolbar -- (SYSTRAN)
"E:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe" = E:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe:*:Enabled:Systran Translation Engine -- (SYSTRAN)
"E:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe" = E:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe:*:Enabled:SystranTranslationProjectManager -- ()
"E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe" = E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A7EA72-0F00-4D53-A81C-A5D925711141}" = Microsoft SQL Server 2008 Full text search
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C9925DA-9B06-8A9C-3B67-189C65A55C6F}" = ccc-core-preinstall
"{1D3BCE90-8AAF-7079-6379-B5D7F48DA669}" = ccc-core-static
"{1E0ABD73-1791-49A5-8E60-DD333C93EA72}" = Addon Sync 2009
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21339E89-FE01-62CB-9753-2DDFAB6D1F56}" = Catalyst Control Center Core Implementation
"{217EC467-61C4-1939-3BBF-4FA4CAEA42FF}" = EA Shared Game Component: Activation
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = Microsoft SQL Server 2008 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}" = Microsoft SQL Server 2008 BI Development Studio
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{36E71ED6-AC20-4AED-8C51-0030EE7FB55B}" = SDLX
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{43BD0C58-6E6E-4500-AFB0-263423319604}" = SDL Trados 2007 Freelance
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = Microsoft SQL Server 2008 Reporting Services
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4ADB3418-E288-8211-2F58-61707D94E18C}" = Catalyst Control Center Graphics Full Existing
"{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{544DE4F8-A7DD-4CF9-98D8-74A87604D5F1}" = GetDataBack FAT NTFS 4.0.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6215DD41-0F98-E265-132E-35DF9DE816EC}" = ATI Catalyst Install Manager
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
"{65F186A0-5A12-ECD2-886D-6A883144CA18}" = ccc-utility
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F7F59D5-12F6-4571-9935-A2921AA17F78}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193j
"{77137738-3061-4A70-AA70-DC11BAB0760C}" = HOLUX GPS USB DEVICE
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FAB9334-804D-34B7-BF98-7C8348CE81C1}" = Catalyst Control Center InstallProxy
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{866A7744-8132-479D-871A-306FB31FD752}_is1" = MemoQ 3.6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9121481E-69C1-3459-8105-1F92806EEC80}" = CCC Help English
"{914A1228-5BBB-4957-CAB3-0F490DF59384}" = Catalyst Control Center Localization All
"{915B8D8F-71FF-D41E-51A0-3BFBCB1C2F7E}" = Catalyst Control Center Graphics Light
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{936C119B-3538-4F19-88D1-BBF2E119B443}_is1" = Xtreme-G 9.11 XP32 AGP
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}" = Microsoft SQL Server 2008 BI Development Studio
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE50F917-DF17-4EF9-B391-1B5B0920B73F}" = GpsViewer
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DAA0BDAC-17F5-4158-AD06-494A462A3805}" = SDL Trados Studio 2009 SP1
"{DAA10E6B-F441-5298-C96D-EE4C7EE17DC9}" = Catalyst Control Center Graphics Previews Common
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8FA1072-80CB-8544-9483-BCC8148E4166}" = Catalyst Control Center HydraVision Full
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
"{EB7D25C1-F8BA-C576-816A-72C40C698842}" = Catalyst Control Center Graphics Full New
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.05
"4578-0181-0549-1546" = Altitude 1.0.0
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.8
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 53
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EA Installer.129209207" = EA Installer
"EADM" = EA Download Manager
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 3.0.2 Professional
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EXPERTool ATI_is1" = EXPERTool ATI 4.0
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.0.0526
"FreeSpace2" = FreeSpace 2
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"Impulse" = Impulse
"InstallShield_{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Machinarium" = Machinarium
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"Power Data Recovery_is1" = Power Data Recovery 4.1.1
"ProcessScanner_is1" = Uniblue ProcessScanner
"Psychonauts_is1" = Psychonauts
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"SDL Passolo 2009 Essential SR3" = SDL Passolo 2009 Essential SR3
"Sins of a Solar Empire" = Sins of a Solar Empire
"Six Updater Suite" = Six Updater Suite
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 11200" = Shadowgrounds Survivor
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 1500" = Darwinia
"Steam App 15130" = Beyond Good and Evil
"Steam App 1530" = Multiwinia
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 20510" = STALKER: Clear Sky
"Steam App 20550" = Red Faction II
"Steam App 240" = Counter-Strike: Source
"Steam App 2500" = Shadowgrounds
"Steam App 2710" = Act of War: Direct Action
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33130" = Zombie Shooter
"Steam App 33610" = Broken Sword: The Sleeping Dragon
"Steam App 4530" = Full Spectrum Warrior: Ten Hammers
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 8880" = Freedom Force
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"Steam App 9400" = Juiced 2: Hot Import Nights
"Steam App 9460" = Frontlines: Fuel of War
"Steam App 9480" = Saints Row 2
"Steam App 9740" = Indigo Prophecy
"Steam App 9870" = Ghostbusters
"Supreme Commander" = Supreme Commander
"TescoDownloader" = Tesco Download Manager
"TmUnitedForever_is1" = TmUnitedForever
"Torchlight" = Torchlight
"uTorrent" = µTorrent
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 5.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/02/2010 13:56:20 | Computer Name = YOUR-F5195DC0D4 | Source = MSSQL$SQLEXPRESS | ID = 9954
Description = SQL Server failed to communicate with filter daemon launch service
(Windows error: Windows Error: hr = 0x80070422(failed to retrieve text for this
error)). Full-Text filter daemon process failed to start. Full-text search functionality
will not be available.

Error - 05/02/2010 15:07:02 | Computer Name = YOUR-F5195DC0D4 | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
server database.

