1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Needed With Malware Removal

Discussion in 'Virus & Other Malware Removal' started by Decetch, Oct 17, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Everyone,

    Would someone please help me with suspected malware removal.

    Thanks.

    Decetch

    Logs pasted and attached as requested.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:21:19 PM, on 18/10/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\PowerS.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\VxBlockServer.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
    C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spybot - Search & Destroy 1.6\TeaTimer.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\SpywareGuard 2.2\sgmain.exe
    C:\Program Files\SpywareGuard 2.2\sgbhp.exe
    C:\WINDOWS\explorer.exe
    E:\Eudora\Decetch\Eudora.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Administrator.JOHN.000\Desktop\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=3081
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard 2.2\dlprotect.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.6\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Clipboard Pile] D:\Clipboard Pile\Clipboard Pile.exe
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
    O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2011\5.0\CPMonitor.exe"
    O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy 1.6\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard 2.2\sgmain.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.6\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.6\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211766713296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1273627334687
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6}: NameServer = 203.0.178.191,210.80.58.42
    O17 - HKLM\System\CS2\Services\Tcpip\..\{6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6}: NameServer = 203.0.178.191,210.80.58.42
    O17 - HKLM\System\CS4\Services\Tcpip\..\{6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6}: NameServer = 203.0.178.191,210.80.58.42
    O17 - HKLM\System\CS5\Services\Tcpip\..\{6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6}: NameServer = 203.0.178.191,210.80.58.42
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BOT4Service - Unknown owner - C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
    O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    --
    End of file - 17356 bytes



    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Administrator at 13:26:34.82 on Mon 18/10/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.495 [GMT 11:00]
    AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\PowerS.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\VxBlockServer.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
    C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spybot - Search & Destroy 1.6\TeaTimer.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\SpywareGuard 2.2\sgmain.exe
    C:\Program Files\SpywareGuard 2.2\sgbhp.exe
    C:\WINDOWS\explorer.exe
    E:\Eudora\Decetch\Eudora.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Administrator.JOHN.000\Local Settings\Temporary Internet Files\Content.IE5\ND2LPATA\dds[1].com
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com.au/
    uInternet Connection Wizard,ShellNext = https://login.live.com/resetpw.srf?lc=3081
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: : {206e52e0-d52e-11d4-ad54-0000e86c26f6} - c:\progra~1\freshd~1\freshd~1\fdcatch.dll
    BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard 2.2\dlprotect.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1.6\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy 1.6\TeaTimer.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [Clipboard Pile] d:\clipboard pile\Clipboard Pile.exe
    mRun: [PowerS] c:\windows\PowerS.exe
    mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HP SchedIndexer] c:\program files\hewlett-packard\laserjet all-in-one\hppschedindexer.exe
    mRun: [HP AutoIndexer] c:\program files\hewlett-packard\laserjet all-in-one\hppautoindexer.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatchTray13.exe"
    mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DMXLauncher] "c:\program files\roxio\media experience\DMXLauncher.exe"
    mRun: [Desktop Disc Tool] "c:\program files\roxio 2011\roxio burn\RoxioBurnLauncher.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [CPMonitor] "c:\program files\roxio 2011\5.0\CPMonitor.exe"
    mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\admini~1.000\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard 2.2\sgmain.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1.6\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211766713296
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273627334687
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
    TCP: {6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6} = 203.0.178.191,210.80.58.42
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\freshd~1\freshd~1\fdcatch.dll
    Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\freshd~1\freshd~1\fdcatch.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - e:\eudora 7.1.09\EuShlExt.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard 2.2\spywareguard.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    ================= FIREFOX ===================
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox 2.0.0.6\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox 2.0.0.6\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox 2.0.0.6\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox 2.0.0.6\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    ============= SERVICES / DRIVERS ===============
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-9-30 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2010-9-30 20616]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-27 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-8 218592]
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-11-9 21488]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-11-9 15856]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-9-28 752128]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-11-9 25584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67656]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1357464]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-9-28 3975088]
    R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-7-14 32240]
    R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-8 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-8 1142224]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-9-28 163232]
    R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [2007-8-6 37120]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-9-30 122504]
    S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2007-12-4 371349]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
    S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-9-30 14216]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-26 15008]
    S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
    S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    =============== Created Last 30 ================
    2010-10-15 14:50 <DIR> --d----- C:\Zip44
    2010-10-14 15:18 127 a------- c:\windows\system32\MRT.INI
    2010-10-14 15:18 <DIR> --d----- c:\windows\system32\MpEngineStore
    2010-10-12 16:24 <DIR> --d----- c:\documents and settings\administrator.john.000\eee
    2010-10-08 14:23 <DIR> --d----- c:\program files\SpywareBlaster 4.4
    2010-10-08 13:32 233,136 a------- c:\windows\system32\drivers\pctgntdi.sys
    2010-10-08 13:32 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
    2010-10-08 13:32 7,383 a------- c:\windows\system32\drivers\pctcore.cat
    2010-10-08 13:32 218,592 a------- c:\windows\system32\drivers\PCTCore.sys
    2010-10-08 13:32 88,040 a------- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-10-08 13:32 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
    2010-10-08 13:32 63,360 a------- c:\windows\system32\drivers\pctplsg.sys
    2010-10-08 13:32 7,383 a------- c:\windows\system32\drivers\pctplsg.cat
    2010-10-08 13:31 <DIR> --d----- c:\program files\Spyware Doctor
    2010-10-08 13:31 <DIR> --d----- c:\program files\common files\PC Tools
    2010-10-08 13:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-10-08 13:31 <DIR> --d----- c:\docume~1\admini~1.000\applic~1\PC Tools
    2010-09-30 12:44 20,616 a------- c:\windows\system32\drivers\eufs.sys
    2010-09-30 12:43 14,216 a------- c:\windows\system32\drivers\eudskacs.sys
    2010-09-30 12:43 26,248 a------- c:\windows\system32\drivers\eubakup.sys
    2010-09-30 12:43 122,504 a------- c:\windows\system32\drivers\EuDisk.sys
    2010-09-30 12:43 <DIR> --d----- c:\program files\EASEUS
    2010-09-30 10:19 <DIR> --d----- C:\Katherine Jenkins
    2010-09-28 15:34 163,232 a------- c:\windows\system32\drivers\afcdp.sys
    2010-09-28 15:34 752,128 a------- c:\windows\system32\drivers\tdrpm273.sys
    2010-09-28 15:34 600,928 a------- c:\windows\system32\drivers\timntr.sys
    2010-09-28 15:34 170,464 a------- c:\windows\system32\drivers\snapman.sys
    2010-09-20 13:42 <DIR> --d----- c:\program files\D-Link DSLs
    ==================== Find3M ====================
    2010-09-18 17:53 974,848 a------- c:\windows\system32\mfc42.dll
    2010-09-18 17:53 954,368 a------- c:\windows\system32\mfc40.dll
    2010-09-18 17:53 953,856 -------- c:\windows\system32\mfc40u.dll
    2010-09-18 12:23 974,848 a------- c:\windows\system32\mfc42u.dll
    2010-09-10 16:58 916,480 a------- c:\windows\system32\wininet.dll
    2010-09-10 16:58 43,520 a------- c:\windows\system32\licmgr10.dll
    2010-09-01 22:51 285,824 a------- c:\windows\system32\atmfd.dll
    2010-09-01 00:42 1,852,800 a------- c:\windows\system32\win32k.sys
    2010-08-27 19:02 119,808 a------- c:\windows\system32\t2embed.dll
    2010-08-27 16:57 99,840 a------- c:\windows\system32\srvsvc.dll
    2010-08-27 00:39 357,248 a------- c:\windows\system32\drivers\srv.sys
    2010-08-26 23:52 5,120 a------- c:\windows\system32\xpsp4res.dll
    2010-08-24 03:12 617,472 -------- c:\windows\system32\comctl32.dll
    2010-08-18 00:17 58,880 a------- c:\windows\system32\spoolsv.exe
    2010-08-16 19:45 590,848 a------- c:\windows\system32\rpcrt4.dll
    2010-07-14 16:17 2,828 ac-sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2010-03-15 20:11 72,080 a------- c:\documents and settings\administrator.john.000\g2mdlhlpx.exe
    2008-07-17 10:32 88 -c-shr-- c:\docume~1\alluse~1\applic~1\760CC4C70D.sys
    ============= FINISH: 13:37:57.85 ===============

    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit quick scan 2010-10-18 13:45:24
    Windows 5.1.2600 Service Pack 3
    Running: GMER.exe; Driver: C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\kxddypob.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Everyone,

    The problem still remains.

    Thanks
     
  3. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Everyone,

    I still require assistance.

    Thanks
     
  4. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Everyone,

    I still require assistance

    Thanks
     
  5. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Everyone,

    I still require assistance.

    Thanks
     
  6. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Helpers,

    I still require assistance.

    Thanks
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Hiya

    Sorry for the lateness, very busy in these forums.. :(


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    eddie
     
  8. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Eddie,

    Thanks for the reply. Hope I didn't come across as pushy, but I was "bumping"
    my post so it didn't get lost in the system. :)

    Logs as requested.

    OTL Extras logfile created on: 8/11/2010 10:41:03 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John-PC\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 57.27 Gb Total Space | 23.61 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
    Drive E: | 38.28 Gb Total Space | 29.83 Gb Free Space | 77.93% Space Free | Partition Type: NTFS
    Drive F: | 3.67 Gb Total Space | 3.63 Gb Free Space | 98.85% Space Free | Partition Type: FAT32
    Drive H: | 931.51 Gb Total Space | 672.14 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

    Computer Name: JOHN-XP | User Name: John-PC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
    Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "Z:\setup.exe" = Z:\setup.exe:*:Enabled:Roxio Streamer Discovery Service -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\eMule 0.48a\emule.exe" = C:\Program Files\eMule 0.48a\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
    "D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
    "C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Disabled:Adobe Photoshop CS3 -- File not found
    "C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)
    "C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "Z:\setup.exe" = Z:\setup.exe:*:Enabled:Roxio Streamer Discovery Service -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
    "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
    "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.2.0.132
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
    "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
    "{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
    "{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
    "{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
    "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
    "{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{64FDE32B-72F5-445D-939B-8D3CD01CB388}" = ESET Smart Security
    "{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
    "{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
    "{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{798CA202-699B-49CC-95EE-BD01411A42E4}" =
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
    "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
    "{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90546A9B-9B86-4D8A-B381-EF8D8AAE73E1}" = Extensis Suitcase 9.2
    "{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
    "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
    "{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.2
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
    "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
    "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
    "{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8 Demo
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
    "{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
    "{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 2.8.0.1
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
    "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
    "{EFF09DE4-B83E-4C93-BD51-5D0F8C67C65E}" = Printer's Apprentice 8.0
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.5 Professional
    "Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
    "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
    "AMP Font Viewer" = AMP Font Viewer
    "AnyDVD" = AnyDVD
    "Atomic Clock Sync" = Atomic Clock Sync
    "AVS Video Tools 5_is1" = AVS Video Tools 5.4
    "CAL" = Canon Camera Access Library
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CDCheck" = CDCheck
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Clipboard Pile_is1" = Clipboard Pile
    "CloneDVD2" = CloneDVD2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
    "EasyMailPlusID_is1" = Easy Mail Plus version 2.2.18.0
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Photo Print" = EPSON Photo Print
    "Exact Audio Copy" = Exact Audio Copy 0.99pb4
    "EZ Mask v1 for Adobe Photoshop & Photoshop Elements" = EZ Mask v1 for Adobe Photoshop & Photoshop Elements
    "File Shredder_is1" = File Shredder 2.0
    "FreshDevices FreshDownload_is1" = FreshDownload
    "Google Updater" = Google Updater
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.1
    "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
    "HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
    "ie8" = Windows Internet Explorer 8
    "Image Doctor 2" = Alien Skin Image Doctor 2
    "ImgBurn" = ImgBurn
    "Inkscape" = Inkscape 0.46
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
    "InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
    "IsoBuster_is1" = IsoBuster 2.8
    "Logo Design Studio Pro3.0.0" = Logo Design Studio Pro
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaCoder" = MediaCoder 0.6.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
    "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
    "MyCamera" = Canon Utilities MyCamera
    "Neat Image_is1" = Neat Image v5 Demo (with plug-in)
    "PDFill PDF Writer" = PDFill PDF Writer
    "PhotoRecord" = Canon PhotoRecord
    "Pop-Up Stopper Professional" = Pop-Up Stopper Professional
    "PowerISO" = PowerISO
    "PrimoPDF4.1.0.9" = PrimoPDF
    "Recover Data for FAT & NTFS_is1" = Recover Data for FAT & NTFS
    "Recover Data for NTFS_is1" = Recover Data for NTFS
    "Recuva" = Recuva
    "Registry Mechanic_is1" = Registry Mechanic 6.0
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "Roxio PhotoShow" = Roxio PhotoShow
    "SightSpeed" = SightSpeed (remove only)
    "Sport Video Player_is1" = Sport Video Player 2.6
    "Spyware Doctor" = Spyware Doctor 7.0
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SpywareGuard_is1" = SpywareGuard v2.2
    "Switch" = Switch Sound File Converter
    "The Logo Creator v5" = The Logo Creator v5
    "Typograf" = Typograf4.8f
    "Vidomi" = Vidomi (remove only)
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/11/2010 7:20:45 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 3/11/2010 7:21:08 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:15 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:41 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:31 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:54 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:03 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:32 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:00 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:20 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    [ Application Events ]
    Error - 3/11/2010 7:20:45 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 3/11/2010 7:21:08 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:15 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:41 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:31 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:54 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:03 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:32 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:00 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:20 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    [ System Events ]
    Error - 3/11/2010 7:16:12 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 5/11/2010 7:32:30 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 5/11/2010 7:32:30 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 6/11/2010 8:09:34 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 6/11/2010 8:09:34 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 7/11/2010 6:35:51 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 7/11/2010 6:35:51 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.