Error - 05/02/2010 15:20:59 | Computer Name = YOUR-F5195DC0D4 | Source = MSSQL$SQLEXPRESS | ID = 9954
Description = SQL Server failed to communicate with filter daemon launch service
(Windows error: Windows Error: hr = 0x80070422(failed to retrieve text for this
error)). Full-Text filter daemon process failed to start. Full-text search functionality
will not be available.

Error - 05/02/2010 15:21:01 | Computer Name = YOUR-F5195DC0D4 | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
server database.

Error - 06/02/2010 04:18:21 | Computer Name = YOUR-F5195DC0D4 | Source = MSSQL$SQLEXPRESS | ID = 9954
Description = SQL Server failed to communicate with filter daemon launch service
(Windows error: Windows Error: hr = 0x80070422(failed to retrieve text for this
error)). Full-Text filter daemon process failed to start. Full-text search functionality
will not be available.

Error - 06/02/2010 04:40:37 | Computer Name = YOUR-F5195DC0D4 | Source = Google Update | ID = 20
Description =

Error - 06/02/2010 04:48:46 | Computer Name = YOUR-F5195DC0D4 | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
server database.

Error - 06/02/2010 04:59:27 | Computer Name = YOUR-F5195DC0D4 | Source = MSSQL$SQLEXPRESS | ID = 9954
Description = SQL Server failed to communicate with filter daemon launch service
(Windows error: Windows Error: hr = 0x80070422(failed to retrieve text for this
error)). Full-Text filter daemon process failed to start. Full-text search functionality
will not be available.

Error - 06/02/2010 05:20:04 | Computer Name = YOUR-F5195DC0D4 | Source = Report Server Windows Service (SQLEXPRESS) | ID = 107
Description = Report Server Windows Service (SQLEXPRESS) cannot connect to the report
server database.

Error - 06/02/2010 16:25:40 | Computer Name = YOUR-F5195DC0D4 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.28.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 06/02/2010 04:18:27 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7000
Description = The NewServiceInstall1 service failed to start due to the following
error: %%193

Error - 06/02/2010 04:19:49 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.

Error - 06/02/2010 04:34:35 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 06/02/2010 04:59:33 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7000
Description = The NewServiceInstall1 service failed to start due to the following
error: %%193

Error - 06/02/2010 05:00:55 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.

Error - 06/02/2010 05:01:26 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 06/02/2010 07:56:11 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7000
Description = The NewServiceInstall1 service failed to start due to the following
error: %%193

Error - 06/02/2010 07:57:34 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.

Error - 07/02/2010 03:41:36 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7000
Description = The NewServiceInstall1 service failed to start due to the following
error: %%193

Error - 07/02/2010 03:42:57 | Computer Name = YOUR-F5195DC0D4 | Source = Service Control Manager | ID = 7022
Description = The SQL Server Reporting Services (SQLEXPRESS) service hung on starting.


< End of report >
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 7th, 2010, 2:05 pm

Hi

Brood wrote:I have just had my World of Warcraft account hacked and the only way would be a keylogger.
I have read that there are other ways besides a keylogger.

Instead of GMER, let's try:

1 - SysProt Scan
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • At the bottom of the window, select Hidden Objects Only << Important
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder as Sysprot.exe. Open the text file and copy/paste the log here.
Also...

2 - Online Kaspersky Scan
Notes
Do NOT run this scan if you are on dial-up.
Java must be installed and enabled for the scan to work.
Disable your computer's antivirus program as leaving it active will cause conflicts
On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version.
  • Close ALL programs and windows except for your browser
    Please go to >Online Kaspersky Scan< and perform an online antivirus scan.
  • Read through the Requirements and limitations statement and click on the Accept button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, the scrolling window will show 'Database is updated. Ready to scan'. Click on the Settings button at the bottom left.
  • Make sure these boxes are checked/ticked. If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan on the left. OK any warnings from your protection programs.
  • Go for a long walk. Please be patient and let the scanner finish. It is better that you do NOT use the computer while the scan is running. Keep all other programs/windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan-ddmmyy before clicking on the Save button. Save the report to a convenient place - for example the Desktop.
  • Please post this log in your next reply.
Note - enable your antivirus program before browsing away from the Kaspersky site.

Go to the Desktop and double-click on the Kaspersky report KAVScan-ddmmyy.txt, it will open in Notepad
Click Edit > Select all then Edit > Copy
Reply to this thread and paste (Ctrl+V) the report.

Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 7th, 2010, 7:26 pm

The only other way to steal account is by phishing, and guessing the passwords I thought and seeing as it's neither of those I presumed it was a keylogger. I'll post the kaspersky log tomorrow morning.

Sysprot Scan Log :

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: spas.sys
Service Name: ---
Module Base: F7285000
Module End: F7386000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ADDB6000
Module End: ADDCE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F79F3000
Module End: F79F5000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F74F787E
Driver Base: F74F7000
Driver End: F7506000
Driver Name: Lbd.sys

Function Name: ZwEnumerateKey
Address: F72A4DA4
Driver Base: F7285000
Driver End: F7386000
Driver Name: spas.sys

Function Name: ZwEnumerateValueKey
Address: F72A5132
Driver Base: F7285000
Driver End: F7386000
Driver Name: spas.sys

Function Name: ZwOpenKey
Address: F72860C0
Driver Base: F7285000
Driver End: F7386000
Driver Name: spas.sys

Function Name: ZwQueryKey
Address: F72A520A
Driver Base: F7285000
Driver End: F7386000
Driver Name: spas.sys

Function Name: ZwQueryValueKey
Address: F72A508A
Driver Base: F7285000
Driver End: F7386000
Driver Name: spas.sys