    < End of report >


    OTL Extras logfile created on: 8/11/2010 10:41:03 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John-PC\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 57.27 Gb Total Space | 23.61 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
    Drive E: | 38.28 Gb Total Space | 29.83 Gb Free Space | 77.93% Space Free | Partition Type: NTFS
    Drive F: | 3.67 Gb Total Space | 3.63 Gb Free Space | 98.85% Space Free | Partition Type: FAT32
    Drive H: | 931.51 Gb Total Space | 672.14 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

    Computer Name: JOHN-XP | User Name: John-PC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
    Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp Pro 5.5\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "Z:\setup.exe" = Z:\setup.exe:*:Enabled:Roxio Streamer Discovery Service -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\eMule 0.48a\emule.exe" = C:\Program Files\eMule 0.48a\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
    "D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
    "C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe" = C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Disabled:Adobe Photoshop CS3 -- File not found
    "C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)
    "C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "Z:\setup.exe" = Z:\setup.exe:*:Enabled:Roxio Streamer Discovery Service -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
    "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
    "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.2.0.132
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
    "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
    "{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
    "{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
    "{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
    "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
    "{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{64FDE32B-72F5-445D-939B-8D3CD01CB388}" = ESET Smart Security
    "{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
    "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro
    "{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2
    "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
    "{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{798CA202-699B-49CC-95EE-BD01411A42E4}" =
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
    "{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery
    "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro
    "{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{90546A9B-9B86-4D8A-B381-EF8D8AAE73E1}" = Extensis Suitcase 9.2
    "{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
    "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
    "{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{937C6F96-CEA5-4B97-848D-1328BD8D59D4}" = ECI Client v5.2
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
    "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
    "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
    "{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8 Demo
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
    "{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
    "{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 2.8.0.1
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
    "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
    "{EFF09DE4-B83E-4C93-BD51-5D0F8C67C65E}" = Printer's Apprentice 8.0
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Ad-Aware" = Ad-Aware
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.2.5 Professional
    "Adobe Acrobat 8 Professional_825" = Adobe Acrobat 8.2.5 - CPSID_83708
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
    "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
    "AMP Font Viewer" = AMP Font Viewer
    "AnyDVD" = AnyDVD
    "Atomic Clock Sync" = Atomic Clock Sync
    "AVS Video Tools 5_is1" = AVS Video Tools 5.4
    "CAL" = Canon Camera Access Library
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CCleaner" = CCleaner
    "CDCheck" = CDCheck
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Clipboard Pile_is1" = Clipboard Pile
    "CloneDVD2" = CloneDVD2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
    "EasyMailPlusID_is1" = Easy Mail Plus version 2.2.18.0
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Photo Print" = EPSON Photo Print
    "Exact Audio Copy" = Exact Audio Copy 0.99pb4
    "EZ Mask v1 for Adobe Photoshop & Photoshop Elements" = EZ Mask v1 for Adobe Photoshop & Photoshop Elements
    "File Shredder_is1" = File Shredder 2.0
    "FreshDevices FreshDownload_is1" = FreshDownload
    "Google Updater" = Google Updater
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.1
    "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
    "HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
    "ie8" = Windows Internet Explorer 8
    "Image Doctor 2" = Alien Skin Image Doctor 2
    "ImgBurn" = ImgBurn
    "Inkscape" = Inkscape 0.46
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
    "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
    "InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2
    "InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
    "IsoBuster_is1" = IsoBuster 2.8
    "Logo Design Studio Pro3.0.0" = Logo Design Studio Pro
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaCoder" = MediaCoder 0.6.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
    "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
    "MyCamera" = Canon Utilities MyCamera
    "Neat Image_is1" = Neat Image v5 Demo (with plug-in)
    "PDFill PDF Writer" = PDFill PDF Writer
    "PhotoRecord" = Canon PhotoRecord
    "Pop-Up Stopper Professional" = Pop-Up Stopper Professional
    "PowerISO" = PowerISO
    "PrimoPDF4.1.0.9" = PrimoPDF
    "Recover Data for FAT & NTFS_is1" = Recover Data for FAT & NTFS
    "Recover Data for NTFS_is1" = Recover Data for NTFS
    "Recuva" = Recuva
    "Registry Mechanic_is1" = Registry Mechanic 6.0
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "Roxio PhotoShow" = Roxio PhotoShow
    "SightSpeed" = SightSpeed (remove only)
    "Sport Video Player_is1" = Sport Video Player 2.6
    "Spyware Doctor" = Spyware Doctor 7.0
    "SpywareBlaster_is1" = SpywareBlaster 4.4
    "SpywareGuard_is1" = SpywareGuard v2.2
    "Switch" = Switch Sound File Converter
    "The Logo Creator v5" = The Logo Creator v5
    "Typograf" = Typograf4.8f
    "Vidomi" = Vidomi (remove only)
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/11/2010 7:20:45 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 3/11/2010 7:21:08 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:15 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:41 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:31 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:54 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:03 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:32 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:00 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:20 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    [ Application Events ]
    Error - 3/11/2010 7:20:45 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 3/11/2010 7:21:08 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:15 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 4/11/2010 11:12:41 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:31 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 5/11/2010 7:37:54 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:03 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 6/11/2010 8:14:32 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:00 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    Error - 7/11/2010 6:41:20 PM | Computer Name = JOHN-XP | Source = MsiInstaller | ID = 10005
    Description = Product: Roxio Media Experience -- Internal Error 2356. Disk1