Function Name: ZwSetValueKey
Address: F74F7BFE
Driver Base: F74F7000
Driver End: F7506000
Driver Name: Lbd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7286000
Hooking Module: spas.sys

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AC6A1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 89B2C1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8ACDF1F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_CREATE
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_CLOSE
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_READ
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_WRITE
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SET_EA
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_POWER
Jump To: F728DE30
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F72A2514
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: \Driver\PCI_PNP8010
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F72C9AEA
Hooking Module: spas.sys

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 89B641F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 89B641F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 89B641F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 89B641F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 89B641F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB811F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AB8E1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AB8E1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AB8E1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AB8E1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AB8E1F8
Hooking Module: _unknown_

Hooked Module: E:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AB8E1F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C213-100-80-87.SWIPNET.SE:50236
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 204.237.24.99:11415
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: AINS-202-134-250-110.AINS.NET.AU:3621
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: AINS-202-134-250-110.AINS.NET.AU:3331
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 196-210-47-27.DYNAMIC.ISADSL.CO.ZA:62200
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 108-241-20-190.ADSL.TERRA.CL:42457
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 18714156240.USER.VELOXZONE.COM.BR:61021
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 18714156240.USER.VELOXZONE.COM.BR:60961
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE-174-106-207-105.EC.RES.RR.COM:60146
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S0106001E68CCA45D.ED.SHAWCABLE.NET:2128
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S010600251139725C.MH.SHAWCABLE.NET:49870
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: MTPRNF0107W-142163150172.PPPOE-DYNAMIC.HIGH-SPEED.NL.BELLALIANT.NET:60388
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HLFXNS0169W-142068217248.PPPOE-DYNAMIC.HIGH-SPEED.NS.BELLALIANT.NET:58360
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HLFXNS0169W-142068216140.PPPOE-DYNAMIC.HIGH-SPEED.NS.BELLALIANT.NET:60733
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HLFXNS0169W-142068216140.PPPOE-DYNAMIC.HIGH-SPEED.NS.BELLALIANT.NET:60679
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: PRESTPC103-DOT1X2.STUDENTBY.UIT.NO:57243
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: PRESTPC103-DOT1X2.STUDENTBY.UIT.NO:57183
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 121-55-217-36.DYNAMIC.C200.GUAM.NET:60040
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: ACL1-443BTS.GW.SMARTBRO.NET:58749
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 117.55.206.27:1314
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: D114-78-75-215.SBR10.NSW.OPTUSNET.COM.AU:52722
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 109.110.9.180:60711
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 109.96.138.26:56615
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 109.76.73.179:20676
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: POOL-108-10-199-72.ATL01.DSL-W.VERIZON.NET:64203
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE0016D4F5353A-CM00195ECBF8FA.CPE.NET.CABLE.ROGERS.COM:63833
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE0016D4F5353A-CM00195ECBF8FA.CPE.NET.CABLE.ROGERS.COM:63830
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE0016CBC6F8CD-CM0018685205C6.CPE.NET.CABLE.ROGERS.COM:46054
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: ADSL-99-141-181-134.DSL.EMHRIL.SBCGLOBAL.NET:63783
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: ADSL-99-40-249-16.DSL.SFLDMI.SBCGLOBAL.NET:58753
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-98-229-74-63.HSD1.MA.COMCAST.NET:3782
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-98-229-14-76.HSD1.MA.COMCAST.NET:50225
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-98-229-14-76.HSD1.MA.COMCAST.NET:50211
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-98-228-81-57.HSD1.IL.COMCAST.NET:52608
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE-098-025-049-119.SC.RES.RR.COM:37340
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 97-95-136-79.DHCP.JCSN.TN.CHARTER.COM:4563
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 97-89-242-225.STATIC.PLT.NY.CHARTER.COM:55855
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 96.243.56.22:3489
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 95.45.224.68:57420
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5E08285F.BB.SKY.COM:53171
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 92.251.255.6.THREEMBB.IE:30822
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HOST-92-4-9-49.AS43234.NET:18225
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: FIN_WAIT1

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A91-153-125-242.ELISA-LAAJAKAISTA.FI:23759
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CUSTOMER11891.POOL1.UNALLOCATED-106-64.ORANGEHOMEDSL.CO.UK:60566
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5ACFB59A.BB.SKY.COM:51235
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5ACCF925.BB.SKY.COM:1076
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5ACA32D1.BB.SKY.COM:63063
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5AC69386.BB.SKY.COM:53176
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5AC69386.BB.SKY.COM:52942
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 5AC38EA4.BB.SKY.COM:49348
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 149-177-88.OKE1-BRAS10.ADSL.TELE2.NO:63046
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 90.149.32.224:56401
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: APUTEAUX-554-1-43-78.W90-35.ABO.WANADOO.FR:4729
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89.242.246.68:11597
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89.242.176.159:19416
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: LAST_ACK