    [ System Events ]
    Error - 3/11/2010 7:16:12 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 4/11/2010 11:07:31 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 5/11/2010 7:32:30 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 5/11/2010 7:32:30 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 6/11/2010 8:09:34 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 6/11/2010 8:09:34 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.

    Error - 7/11/2010 6:35:51 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7000
    Description = The Conexant's BtPCI WDM Video Capture service failed to start due
    to the following error: %%1058

    Error - 7/11/2010 6:35:51 PM | Computer Name = JOHN-XP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    12 service to connect.


    < End of report >

    Thanks Eddie.

    John
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Nope, not pushy at all, many threads get lost, due to the amount posted daily :)

    You have posted the same log twice, the Extra's txt:

    OTL Extras logfile created on: 8/11/2010 10:41:03 AM - Run 1

    You should have another one just called OTL.txt. If you can't find it, re-run OTL and it will create a new log, but only the OTL log file will be created, so don't worry if the Extra log isn't shown ;)
     
  10. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Eddie,

    Sorry about that. Try this. :)

    OTL logfile created on: 8/11/2010 10:41:03 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\John-PC\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 57.27 Gb Total Space | 23.61 Gb Free Space | 41.22% Space Free | Partition Type: NTFS
    Drive E: | 38.28 Gb Total Space | 29.83 Gb Free Space | 77.93% Space Free | Partition Type: NTFS
    Drive F: | 3.67 Gb Total Space | 3.63 Gb Free Space | 98.85% Space Free | Partition Type: FAT32
    Drive H: | 931.51 Gb Total Space | 672.14 Gb Free Space | 72.16% Space Free | Partition Type: NTFS

    Computer Name: JOHN-XP | User Name: John-PC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/08 10:09:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John-PC\Desktop\OTL.exe
    PRC - [2010/11/04 10:23:41 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/04 10:23:31 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/09/28 15:34:43 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/09/23 14:36:04 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2010/08/21 21:16:16 | 000,390,712 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2010/08/21 21:16:12 | 000,779,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2010/08/21 21:15:32 | 005,459,136 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2010/08/21 00:18:30 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    PRC - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2010/08/12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    PRC - [2010/07/13 22:23:50 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
    PRC - [2010/06/30 10:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/05/30 14:08:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
    PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
    PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
    PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    PRC - [2009/03/24 01:01:00 | 000,113,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\VxBlockServer.exe
    PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/23 14:19:06 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007/10/23 14:18:46 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    PRC - [2007/09/20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2006/07/31 10:00:00 | 001,116,920 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    PRC - [2001/08/03 17:56:22 | 000,159,800 | ---- | M] (prolink) -- C:\WINDOWS\PowerS.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/08 10:09:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John-PC\Desktop\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
    MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/11 20:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    MOD - [2008/05/13 11:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    MOD - [2008/04/14 06:42:08 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
    MOD - [2008/04/14 06:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll
    MOD - [2008/04/14 00:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
    MOD - [2003/08/03 00:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard 2.2\spywareguard.dll
    MOD - [2001/04/12 19:05:18 | 000,077,824 | ---- | M] (Qualcomm Inc.) -- E:\Eudora\Decetch\EuShlExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/11/04 10:23:31 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2010/09/28 15:34:43 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/08/21 21:16:12 | 000,779,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
    SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
    SRV - [2010/07/14 05:00:00 | 000,032,240 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
    SRV - [2010/05/30 14:08:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
    SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
    SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2006/08/10 05:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
    SRV - [2006/08/10 05:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
    DRV - [2010/11/04 10:26:05 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/09/28 15:34:53 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/09/28 15:34:26 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
    DRV - [2010/09/28 15:34:22 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/09/28 15:34:02 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/08/04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2010/08/03 13:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
    DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
    DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/07/12 19:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/05/26 14:20:33 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2010/02/19 20:11:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/19 20:11:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/12/02 13:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
    DRV - [2009/12/02 13:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
    DRV - [2009/12/02 13:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
    DRV - [2009/12/02 13:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
    DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
    DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
    DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
    DRV - [2008/05/10 04:56:13 | 000,099,264 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2008/04/14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
    DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
    DRV - [2007/12/04 14:55:55 | 000,371,349 | ---- | M] (Illusion & Hope.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\BT848.sys -- (BT848)
    DRV - [2007/08/08 06:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2007/04/09 23:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/08/09 05:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
    DRV - [2006/08/08 10:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/08 10:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/08 10:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/08 10:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/08 10:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/08 10:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/08 10:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/08 10:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/04 09:37:28 | 000,099,208 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2006/08/01 21:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/01 21:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/08/01 20:46:34 | 000,051,800 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/04/12 19:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
    DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2004/08/04 09:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2001/08/17 23:19:38 | 000,037,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1370mp.sys -- (ES1370) Creative AudioPCI (ES1370), SB PCI 64/128 (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 90 6A C3 DF 70 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox 2.0.0.6\components [2010/08/17 18:27:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 2.0.0.6\plugins [2010/10/12 12:11:23 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/11/01 14:06:50 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/11/08 10:40:04 | 000,615,289 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 fr.a2dfp.net
    O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
    O1 - Hosts: 127.0.0.1 ad.a8.net
    O1 - Hosts: 127.0.0.1 asy.a8ww.net
    O1 - Hosts: 127.0.0.1 adv.abv.bg
    O1 - Hosts: 127.0.0.1 bimg.abv.bg
    O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
    O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
    O1 - Hosts: 127.0.0.1 accuserveadsystem.com
    O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
    O1 - Hosts: 127.0.0.1 achmedia.com
    O1 - Hosts: 127.0.0.1 aconti.net
    O1 - Hosts: 127.0.0.1 secure.aconti.net
    O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
    O1 - Hosts: 127.0.0.1 ads.active.com
    O1 - Hosts: 127.0.0.1 am1.activemeter.com
    O1 - Hosts: 127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
    O1 - Hosts: 127.0.0.1 ads.activepower.net
    O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
    O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
    O1 - Hosts: 127.0.0.1 ad2games.com
    O1 - Hosts: 127.0.0.1 cms.ad2click.nl
    O1 - Hosts: 127.0.0.1 ads.ad2games.com
    O1 - Hosts: 127.0.0.1 content.ad20.net
    O1 - Hosts: 16166 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: () - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Program Files\FreshDevices\FreshDownload\fdcatch.dll (FreshDevices Corp.)
    O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard 2.2\dlprotect.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 1.6\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    O4 - HKLM..\Run: [Clipboard Pile] D:\Clipboard Pile\Clipboard Pile.exe File not found
    O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2011\5.0\CPMonitor.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [PowerS] C:\WINDOWS\PowerS.exe (prolink)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Sonic Solutions)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 1.6\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
    O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Key error. (SpinTop DRM Control)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211766713296 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1273627334687 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Key error. (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard 2.2\spywareguard.dll ()
    O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Eudora\Decetch\EuShlExt.dll (Qualcomm Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/06 11:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/10/06 10:14:00 | 000,729,464 | ---- | M] (Sysinternals - www.sysinternals.com) - F:\autoruns.exe -- [ FAT32 ]
    O32 - AutoRun File - [2005/10/12 10:35:44 | 001,854,803 | ---- | M] () - H:\AutoCorrect 1.53.zip -- [ NTFS ]
    O32 - AutoRun File - [2010/08/21 14:29:51 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 23:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/08 10:08:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John-PC\Desktop\OTL.exe
    [2010/11/05 15:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\My Documents\OneNote Notebooks
    [2010/11/03 15:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Bitstream
    [2010/11/02 14:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/11/01 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\ESET
    [2010/11/01 14:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\ESET
    [2010/11/01 14:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/11/01 14:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/11/01 10:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\WinRAR
    [2010/11/01 10:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Desktop\gmer
    [2010/10/31 09:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\SUPERAntiSpyware.com
    [2010/10/24 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\My Documents\Downloads
    [2010/10/24 12:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\uTorrent
    [2010/10/23 14:16:17 | 000,000,000 | ---D | C] -- C:\Zip45
    [2010/10/23 12:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\AUSkey
    [2010/10/23 12:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\.csi
    [2010/10/23 11:08:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John-PC\IECompatCache
    [2010/10/21 15:06:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John-PC\PrivacIE
    [2010/10/21 14:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Ipswitch
    [2010/10/21 13:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Sun
    [2010/10/21 13:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\Identities
    [2010/10/21 13:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\Ahead
    [2010/10/21 13:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Roxio
    [2010/10/21 13:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\Adobe
    [2010/10/21 13:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Nero
    [2010/10/21 13:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\Roxio
    [2010/10/21 13:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Adobe
    [2010/10/21 13:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Identities
    [2010/10/21 13:48:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John-PC\My Documents\My Music
    [2010/10/21 13:48:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John-PC\My Documents\My Pictures
    [2010/10/21 13:48:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John-PC\Cookies
    [2010/10/21 13:47:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John-PC\Application Data\Microsoft
    [2010/10/21 13:47:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John-PC\SendTo
    [2010/10/21 13:47:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John-PC\Recent
    [2010/10/21 13:47:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John-PC\Application Data
    [2010/10/21 13:47:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John-PC\Start Menu
    [2010/10/21 13:47:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John-PC\My Documents
    [2010/10/21 13:47:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John-PC\Favorites