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: H59EC0650.DKKOBYE.DYN.PERSPEKTIVBREDBAND.NET:17319
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: H59EC0650.DKKOBYE.DYN.PERSPEKTIVBREDBAND.NET:16927
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89.181.3.11:1713
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 166-38.DSL.ISKON.HR:1693
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A89-155-115-69.CPE.NETCABO.PT:64863
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: DYNAMIC.IP.89.148.20.42.BATELCO.COM.BH:16482
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89-139-38-75.BB.NETVISION.NET.IL:2243
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89-139-38-75.BB.NETVISION.NET.IL:2216
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 89.137.109.155:4684
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CATV-89-132-120-91.CATV.BROADBAND.HU:55751
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CATV-89-132-120-91.CATV.BROADBAND.HU:55708
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: I.89.35.239.46.USE.TEENTELECOM.NET:36098
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CS27058055.PP.HTV.FI:62439
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 250.233.196.88.DYN.ESTPAK.EE:49506
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 88.193.210.131:58677
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CAP31-6-88-180-73-241.FBX.PROXAD.NET:4959
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: MEI67-3-88-171-81-189.FBX.PROXAD.NET:52595
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: PON77-1-88-167-49-115.FBX.PROXAD.NET:4601
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A88-115-107-152.ELISA-LAAJAKAISTA.FI:29985
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A88-114-199-174.ELISA-LAAJAKAISTA.FI:40439
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A88-114-45-96.ELISA-LAAJAKAISTA.FI:3310
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: A88-113-249-254.ELISA-LAAJAKAISTA.FI:3785
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 88-107-170-43.DYNAMIC.DSL.AS9105.COM:3496
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: TI0058A340-DHCP0843.BB.ONLINE.NO:23916
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HOST86-184-83-187.RANGE86-184.BTCENTRALPLUS.COM:49760
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HOST86-137-34-14.RANGE86-137.BTCENTRALPLUS.COM:63052
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 86-43-209-225-DYNAMIC.B-RAS2.BBH.DUBLIN.EIRCOM.NET:54152
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 86-42-231-144-DYNAMIC.B-RAS1.CLD.DUBLIN.EIRCOM.NET:53162
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: H-242-216.A218.PRIV.BAHNHOF.SE:4734
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 58-45.4-85.FIX.BLUEWIN.CH:50656
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: LONDON.PERFECT-PRIVACY.COM:60067
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 83-71-83-89-DYNAMIC.B-RAS1.CHF.CORK.EIRCOM.NET:60053
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 83-70-239-21-DYNAMIC.B-RAS1.PRP.DUBLIN.EIRCOM.NET:57088
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPC1-POOL7-0-0-CUST86.SOTN.CABLE.NTL.COM:58721
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPC3-BRIG10-0-0-CUST728.BRIG.CABLE.NTL.COM:3973
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: DSL-HKIBRASGW2-FE61DF00-136.DHCP.INET.FI:60529
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPC3-REIG4-2-0-CUST166.6-3.CABLE.VIRGINMEDIA.COM:62146
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 79-114-74-208.RDSNET.RO:3813
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 78.150.130.248:26312
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 78.147.40.45:50763
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: BAS2-GUELPH22-1279593832.DSL.BELL.CA:60139
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 75-163-46-246.STCD.QWEST.NET:57043
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: D75-154-181-71.BCHSIA.TELUS.NET:50696
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: ADSL-75-15-133-9.DSL.SNLO01.SBCGLOBAL.NET:1850
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: WS-DSL-74-83-17-243.FUSE.NET:50687
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE-74-69-201-214.MAINE.RES.RR.COM:49377
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: CPE-72-231-159-139.NYCAP.RES.RR.COM:52014
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 71-221-104-244.CLSP.QWEST.NET:64708
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: POOL-71-186-249-26.BFLONY.EAST.VERIZON.NET:33586
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: POOL-71-166-71-43.BLTMMD.EAST.VERIZON.NET:50697
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: ADSL-70-137-197-101.DSL.FRS2CA.SBCGLOBAL.NET:55455
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S010600248C06C092.SS.SHAWCABLE.NET:60515
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: BAS1-GUELPH22-1177619899.DSL.BELL.CA:50341
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: POOL-70-22-33-143.BALT.EAST.VERIZON.NET:55348
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 229.214-62-69.FTTH.SWBR.SUREWEST.NET:1616
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S010600212964DD63.ED.SHAWCABLE.NET:63050
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S0106001EE535649E.ED.SHAWCABLE.NET:63868
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S0106001EE535649E.ED.SHAWCABLE.NET:63809
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S0106000E352CC587.CG.SHAWCABLE.NET:4596
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: D-65-175-170-125.CPE.METROCAST.NET:3148
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: 58.137.107.16:62107
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: HOST-41.238.105.162.TEDATA.NET:49286
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: S01060014BF4ADBB3.GV.SHAWCABLE.NET:56708
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: BLK-89-234-74.EASTLINK.CA:1810
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-24-18-134-224.HSD1.WA.COMCAST.NET:61451
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:47762
Remote Address: C-24-5-71-136.HSD1.CA.COMCAST.NET:2672
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-F5195DC0D4.HOME:2296
Remote Address: APP102.LOGMEIN.COM:HTTPS
Type: TCP
Process: E:\Program Files\LogMeIn\x86\LogMeIn.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1590
Remote Address: IP106-27-212-87.ADSL2.STATIC.VERSATEL.NL:47402
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: YOUR-F5195DC0D4.HOME:1588
Remote Address: 92.26.128.18:33555
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1587
Remote Address: HOST-92-0-2-13.AS43234.NET:51413
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: YOUR-F5195DC0D4.HOME:1585
Remote Address: A91-155-240-44.ELISA-LAAJAKAISTA.FI:15527
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: SYN_SENT

Local Address: YOUR-F5195DC0D4.HOME:1579
Remote Address: 79.222.202.84.CUSTOMER.CDI.NO:32805
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1578
Remote Address: 85.64.168.219.DYNAMIC.BARAK-ONLINE.NET:48291
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1577
Remote Address: ZYYDCCXL.GPRS.SL-LAAJAKAISTA.FI:30439
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1570
Remote Address: 92.81.71.14:44364
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1564
Remote Address: HOST86-168-89-88.RANGE86-168.BTCENTRALPLUS.COM:32608
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1559
Remote Address: 74.125.8.34:HTTP
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1558
Remote Address: WY-IN-F101.1E100.NET:HTTP
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1552
Remote Address: I028200.GPRS.DNAFINLAND.FI:12104
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1550
Remote Address: 226-182-96-87.CUST.BLIXTVIK.SE:51819
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1548
Remote Address: A89-152-3-134.CPE.NETCABO.PT:15000
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1542
Remote Address: DSL5402A765.POOL.T-ONLINE.HU:23798
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1541
Remote Address: S0106002268374136.GV.SHAWCABLE.NET:57107
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1534
Remote Address: S01060023542E877B.CG.SHAWCABLE.NET:64493
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1530
Remote Address: A91-156-168-197.ELISA-LAAJAKAISTA.FI:63930
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1529
Remote Address: ADSL-85-217-1-160.KOTINET.COM:30932
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1522
Remote Address: 85.64.168.219.DYNAMIC.BARAK-ONLINE.NET:48291
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: CLOSING