    [2010/10/21 13:47:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John-PC\IETldCache
    [2010/10/21 13:47:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John-PC\Templates
    [2010/10/21 13:47:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John-PC\PrintHood
    [2010/10/21 13:47:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John-PC\NetHood
    [2010/10/21 13:47:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John-PC\Local Settings
    [2010/10/21 13:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Local Settings\Application Data\Microsoft
    [2010/10/21 13:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Application Data\Macromedia
    [2010/10/21 13:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John-PC\Desktop
    [2010/10/15 14:50:50 | 000,000,000 | ---D | C] -- C:\Zip44
    [2010/10/14 15:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2006/07/11 15:29:00 | 000,028,672 | R--- | C] ( ) -- C:\WINDOWS\System32\DivXGraphBuilderCallback.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/08 10:09:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John-PC\Desktop\OTL.exe
    [2010/11/08 10:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/11/08 09:46:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/11/08 09:34:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/11/08 09:33:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/08 09:33:15 | 1610,141,696 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/07 11:07:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/05 15:49:34 | 000,000,982 | ---- | M] () -- C:\Documents and Settings\John-PC\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2010/11/05 15:35:48 | 000,001,356 | ---- | M] () -- C:\WINDOWS\fnerr.dat
    [2010/11/05 14:32:50 | 000,000,429 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2010/11/05 14:32:34 | 000,000,112 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
    [2010/11/05 14:32:34 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2010/11/04 10:26:56 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/11/04 10:14:35 | 003,972,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/02 14:31:04 | 000,108,740 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/11/01 10:04:19 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\gmer.zip
    [2010/11/01 09:58:10 | 000,626,176 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\dds.scr
    [2010/11/01 09:56:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John-PC\defogger_reenable
    [2010/11/01 09:56:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\Defogger.exe
    [2010/10/23 14:53:56 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JOHN-XP-John-PC.job
    [2010/10/23 13:22:47 | 000,001,365 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\Explorer.lnk
    [2010/10/23 13:19:46 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\ECI Client 6.lnk
    [2010/10/23 12:11:19 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\St.George.url
    [2010/10/22 11:24:50 | 000,001,450 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\Decetch.lnk
    [2010/10/22 10:54:39 | 000,436,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/22 10:54:39 | 000,068,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/21 15:04:45 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\John-PC\Desktop\Ozemail.lnk
    [2010/10/21 13:49:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\John-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/21 13:49:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\John-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/10/18 13:35:33 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
    [2010/10/14 15:21:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/14 15:18:22 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2010/10/12 12:11:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/05 15:49:34 | 000,000,982 | ---- | C] () -- C:\Documents and Settings\John-PC\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    [2010/11/02 14:31:04 | 000,108,740 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/11/01 10:04:08 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\gmer.zip
    [2010/11/01 09:58:00 | 000,626,176 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\dds.scr
    [2010/11/01 09:56:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John-PC\defogger_reenable
    [2010/11/01 09:56:25 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\Defogger.exe
    [2010/10/23 14:53:55 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JOHN-XP-John-PC.job
    [2010/10/23 12:15:55 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\ECI Client 6.lnk
    [2010/10/23 12:09:37 | 000,000,290 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\St.George.url
    [2010/10/23 11:11:43 | 000,000,339 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\MYOB.lnk
    [2010/10/21 14:57:21 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\Ozemail.lnk
    [2010/10/21 14:56:37 | 000,001,450 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\Decetch.lnk
    [2010/10/21 14:54:52 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\John-PC\Desktop\Explorer.lnk
    [2010/10/21 13:49:38 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\John-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/10/21 13:49:32 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\John-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/10/14 15:18:22 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/10/12 12:11:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/09/08 14:56:35 | 000,382,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/08/14 12:48:45 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2008/12/16 16:45:37 | 000,000,314 | ---- | C] () -- C:\WINDOWS\Clipboard Pile.INI
    [2008/12/12 16:12:28 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2008/08/08 12:36:55 | 000,005,076 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rfahymmx.sgk
    [2008/07/01 11:21:00 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2008/07/01 11:21:00 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\760CC4C70D.sys
    [2008/04/29 02:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2008/01/29 15:15:01 | 000,000,073 | ---- | C] () -- C:\WINDOWS\Kyor.ini
    [2007/12/07 12:41:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2007/12/07 12:41:21 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2007/11/30 09:19:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/11/28 15:17:03 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2007/11/28 15:17:03 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2007/11/28 15:17:03 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2007/11/28 15:17:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2007/11/27 09:32:52 | 000,002,171 | ---- | C] () -- C:\WINDOWS\TSCTNDBG.INI
    [2007/11/26 13:33:41 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TSNV_I2C.INI
    [2007/11/26 13:33:21 | 000,000,043 | ---- | C] () -- C:\WINDOWS\PIXELTV.INI
    [2007/11/26 13:33:03 | 000,020,958 | ---- | C] () -- C:\WINDOWS\TSCTVMSG.INI
    [2007/11/26 13:33:03 | 000,007,367 | ---- | C] () -- C:\WINDOWS\TSCTVDIV.INI
    [2007/11/26 13:33:03 | 000,000,459 | ---- | C] () -- C:\WINDOWS\TSCFM.INI
    [2007/11/26 13:30:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DTVdrv.dll
    [2007/11/26 13:30:12 | 000,019,966 | ---- | C] () -- C:\WINDOWS\Tsctvfm.ini
    [2007/11/26 13:30:12 | 000,012,188 | ---- | C] () -- C:\WINDOWS\System32\DTVdrvNT.sys
    [2007/11/26 13:30:12 | 000,001,230 | ---- | C] () -- C:\WINDOWS\TSCTV.INI
    [2007/11/26 13:30:11 | 000,000,105 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI
    [2007/11/05 12:34:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2007/11/01 19:57:29 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\custmon2k.dll
    [2007/10/26 10:04:40 | 000,068,080 | ---- | C] () -- C:\WINDOWS\System32\dlaapi_w.dll
    [2007/10/12 10:23:34 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameZ.txt
    [2007/09/24 23:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwp32.INI
    [2007/09/24 23:32:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
    [2007/09/24 23:32:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
    [2007/09/03 12:07:32 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/09/03 12:07:03 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2007/08/09 18:07:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2007/08/08 14:07:47 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/08/08 11:53:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
    [2007/08/08 11:50:56 | 000,000,429 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2007/08/08 11:50:56 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2007/08/07 11:26:12 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2007/08/06 21:24:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/08/06 16:25:18 | 000,000,659 | ---- | C] () -- C:\WINDOWS\FMTMSAM.INI
    [2007/08/06 16:25:08 | 000,000,160 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2007/08/06 16:23:28 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
    [2007/08/06 16:23:05 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2007/08/06 16:23:05 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
    [2007/08/06 16:22:48 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppLangChoice.ini
    [2007/08/06 15:53:12 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
    [2007/08/06 15:53:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
    [2007/08/06 15:51:06 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
    [2007/08/06 15:51:06 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
    [2007/08/06 12:53:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fr.ini
    [2006/10/01 09:42:59 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
    [2006/09/28 16:10:06 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\QtXml4.dll
    [2006/09/15 14:28:19 | 001,753,088 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
    [2006/09/14 14:55:25 | 004,112,384 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
    [2006/08/16 16:47:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/08/09 05:19:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/08/09 05:19:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2006/08/09 02:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
    [2005/09/12 04:32:55 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2005/07/16 05:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2005/07/16 05:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2005/07/16 05:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2003/10/02 02:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
    [2003/10/02 02:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
    [2002/06/11 18:08:00 | 000,023,180 | ---- | C] () -- C:\WINDOWS\System32\evgainit.sys
    [2002/05/13 20:16:19 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2007/08/08 23:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
    [2010/09/28 15:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2009/11/09 11:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
    [2010/11/01 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/08/29 14:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
    [2008/04/28 15:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/01 13:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/08/20 15:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
    [2009/11/09 11:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2008/09/25 23:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Printer's Apprentice
    [2010/07/05 13:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/08/14 12:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2010/09/12 14:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/11/08 09:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/09/12 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2009/02/05 13:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2007/12/06 10:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{53608B89-D534-4FA6-B348-02EF7D3C693C}
    [2009/12/16 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    [2010/08/11 14:58:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    [2010/10/23 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John-PC\Application Data\AUSkey
    [2010/11/03 15:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John-PC\Application Data\Bitstream
    [2010/11/02 14:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John-PC\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/11/01 14:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John-PC\Application Data\ESET
    [2010/10/27 11:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John-PC\Application Data\uTorrent
    [2010/11/08 09:46:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/11/08 10:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2010/10/18 13:35:33 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    < End of report >