Local Address: YOUR-F5195DC0D4.HOME:1518
Remote Address: 5E01F164.BB.SKY.COM:64071
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1516
Remote Address: 93-141-72-148.ADSL.NET.T-COM.HR:30996
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:WINS
Remote Address: 87.192.158.116:21919
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1509
Remote Address: HOST-92-4-9-49.AS43234.NET:35562
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1508
Remote Address: TI0168A340-DHCP0069.BB.ONLINE.NO:16144
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1504
Remote Address: 145-185.DSL.ISKON.HR:34102
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1502
Remote Address: 5E01E0C2.BB.SKY.COM:49110
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1501
Remote Address: 5E01DE28.BB.SKY.COM:40417
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1493
Remote Address: 169.200.10-93.REV.GAOLAND.NET:17539
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1489
Remote Address: 79.23.100-74.REV.GAOLAND.NET:13304
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1488
Remote Address: ADSL-87-102-78-179.KAROO.KCOM.COM:17401
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1486
Remote Address: ANANTES-552-1-108-205.W92-139.ABO.WANADOO.FR:44713
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: LAST_ACK

Local Address: YOUR-F5195DC0D4.HOME:1484
Remote Address: AROUEN-752-1-24-8.W90-51.ABO.WANADOO.FR:10896
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1480
Remote Address: DSLB-088-078-126-119.POOLS.ARCOR-IP.NET:51414
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1479
Remote Address: HOST-92-11-163-86.AS43234.NET:39754
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1477
Remote Address: HOST-92-0-140-99.AS43234.NET:45426
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1474
Remote Address: AUT75-7-88-161-148-106.FBX.PROXAD.NET:40940
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1471
Remote Address: 5AD5101B.BB.SKY.COM:51550
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1468
Remote Address: A91-155-146-227.ELISA-LAAJAKAISTA.FI:36115
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1466
Remote Address: A91-153-72-103.ELISA-LAAJAKAISTA.FI:34308
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1461
Remote Address: 91-115-172-143.ADSL.HIGHWAY.TELEKOM.AT:51634
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1431
Remote Address: CHELLO089072177240.CHELLO.PL:39232
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1427
Remote Address: 90-227-235-142-NO74.BUSINESS.TELIA.COM:28802
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1426
Remote Address: 5ACBAC43.BB.SKY.COM:57154
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:1424
Remote Address: 5AC99774.BB.SKY.COM:54499
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-F5195DC0D4:7438
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:5679
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Microsoft ActiveSync\wcescomm.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:5152
Remote Address: LOCALHOST:1441
Type: TCP
Process: E:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: YOUR-F5195DC0D4:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:1444
Remote Address: LOCALHOST:1443
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4:1443
Remote Address: LOCALHOST:1444
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4:1440
Remote Address: LOCALHOST:1439
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4:1439
Remote Address: LOCALHOST:1440
Type: TCP
Process: E:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-F5195DC0D4:1045
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:51585
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\SYSTRAN\6\SystranToolbar.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:50300
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\WINDOWS\system32\oodag.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:47762
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:8080
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:2002
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Program Files\LogMeIn\x86\LogMeIn.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:990
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\PROGRA~1\MICROS~3\rapimgr.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-F5195DC0D4:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-F5195DC0D4.HOME:5353
Remote Address: NA
Type: UDP
Process: E:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-F5195DC0D4.HOME:1900
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-F5195DC0D4.HOME:1900
Remote Address: NA
Type: UDP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: YOUR-F5195DC0D4.HOME:1332
Remote Address: NA
Type: UDP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: YOUR-F5195DC0D4.HOME:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-F5195DC0D4.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-F5195DC0D4.HOME:123
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-F5195DC0D4:44301
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: YOUR-F5195DC0D4:1900
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-F5195DC0D4:123
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-F5195DC0D4:47762
Remote Address: NA
Type: UDP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: YOUR-F5195DC0D4:6771
Remote Address: NA
Type: UDP
Process: E:\Program Files\uTorrent\uTorrent.exe
State: NA

Local Address: YOUR-F5195DC0D4:4500
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-F5195DC0D4:1036
Remote Address: NA
Type: UDP
Process: C:\Steam\Steam.exe
State: NA

Local Address: YOUR-F5195DC0D4:1025
Remote Address: NA
Type: UDP
Process: E:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: YOUR-F5195DC0D4:500
Remote Address: NA
Type: UDP
Process: E:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-F5195DC0D4:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: E:\Documents and Settings\All Users\Start Menu\Programs\HOLUX
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 1 Complete\BPP_SL-010_FDK43_FD33_FD24_F.20_F.32_Customer Credit Management.do
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 1 Complete\BPP_SL-010_S_ALR_87012179_Customer List (New Customers Created).do
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\BPP_Sl-020-100 FDM_JUDGE - Evaluation of Promise to Pay.
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\BPP_SL-020_UDM_Dispute_Dispute Case List And Processing.
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\completed\BPP_SL-020-005_F.2D Customer Master Data Compa
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\completed\BPP_SL-020-005_UDM_BP_GRP - Change to Segment
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\completed\BPP_SL-020-030_UDM_GENWL - Creation of Worklis
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\completed\BPP_SL-020-090_UDM_SPECIALIST - My Worklist.do
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091021\source Warner\FIN210-Perform Customer Credit and collection Managemnet\Word\Batch 2 - Tuesday July 7th\completed\BPP_SL-020-110_FBL5N_Display Customer Open Ite
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091034 - 23rd July\2091034\source\FIN310- Manage Accounts Payable\Word - Batch 1 - Tues21stJuly - 12.00CET\BPP_SL-040_FBD1_F.14_F.15_Enter and Post Recurring Entries.
Status: Hidden