    Thanks
    John
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Hi John

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      µTorrent
      eMule


      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.



    ----------------------------


    Okay, lets have a look at the rest of the stuff :)

    Go to AddRemove via the Control Panel and uninstall these programs because they're not needed or are outdated or are dangerous to use.

    If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later :)


    Apple Software Update
    Ask Toolbar
    Adobe AIR
    Spybot - Search & Destroy
    Acrobat.com
    Ad-Aware



    ---------------


    Download SREng
    • Extract it to Desktop and double click SREngLdr.EXE to run it
    • Select System Repair from the left pane.
    • Click on File Association
    • Select all entries that has an Error status click [Repair]
    • Refer to this image for an example:

      [​IMG]
    • Close SREng now.



    ------------------

    Now, I see you have SUPERAntiSpyware Free Edition installed. Can you update and run it, along with these programs:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  12. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Eddie,

    Logs as requested.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 5093
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    11/11/2010 1:43:04 PM
    mbam-log-2010-11-11 (13-43-04).txt
    Scan type: Quick scan
    Objects scanned: 197338
    Time elapsed: 15 minute(s), 28 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 11/11/2010 at 12:18 PM
    Application Version : 4.44.1000
    Core Rules Database Version : 5843
    Trace Rules Database Version: 3655
    Scan type : Quick Scan
    Total Scan Time : 00:32:39
    Memory items scanned : 555
    Memory threats detected : 0
    Registry items scanned : 2325
    Registry threats detected : 0
    File items scanned : 10674
    File threats detected : 11
    Adware.Tracking Cookie
    C:\Documents and Settings\John-PC\Cookies\[email protected][2].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][1].txt
    C:\Documents and Settings\John-PC\Cookies\john-pc@thefind[1].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][4].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][2].txt
    C:\Documents and Settings\John-PC\Cookies\john-pc@mediafire[1].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][1].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][2].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][1].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][1].txt
    C:\Documents and Settings\John-PC\Cookies\[email protected][2].txt

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:52:13 PM, on 11/11/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\PowerS.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\VxBlockServer.exe
    C:\Program Files\Roxio 2011\5.0\CPMonitor.exe
    C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard 2.2\dlprotect.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Clipboard Pile] D:\Clipboard Pile\Clipboard Pile.exe
    O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe
    O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio 2011\5.0\CPMonitor.exe"
    O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1211766713296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1273627334687
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6}: NameServer = 203.0.178.191,210.80.58.42
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BOT4Service - Unknown owner - C:\Program Files\Roxio\BackOnTrack\App\BService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
    O23 - Service: RoxMediaDB13 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    --
    End of file - 15753 bytes

    Thanks.

    John
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  14. Decetch

    Decetch Thread Starter

    Joined:
    Aug 13, 2009
    Messages:
    82
    Hi Eddie,

    Combofix log as requested.


    ComboFix 10-11-12.01 - John-PC 13/11/2010 10:30:17.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.930 [GMT 11:00]
    Running from: c:\documents and settings\John-PC\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Administrator.JOHN.000\g2mdlhlpx.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
    .
    2010-11-11 02:51 . 2010-11-11 02:51 -------- d-----w- c:\program files\Trend Micro
    2010-11-01 03:06 . 2010-11-01 03:06 -------- d-----w- c:\program files\ESET
    2010-11-01 03:06 . 2010-11-01 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2010-10-23 03:16 . 2010-11-10 06:12 -------- d-----w- C:\Zip45
    2010-10-21 02:47 . 2010-11-12 11:44 -------- d-----w- c:\documents and settings\John-PC
    2010-10-15 03:50 . 2010-10-20 03:11 -------- d-----w- C:\Zip44
    2010-10-14 04:18 . 2010-10-14 04:18 -------- d-----w- c:\windows\system32\MpEngineStore
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-03 23:26 . 2010-07-03 12:16 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-09-28 04:34 . 2010-09-28 04:34 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2010-09-28 04:34 . 2010-09-28 04:34 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2010-09-28 04:34 . 2010-09-28 04:34 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-09-28 04:34 . 2010-09-28 04:34 170464 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-09-18 06:53 . 2004-08-04 01:07 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 01:07 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 01:07 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-18 01:23 . 2004-08-04 01:07 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-14 17:50 . 2010-05-11 06:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-14 15:29 . 2010-05-11 06:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-04 01:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-04 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2004-08-04 01:07 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-04 01:07 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2004-08-04 01:07 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-04 01:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-04 01:07 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-07-09 23:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-24 00:55 . 2010-08-24 00:55 54552 ----a-r- c:\documents and settings\Administrator.JOHN.000\Application Data\Microsoft\Installer\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}\Readme.txt_8299FC48CC8747D4B6748C7844747B90.exe
    2010-08-24 00:55 . 2010-08-24 00:55 46360 ----a-r- c:\documents and settings\Administrator.JOHN.000\Application Data\Microsoft\Installer\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}\NewShortcut11_1338DF2B22044C98A5206CA35B84C8F3.exe
    2010-08-24 00:55 . 2010-08-24 00:55 46360 ----a-r- c:\documents and settings\Administrator.JOHN.000\Application Data\Microsoft\Installer\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}\NewShortcut1_31EEF57031A74AD097594C6A782137A6.exe
    2010-08-24 00:55 . 2010-08-24 00:55 46360 ----a-r- c:\documents and settings\Administrator.JOHN.000\Application Data\Microsoft\Installer\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}\ARPPRODUCTICON.exe
    2010-08-23 16:12 . 2004-08-04 01:07 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-04 01:07 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerS"="c:\windows\PowerS.exe" [2001-08-03 159800]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
    "HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-15 307184]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-30 1116920]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-19 1836328]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-13 102400]
    "Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-29 477680]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "CPMonitor"="c:\program files\Roxio 2011\5.0\CPMonitor.exe" [2010-07-13 84464]
    "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536752]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    c:\documents and settings\Administrator.JOHN\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    c:\documents and settings\Administrator.JOHN.000\Start Menu\Programs\Startup\
    SpywareGuard.lnk - c:\program files\SpywareGuard 2.2\sgmain.exe [2003-8-29 360448]
    c:\documents and settings\JWW\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    c:\documents and settings\John-PC\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\eudora\Decetch\EuShlExt.dll" [2001-04-12 77824]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-06 00:43 548352 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\eMule 0.48a\\emule.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
    "c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [30/09/2010 12:43 PM 26248]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [30/09/2010 12:44 PM 20616]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/10/2010 1:32 PM 218592]
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [9/11/2009 11:18 AM 21488]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [9/11/2009 11:18 AM 15856]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [28/09/2010 3:34 PM 752128]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 1:31 PM 115008]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [9/11/2009 11:18 AM 25584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28/05/2008 11:33 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 11:33 AM 67656]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2/06/2009 8:05 PM 457200]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [28/09/2010 3:34 PM 3975088]
    R2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [14/07/2010 5:00 AM 32240]
    R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/08/2010 2:16 PM 810144]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [28/09/2010 3:34 PM 163232]
    R3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);c:\windows\system32\drivers\es1370mp.sys [6/08/2007 9:25 PM 37120]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [30/09/2010 12:43 PM 122504]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [4/12/2007 2:55 PM 371349]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [16/07/2010 7:48 AM 354288]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [30/09/2010 12:43 PM 14216]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [24/07/2009 8:33 AM 1116656]
    S3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [16/07/2010 7:48 AM 1099248]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 11:33 AM 12872]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/10/2010 1:31 PM 366840]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 2:37 PM 517096]
    --- Other Services/Drivers In Memory ---
    *Deregistered* - PCTSDInjDriver32
    .
    Contents of the 'Scheduled Tasks' folder
    2010-09-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOHN-Administrator.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-24 17:44]
    2010-10-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOHN-XP-John-PC.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-24 17:44]
    2010-11-12 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-10-08 01:49]
    2010-10-18 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-07-01 02:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: musicmatch.com\online
    TCP: {6690B823-4DE9-46DF-AD5A-FBEF2E6CBCA6} = 203.0.178.191,210.80.58.42
    Name-Space Handler: ftp\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
    Name-Space Handler: http\FD - {3BF4771A-18F5-4EAB-80B7-AC254D3C7503} - c:\progra~1\FRESHD~1\FRESHD~1\fdcatch.dll
    FF - ProfilePath -
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox 2.0.0.6\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-Clipboard Pile - d:\clipboard pile\Clipboard Pile.exe
    AddRemove-CDCheck - d:\cdcheck\uninst.exe
    AddRemove-Exact Audio Copy - d:\exact audio copy\uninst.exe
    AddRemove-mIRC - d:\mirc\mirc.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-13 10:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6e,92,ec,
    59,b0,cd,ed,8e,1f,63,a1,53,2d,3b,d3,f8,32,c9,f9,49,14,cb,92,11,51,0b,65,ea,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29C7572E-368C-9746-3DB4E03B0C8852AE}\{D5583F53-2F82-8141-B7E22169E34927D8}\{884189AF-2B25-871B-C10F8549E6A3D936}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6e,92,ec,
    59,b0,cd,ed,8e,1f,63,a1,53,2d,3b,d3,f8,32,c9,f9,49,14,cb,92,11,51,0b,65,ea,\
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{757F58AC-056D-78F5-1369DDDE8D3DA057}\{8E7CB394-6DC8-952F-BBD65168C0AE0804}\{90FEEFF2-F058-330D-A5C639EBEDCEE7EE}*]
    "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
    fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
    "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
    fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{966E1176-98BD-E3A3-1649E4659438A716}\{7D188DDB-E560-5BB6-20EABCAAB28395D5}\{0998E78C-7C0A-2C8B-9F05FD29FB8035CC}*]
    "1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
    fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DF771B98-AC91-34D8-F0EE49DCFFD7BEDE}\{02C90D3B-A401-D38F-0F8BFA977E327E75}\{1704AFF6-6AA2-2F70-F8B468ED602E6063}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6e,92,ec,
    59,b0,cd,ed,8e,1f,63,a1,53,2d,3b,d3,f8,32,c9,f9,49,14,cb,92,11,51,0b,65,ea,\
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(1528)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-11-13 10:42:44
    ComboFix-quarantined-files.txt 2010-11-12 23:42
    Pre-Run: 25,322,242,048 bytes free
    Post-Run: 25,369,919,488 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    - - End Of File - - 19C5A943F8F75C211B95248D882D2B2D

    Thanks.

    John
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    eddie
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/956872