Object: E:\Documents and Settings\Barry\Desktop\Translation\Completed Translation Jobs\ITC Jobs\2091034 - 23rd July\2091034\source\FIN310- Manage Accounts Payable\Word - Batch 1 - Tues21stJuly - 12.00CET\completed\BPP_SL-040_FBD2_FBD3_FBD4_F-56_Recurring Entries.
Status: Hidden

Object: E:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: E:\System Volume Information\tracking.log
Status: Access denied
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 8th, 2010, 5:20 am

I'm afraid I had to stop the Kasperky scan at 89% after 10 hours!

There were 2 infections found and I have deleted them.

F:\Apps\SuperiorXP64_6_2009\sxp64_revival.iso
F:\GAMES\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar

I will scan again tonight but start a bit earlier so it completes.
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 8th, 2010, 6:57 am

Brood wrote:I'm afraid I had to stop the Kasperky scan at 89% after 10 hours!

There were 2 infections found and I have deleted them.

F:\Apps\SuperiorXP64_6_2009\sxp64_revival.iso
F:\GAMES\Civilization 4 IV + Warlords expansion + 1.61 + 2.08 update + nocd crack civ4 civIV.rar

I will scan again tonight but start a bit earlier so it completes.

It will take quite a while, especially as your computer has five very large hard drives with three being over 60% full.

There are also a considerable number of applications, many game related, that have internet access. If any of these were acquired via dubious sites, the program *could* have included a keylogger. Several of the entries show 'File Not Found' so perhaps you have already removed/uninstalled the corresponding program.
========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\Program Files\Messenger\msmsgs.exe" = E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
"E:\Program Files\Steam\steamapps\liquidsun\team fortress 2\hl2.exe" = E:\Program Files\Steam\steamapps\liquidsun\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"E:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = E:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"E:\Program Files\Steam\steamapps\common\arma 2\arma2.exe" = E:\Program Files\Steam\steamapps\common\arma 2\arma2.exe:*:Enabled:ARMA 2 -- File not found
"D:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = D:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator -- File not found
"D:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = D:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher -- File not found
"E:\Program Files\Steam\steamapps\common\empire total war\Empire.exe" = E:\Program Files\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- File not found
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe" = E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"E:\Program Files\Dragon Age\bin_ship\daorigins.exe" = E:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"E:\Program Files\Dragon Age\DAOriginsLauncher.exe" = E:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- File not found
"E:\Program Files\Steam\steamapps\common\overlord\Overlord.exe" = E:\Program Files\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord -- File not found
"E:\Program Files\Steam\steamapps\common\overlord\Config.exe" = E:\Program Files\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- File not found
"E:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe" = E:\Program Files\Steam\steamapps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- File not found
"E:\Program Files\Steam\steamapps\common\overlord ii\Config.exe" = E:\Program Files\Steam\steamapps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- File not found
"E:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = E:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- File not found
"E:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = E:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- File not found
"E:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe" = E:\Program Files\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- File not found
"E:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe" = E:\Program Files\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- File not found
"E:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = E:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = E:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Dawn of War Gold: Winter Assault -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war gold\W40k.exe" = E:\Program Files\Steam\steamapps\common\dawn of war gold\W40k.exe:*:Enabled:Dawn of War Gold -- File not found
"E:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = E:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- File not found
"E:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = E:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Tales of Valor -- File not found
"G:\D\GAMES DIR\CALLOFJUAREZ\COJBIBGAME_X86.EXE" = G:\D\GAMES DIR\CALLOFJUAREZ\COJBIBGAME_X86.EXE:*:ENABLED:CALL OF JUAREZ - BOUND IN BLOOD -- File not found
"E:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = E:\Program Files\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = E:\Program Files\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Dawn of War: Dark Crusade -- File not found
"E:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = E:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm -- File not found
"E:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = E:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- File not found
"E:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = E:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- File not found
"C:\Steam\Steam.exe" = C:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Steam\steamapps\common\empire total war\Empire.exe" = C:\Steam\steamapps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- File not found
"C:\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = C:\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Dawn of War Gold: Winter Assault -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = C:\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()
"C:\Steam\steamapps\common\overlord\Config.exe" = C:\Steam\steamapps\common\overlord\Config.exe:*:Enabled:Overlord -- ()
"C:\Steam\steamapps\common\dawn of war gold\W40k.exe" = C:\Steam\steamapps\common\dawn of war gold\W40k.exe:*:Enabled:Dawn of War Gold -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe" = C:\Steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Dawn of War: Dark Crusade -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\chronicles of riddick - assault on dark athena\System\Win32_x86\DarkAthena.exe" = C:\Steam\steamapps\common\chronicles of riddick - assault on dark athena\System\Win32_x86\DarkAthena.exe:*:Enabled:Chronicles of Riddick: Assault on Dark Athena -- (Starbreeze Studios)
"C:\Steam\steamapps\common\arma 2\arma2.exe" = C:\Steam\steamapps\common\arma 2\arma2.exe:*:Enabled:ARMA 2 -- (Bohemia Interactive)
"C:\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\company of heroes\help.htm" = C:\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Steam\steamapps\common\trine\trine_launcher.exe" = C:\Steam\steamapps\common\trine\trine_launcher.exe:*:Enabled:Trine -- ()
"C:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe" = C:\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge -- (EA Digital Illusions CE AB)
"C:\Steam\steamapps\common\swkotor\swkotor.exe" = C:\Steam\steamapps\common\swkotor\swkotor.exe:*:Enabled:Star Wars: Knights of The Old Republic -- (BioWare Corp.)
"C:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- ()
"C:\Steam\steamapps\common\overlord ii\Overlord2.exe" = C:\Steam\steamapps\common\overlord ii\Overlord2.exe:*:Enabled:Overlord II -- ()
"C:\Steam\steamapps\common\overlord ii\Config.exe" = C:\Steam\steamapps\common\overlord ii\Config.exe:*:Enabled:Overlord II -- ()
"C:\Steam\steamapps\common\overlord\Overlord.exe" = C:\Steam\steamapps\common\overlord\Overlord.exe:*:Enabled:Overlord - Raising Hell -- (Triumph Studios)
"C:\Steam\steamapps\common\red faction\RedFaction.exe" = C:\Steam\steamapps\common\red faction\RedFaction.exe:*:Enabled:Red Faction -- (Volition, Inc.)
"C:\Games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Games\Sins of a Solar Empire\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"C:\Steam\steamapps\common\full spectrum warrior\Launcher.exe" = C:\Steam\steamapps\common\full spectrum warrior\Launcher.exe:*:Enabled:Full Spectrum Warrior -- ()
"C:\Steam\steamapps\common\full spectrum warrior\help.htm" = C:\Steam\steamapps\common\full spectrum warrior\help.htm:*:Enabled:Full Spectrum Warrior -- ()
"C:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = C:\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm -- (THQ Canada Inc.)
"C:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = C:\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- ()
"C:\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe" = C:\Steam\steamapps\common\frontlines fuel of war\Binaries\FFOW.exe:*:Enabled:Frontlines: Fuel of War -- (Kaos Studios)
"C:\Steam\steamapps\common\titan quest\help.htm" = C:\Steam\steamapps\common\titan quest\help.htm:*:Enabled:Titan Quest -- ()
"C:\Steam\steamapps\common\titan quest immortal throne\Tqit.exe" = C:\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:*:Enabled:Titan Quest: Immortal Throne -- ()
"C:\Steam\steamapps\common\titan quest immortal throne\help.htm" = C:\Steam\steamapps\common\titan quest immortal throne\help.htm:*:Enabled:Titan Quest: Immortal Throne -- ()
"C:\Steam\steamapps\common\saints row 2\SR2_pc.exe" = C:\Steam\steamapps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2 -- ()
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Steam\steamapps\common\broken sword 3\BSTSD.exe" = C:\Steam\steamapps\common\broken sword 3\BSTSD.exe:*:Enabled:Broken Sword: The Sleeping Dragon -- ()
"C:\Steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe" = C:\Steam\steamapps\common\full spectrum warrior ten hammers\fsw2.exe:*:Enabled:Full Spectrum Warrior: Ten Hammers -- (Pandemic Studios LLC)
"C:\Steam\steamapps\common\full spectrum warrior ten hammers\help.htm" = C:\Steam\steamapps\common\full spectrum warrior ten hammers\help.htm:*:Enabled:Full Spectrum Warrior: Ten Hammers -- ()
"C:\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Steam\steamapps\common\juiced 2 hot import nights\j2launcher.exe" = C:\Steam\steamapps\common\juiced 2 hot import nights\j2launcher.exe:*:Enabled:Juiced 2: Hot Import Nights -- (Juice Games)
"C:\Steam\steamapps\common\zombie shooter\ZombieShooter.exe" = C:\Steam\steamapps\common\zombie shooter\ZombieShooter.exe:*:Enabled:Zombie Shooter -- (SigmaTeam)
"C:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe" = C:\Steam\steamapps\common\defensegridtheawakening\DefenseGrid.exe:*:Enabled:Defense Grid: The Awakening -- ()
"C:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe" = C:\Steam\steamapps\common\beyond good and evil\CheckApplication.exe:*:Enabled:Beyond Good and Evil -- (Ubisoft)
"C:\Steam\steamapps\common\freedom force\fforce.exe" = C:\Steam\steamapps\common\freedom force\fforce.exe:*:Enabled:Freedom Force -- (Irrational Games)
"C:\Steam\steamapps\common\act of war direct action\ACTOFWAR.EXE" = C:\Steam\steamapps\common\act of war direct action\ACTOFWAR.EXE:*:Enabled:Act of War: Direct Action -- ()
"C:\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe" = C:\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe:*:Enabled:Freedom Force vs. the 3rd Reich -- (Irrational Games)
"C:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe" = C:\Steam\steamapps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus -- (Oddworld Inhabitants, Inc.)
"C:\Steam\steamapps\common\ghostbusters\ghost_w32.exe" = C:\Steam\steamapps\common\ghostbusters\ghost_w32.exe:*:Enabled:Ghostbusters -- (Terminal Reality Inc.)
"C:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe" = C:\Steam\steamapps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee -- (Oddworld Inhabitants, Inc.)
"C:\Games\Battlefield 2142\BF2142.exe" = C:\Games\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2 -- ()
"C:\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" = C:\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion Software)
"C:\Games\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe" = C:\Games\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Games\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Games\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance -- (Gas Powered Games)
"C:\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe" = C:\Steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe:*:Enabled:Shattered Horizon -- File not found
"C:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"E:\WINDOWS\system32\PnkBstrA.exe" = E:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"E:\WINDOWS\system32\PnkBstrB.exe" = E:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis warhead\Bin32\Crysis.exe:*:Enabled:Crysis Warhead -- (Crytek GmbH)
"E:\Program Files\AVG\AVG9\avgupd.exe" = E:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG9\avgnsx.exe" = E:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Steam\steamapps\common\osmos\osmos.exe" = C:\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)
"C:\Steam\steamapps\common\crysis wars\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis wars\Bin32\Crysis.exe:*:Enabled:Crysis Wars -- (Crytek GmbH)
"C:\Steam\steamapps\common\crysis\Bin32\Crysis.exe" = C:\Steam\steamapps\common\crysis\Bin32\Crysis.exe:*:Enabled:Crysis -- (Crytek GmbH)
"C:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe" = C:\Steam\steamapps\common\shadowgrounds\Shadowgrounds.exe:*:Enabled:Shadowgrounds -- (Frozenbyte Oy)
"C:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe" = C:\Steam\steamapps\common\shadowgrounds\ShadowgroundsLauncher.exe:*:Enabled:Shadowgrounds -- ()
"C:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe" = C:\Steam\steamapps\common\shadowgrounds survivor\survivor.exe:*:Enabled:Shadowgrounds Survivor -- (Frozenbyte)
"C:\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe" = C:\Steam\steamapps\common\stalker clear sky\bin\xrEngine.exe:*:Enabled:STALKER: Clear Sky -- ()
"C:\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War -- ( )
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Steam\steamapps\common\red faction guerrilla\rfg_launcher.exe" = C:\Steam\steamapps\common\red faction guerrilla\rfg_launcher.exe:*:Enabled:Red Faction: Guerrilla -- (THQ Inc.)
"C:\Games\BFBC2\BFBC2BetaUpdater.exe" = C:\Games\BFBC2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"C:\Games\BFBC2\BFBC2Game.exe" = C:\Games\BFBC2\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"C:\Games\Altitude\altitude.exe" = C:\Games\Altitude\altitude.exe:*:Enabled:altitude -- ()
"C:\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Games\World of Warcraft\Launcher.exe" = C:\Games\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"E:\Program Files\SYSTRAN\6\SystranToolbar.exe" = E:\Program Files\SYSTRAN\6\SystranToolbar.exe:*:Enabled:SYSTRAN Translation Toolbar -- (SYSTRAN)
"E:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe" = E:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe:*:Enabled:Systran Translation Engine -- (SYSTRAN)
"E:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe" = E:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe:*:Enabled:SystranTranslationProjectManager -- ()
"E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe" = E:\Documents and Settings\Barry\Local Settings\Apps\2.0\ANAOBREM.19H\X87Y05GC.A03\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

In addition, several ports are open and *could* be used by a keylogger:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 8th, 2010, 7:14 am

So what about the browser redirect?

I still get it occasionally, even though I've ran every spyware program known to man ;)
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 8th, 2010, 7:54 am

Brood wrote:So what about the browser redirect?

I still get it occasionally, even though I've ran every spyware program known to man ;)

If you only get it 'occasionally', it may not necessarily be your browser. How often is 'occasionally'?
Try running your browser in 'no add-on' mode to see if you get any redirects.
Have you got an example link that you tried but found it redirected?
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 9th, 2010, 4:52 am

I didn't get a redirect at all yesterday after using the internet all day and night. However, I did get one this morning and it redirected me to http://annonces.ebay.fr/ (I live in France).

The kaspersky scan completed with no further infected files.

I will now try the no add-on in firefox and see what happens over the next day or two.

Thanks again for your help!
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am

Re: Suspected keylogger and browser redirect

Unread postby Vino Rosso » February 9th, 2010, 5:08 pm

Hi

Let's check with another scan:

Navilog1 for Windows 2000/XP
Please download Navilog1 by IL-MAFIOSO by clicking >here<
Save the file to your Desktop
  • Right-click on Navilog1.zip and select 'Extract All'. Extract the file to your Desktop.
  • Double click on navilog1.exe to install it on your computer.
  • When the installation is complete, the tool will start automatically.
  • If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
  • Press E for English from the language Menu.
  • Type 1 in the next Menu to select Search and press Enter.
  • Wait for the Scan to finish (It may take a reasonable amount of time)
  • Press any key as requested.
  • A new document will be produced: fixnavi.txt.
  • Please copy/paste the contents of this report in your next reply.
The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Important! Do NOT run any other options until advised. Running other options unsupervised could seriously damage your computer.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Re: Suspected keylogger and browser redirect

Unread postby Brood » February 9th, 2010, 5:35 pm

The document was named cleannavi.txt not fixnavi, so maybe I didn't select the right option. I selected 1 Search / Automatic Cleaning.

Fix Navipromo version 4.0.6 began on 09/02/2010 22:31:46.85

!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!

Fix running from E:\Program Files\navilog1

Updated on 03.01.2010 at 11h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz )
BIOS : Default System BIOS
USER : Barry ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 9.0 (Activated)


C:\ (Local Disk) - NTFS - Total:465 Go (Free:168 Go)
D:\ (CD or DVD) - CDFS - Total:2 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:195 Go (Free:61 Go)
F:\ (Local Disk) - NTFS - Total:736 Go (Free:177 Go)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:418 Go)
H:\ (CD or DVD) - UDF - Total:1 Go (Free:0 Go)
I:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
J:\ (USB) - FAT32 - Total:7654 Mo (Free:5 Go)
K:\ (CD or DVD)
L:\ (CD or DVD)


Search done in normal mode


No Infection Navipromo/Egdaccess Found



*** Scan completed 09/02/2010 22:32:23.07 ***
Brood
Regular Member
 
Posts: 18
Joined: January 30th, 2010, 10:46 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware