Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirecting (browser hijack?)

Started by TxRattler , Mar 13 2011 10:38 AM

  • Please log in to reply

#1
TxRattler
Posted 13 March 2011 - 10:38 AM

TxRattler

    New Member

  • Member
  • Pip
  • 8 posts
Everytime I click on news & some other links & after a few minutes of reading then all of a sudden redirects to other websites. It is getting very annoying. I ran AVG & Malwarebytes and didnt find anything. My friend thinks I may have "browser hijack". Can anybody figure what it was and help fix it? Thanks.


OTL logfile created on: 3/13/2011 11:25:11 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marcums\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 397.25 Gb Free Space | 88.07% Space Free | Partition Type: NTFS

Computer Name: MARCUMS-PC | User Name: Marcums | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 11:23:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcums\Downloads\OTL.exe
PRC - [2011/03/06 22:02:12 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marcums\Downloads\HijackThis.exe
PRC - [2011/03/05 19:03:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM7\aim.exe
PRC - [2010/11/30 18:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/09/02 16:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/30 19:07:06 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Marcums\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2004/11/09 11:32:44 | 000,393,216 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files (x86)\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 11:23:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcums\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/15 10:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/04 18:53:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/17 19:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/11/12 14:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 04:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 04:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/03 16:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/03 16:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/12 05:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 10:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/01/26 01:03:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/02/22 00:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/02/22 00:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/02/27 10:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2009/12/12 23:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions
[2009/12/12 23:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/12 02:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/13 02:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions
[2010/09/23 00:23:06 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions\[email protected]
[2011/03/12 02:19:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions\[email protected]
[2009/12/12 23:38:59 | 000,004,554 | ---- | M] () -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\searchplugins\aim-search.xml
[2011/02/27 09:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/07 22:48:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/19 07:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/21 08:59:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/19 02:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/22 00:32:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
[2011/02/22 00:33:13 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/01/26 01:03:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/22 04:55:41 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/01/30 07:29:12 | 000,002,083 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 65.98.95.68 www.google.com
O1 - Hosts: 65.98.95.68 google.com
O1 - Hosts: 65.98.95.68 google.com.au
O1 - Hosts: 65.98.95.68 www.google.com.au
O1 - Hosts: 65.98.95.68 google.be
O1 - Hosts: 65.98.95.68 www.google.be
O1 - Hosts: 65.98.95.68 google.com.br
O1 - Hosts: 65.98.95.68 www.google.com.br
O1 - Hosts: 65.98.95.68 google.ca
O1 - Hosts: 65.98.95.68 www.google.ca
O1 - Hosts: 65.98.95.68 google.ch
O1 - Hosts: 65.98.95.68 www.google.ch
O1 - Hosts: 65.98.95.68 google.de
O1 - Hosts: 65.98.95.68 www.google.de
O1 - Hosts: 65.98.95.68 google.dk
O1 - Hosts: 65.98.95.68 www.google.dk
O1 - Hosts: 65.98.95.68 google.fr
O1 - Hosts: 65.98.95.68 www.google.fr
O1 - Hosts: 65.98.95.68 google.ie
O1 - Hosts: 65.98.95.68 www.google.ie
O1 - Hosts: 65.98.95.68 google.it
O1 - Hosts: 65.98.95.68 www.google.it
O1 - Hosts: 65.98.95.68 google.co.jp
O1 - Hosts: 65.98.95.68 www.google.co.jp
O1 - Hosts: 65.98.95.68 google.nl
O1 - Hosts: 22 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files (x86)\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Marcums\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1125148382158 (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7680.9054282407 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\Windows\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files (x86)\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\Windows\SysWOW64\netshell.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 22:26:13 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/08 22:26:13 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/08 22:26:12 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/08 22:26:12 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/08 22:26:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/08 22:26:11 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 22:26:11 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/08 22:26:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 22:26:10 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 22:26:10 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 22:26:10 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 22:26:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 22:26:09 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 22:26:09 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 22:26:09 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 22:26:09 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/01 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/01 23:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/01 23:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/03/01 23:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/01 23:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/27 10:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/27 10:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/02/27 08:02:59 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/02/27 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\Sunbelt Software
[2011/02/27 03:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/02/22 16:13:27 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 16:13:27 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 16:13:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 16:13:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 02:15:31 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\AVG
[2011/02/22 02:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/02/22 01:56:46 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\AVG Security Toolbar
[2011/02/22 00:50:10 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\AVG10
[2011/02/22 00:33:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/22 00:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/02/22 00:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/22 00:32:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/02/22 00:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/22 00:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/02/22 00:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/02/18 07:47:38 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2011/02/18 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\Deployment
[2011/02/18 07:42:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/02/18 07:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/02/18 07:35:05 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\PCDr
[2011/02/18 00:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/13 23:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/13 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/01/07 21:50:20 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Marcums\AppData\Roaming\DataSafeDotNet.exe
[1998/12/08 21:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAREG.DLL
[1998/12/08 21:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAMDMTR.DLL
[1998/12/08 21:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRALPTTR.DLL
[1998/12/08 21:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAWEBTR.DLL
[1998/12/08 21:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files (x86)\Common Files\IRASRIAL.DLL
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/13 08:40:46 | 108,559,552 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/13 08:37:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/13 08:37:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/03/12 18:37:34 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/03/11 15:43:28 | 000,647,572 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/10 00:43:50 | 000,285,326 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/03/09 20:31:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 20:31:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/09 04:22:53 | 000,861,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/09 04:22:53 | 000,720,258 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/09 04:22:53 | 000,141,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/09 04:18:25 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/01 23:04:15 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/27 10:06:47 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/27 09:23:07 | 000,001,925 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 09:23:07 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/27 08:02:59 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/02/22 02:13:39 | 000,001,163 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/22 02:13:39 | 000,001,139 | ---- | M] () -- C:\Users\Marcums\Desktop\AVG PC Tuneup 2011.lnk
[2011/02/22 00:33:01 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/02/19 19:15:21 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/19 19:15:17 | 000,463,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/19 01:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/19 01:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/19 00:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/19 00:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/13 23:33:32 | 000,002,882 | -H-- | M] () -- C:\IPH.PH
[2011/02/13 23:33:30 | 000,001,906 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/13 23:33:30 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/13 08:40:46 | 108,559,552 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/11 15:43:28 | 000,647,572 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/10 00:43:50 | 000,285,326 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/03/01 23:04:15 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/27 10:06:47 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/22 02:13:39 | 000,001,163 | ---- | C] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/22 02:13:39 | 000,001,139 | ---- | C] () -- C:\Users\Marcums\Desktop\AVG PC Tuneup 2011.lnk
[2011/02/22 00:33:01 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/02/18 07:43:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/18 07:43:07 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/02/13 23:33:30 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/12/17 23:51:48 | 000,010,240 | ---- | C] () -- C:\Users\Marcums\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/07 23:35:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/04 21:20:57 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/02/06 08:26:22 | 000,189,952 | ---- | C] () -- C:\Windows\Qcard32.dll
[2009/12/21 23:41:07 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2009/12/04 20:47:23 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/04 20:47:23 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/04 20:46:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/28 01:50:08 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_254.dat
[2009/11/18 11:40:05 | 000,000,078 | ---- | C] () -- C:\Windows\pennyhorse.ini
[2009/11/12 07:16:07 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_25c.dat
[2009/08/28 18:19:03 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_72c.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/17 15:46:11 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_244.dat
[2009/04/16 07:51:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_248.dat
[2009/04/12 06:56:26 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_890.dat
[2009/04/11 09:05:39 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_cc0.dat
[2009/02/01 18:59:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\impborl.dll
[2008/12/15 07:10:23 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_58c.dat
[2008/11/22 07:36:47 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_208.dat
[2008/08/10 09:41:04 | 000,000,004 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\DDEF84
[2008/08/10 09:41:01 | 000,870,128 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\mcs.rma
[2008/06/01 10:16:58 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_1fc.dat
[2008/05/31 06:18:47 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_204.dat
[2008/05/10 09:23:31 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_1d0.dat
[2008/04/23 18:46:23 | 000,104,705 | ---- | C] () -- C:\Windows\hpoins04.dat.temp
[2008/04/23 18:46:22 | 000,017,176 | ---- | C] () -- C:\Windows\hpomdl04.dat.temp
[2007/11/11 23:21:13 | 000,006,048 | ---- | C] () -- C:\Windows\SysWow64\MCC16.dll
[2007/10/29 20:46:00 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\mywebhit.ini
[2007/10/29 20:45:00 | 000,000,421 | ---- | C] () -- C:\Windows\mwinsys.ini
[2007/05/11 09:25:20 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/03/10 09:42:05 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_314.dat
[2007/02/02 22:18:42 | 000,000,319 | ---- | C] () -- C:\Windows\hidpix.ini
[2007/01/30 00:26:09 | 000,027,763 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\Comma Separated Values (Windows).ADR
[2006/12/23 08:18:48 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/10/08 19:25:23 | 000,042,500 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2006/09/12 17:24:09 | 000,046,345 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.EXE
[2006/09/08 16:33:16 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_538.dat
[2006/08/27 16:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2006/04/09 16:48:33 | 000,001,382 | ---- | C] () -- C:\Windows\EASYCHBK.ini
[2005/12/26 09:05:55 | 000,167,936 | R--- | C] () -- C:\Windows\essspk.exe
[2005/11/18 22:12:46 | 000,000,000 | ---- | C] () -- C:\Windows\autorun.INI
[2005/08/14 17:30:43 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.61-8876480L.exe
[2005/06/29 02:39:39 | 000,104,204 | ---- | C] () -- C:\Windows\hpoins04.dat
[2005/06/29 02:39:39 | 000,017,176 | ---- | C] () -- C:\Windows\hpomdl04.dat
[2005/05/27 21:07:06 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\winsusrm.dll
[2005/04/02 06:56:23 | 000,100,724 | ---- | C] () -- C:\Windows\cpeins04.dat
[2005/03/12 02:05:40 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2004/11/26 13:34:09 | 000,000,823 | ---- | C] () -- C:\Windows\TSC.ini
[2004/11/26 13:34:08 | 000,071,749 | ---- | C] () -- C:\Windows\HCExtOutput.dll
[2004/11/26 13:11:04 | 000,000,170 | ---- | C] () -- C:\Windows\GetServer.ini
[2004/11/26 02:04:17 | 000,000,000 | ---- | C] () -- C:\Windows\VPC32.INI
[2004/11/21 23:57:42 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2004/10/10 07:48:53 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2004/10/10 07:48:53 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2004/10/10 07:48:52 | 000,000,023 | ---- | C] () -- C:\Windows\ANS2000.INI
[2004/09/14 16:55:28 | 000,000,309 | ---- | C] () -- C:\Windows\EReg515.dat
[2004/08/31 16:48:45 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2004/08/18 15:50:29 | 000,000,493 | ---- | C] () -- C:\Windows\Disney.ini
[2004/07/14 23:18:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\Bw32000c.dll
[2004/07/14 23:18:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\Bw320007.dll
[2004/07/14 23:18:32 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\Ds32.dll
[2004/02/02 13:10:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\Clifford Uninstall.exe
[2004/01/26 20:48:16 | 000,000,071 | ---- | C] () -- C:\Windows\PERWIN01.INI
[2003/10/06 16:16:00 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\nvcod.dll
[2003/08/12 21:12:35 | 000,049,152 | R--- | C] () -- C:\Windows\remvdsi.exe
[2003/07/04 17:18:28 | 000,035,648 | ---- | C] () -- C:\Windows\SysWow64\ntio411.sys
[2003/07/04 17:18:28 | 000,035,408 | ---- | C] () -- C:\Windows\SysWow64\ntio412.sys
[2003/07/04 17:18:28 | 000,034,544 | ---- | C] () -- C:\Windows\SysWow64\ntio804.sys
[2003/07/04 17:18:28 | 000,034,544 | ---- | C] () -- C:\Windows\SysWow64\ntio404.sys
[2003/07/04 17:18:28 | 000,033,824 | ---- | C] () -- C:\Windows\SysWow64\NTIO.SYS
[2003/07/04 17:08:06 | 000,004,126 | ---- | C] () -- C:\Windows\SysWow64\msdxmlc.dll
[2003/05/25 12:13:37 | 000,000,231 | ---- | C] () -- C:\Windows\SIERRA.INI
[2003/05/24 11:23:58 | 000,000,314 | ---- | C] () -- C:\Windows\ka.ini
[2003/05/20 00:29:56 | 000,000,038 | ---- | C] () -- C:\Windows\RealityFusion.ini
[2003/04/07 20:05:21 | 000,000,034 | ---- | C] () -- C:\Windows\phone_var.ini
[2003/04/07 20:05:19 | 000,000,069 | ---- | C] () -- C:\Windows\zip_var.ini
[2003/04/07 20:05:18 | 000,000,212 | ---- | C] () -- C:\Windows\states.ini
[2003/04/07 20:05:04 | 000,051,942 | ---- | C] () -- C:\Windows\name_gender.ini
[2003/04/07 20:05:03 | 000,000,037 | ---- | C] () -- C:\Windows\name_var.ini
[2003/04/07 20:05:01 | 000,000,011 | ---- | C] () -- C:\Windows\city_var.ini
[2003/04/07 20:04:56 | 000,000,058 | ---- | C] () -- C:\Windows\birth_var.ini
[2003/04/07 20:04:51 | 000,000,016 | ---- | C] () -- C:\Windows\addr_var.ini
[2003/04/06 10:17:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2003/03/29 23:53:49 | 000,001,110 | ---- | C] () -- C:\Windows\Winamp.ini
[2003/03/23 02:54:46 | 000,018,099 | ---- | C] () -- C:\Windows\mozver.dat
[2003/03/23 02:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\rasexit.INI
[2003/03/23 02:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\netscape.INI
[2003/03/23 02:20:33 | 000,040,558 | ---- | C] () -- C:\Windows\nsreg.dat
[2003/03/23 02:20:02 | 000,634,087 | ---- | C] () -- C:\Windows\cd32.exe
[2003/03/01 12:56:11 | 000,035,586 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/03/01 11:03:31 | 000,042,809 | ---- | C] () -- C:\Windows\SysWow64\key01.sys
[2003/03/01 11:03:31 | 000,042,537 | ---- | C] () -- C:\Windows\SysWow64\KEYBOARD.SYS
[2003/03/01 02:26:48 | 000,027,097 | ---- | C] () -- C:\Windows\SysWow64\country.sys
[2003/03/01 00:19:22 | 000,000,030 | ---- | C] () -- C:\Windows\AUTHMGR.INI
[2003/02/28 22:54:11 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2003/02/28 22:49:16 | 000,000,972 | ---- | C] () -- C:\Windows\ODBC.INI
[2003/02/28 22:49:16 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2003/02/28 22:49:11 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2003/02/28 22:21:46 | 000,021,952 | -H-- | C] () -- C:\Program Files (x86)\folder.htt
[2003/02/28 22:20:48 | 000,015,012 | ---- | C] () -- C:\Windows\SysWow64\emptyregdb.dat
[2003/02/28 16:19:12 | 000,001,931 | ---- | C] () -- C:\Windows\SysWow64\msdtcprf.ini
[2003/02/28 16:12:41 | 000,864,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2003/02/28 16:12:39 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2003/02/28 16:11:50 | 000,147,608 | ---- | C] () -- C:\Windows\SysWow64\FNTCACHE.DAT
[2002/08/29 08:14:40 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\msencode.dll
[2002/06/10 14:16:22 | 000,005,187 | ---- | C] () -- C:\Windows\SysWow64\lvcoinst.ini
[2000/07/26 07:00:00 | 000,511,754 | ---- | C] () -- C:\Windows\SysWow64\esentprf.ini
[2000/07/26 07:00:00 | 000,395,102 | ---- | C] () -- C:\Windows\SysWow64\perfh009.dat
[2000/07/26 07:00:00 | 000,272,492 | ---- | C] () -- C:\Windows\SysWow64\perfi009.dat
[2000/07/26 07:00:00 | 000,176,400 | ---- | C] () -- C:\Windows\SysWow64\qcut.dll
[2000/07/26 07:00:00 | 000,069,886 | ---- | C] () -- C:\Windows\SysWow64\edit.com
[2000/07/26 07:00:00 | 000,061,572 | ---- | C] () -- C:\Windows\SysWow64\perfc009.dat
[2000/07/26 07:00:00 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\dosx.exe
[2000/07/26 07:00:00 | 000,046,258 | ---- | C] () -- C:\Windows\SysWow64\mib.bin
[2000/07/26 07:00:00 | 000,039,386 | ---- | C] () -- C:\Windows\SysWow64\mem.exe
[2000/07/26 07:00:00 | 000,029,370 | ---- | C] () -- C:\Windows\SysWow64\ntdos411.sys
[2000/07/26 07:00:00 | 000,029,274 | ---- | C] () -- C:\Windows\SysWow64\ntdos412.sys
[2000/07/26 07:00:00 | 000,029,146 | ---- | C] () -- C:\Windows\SysWow64\ntdos804.sys
[2000/07/26 07:00:00 | 000,029,146 | ---- | C] () -- C:\Windows\SysWow64\ntdos404.sys
[2000/07/26 07:00:00 | 000,028,270 | ---- | C] () -- C:\Windows\SysWow64\perfd009.dat
[2000/07/26 07:00:00 | 000,027,866 | ---- | C] () -- C:\Windows\SysWow64\ntdos.sys
[2000/07/26 07:00:00 | 000,020,634 | ---- | C] () -- C:\Windows\SysWow64\debug.exe
[2000/07/26 07:00:00 | 000,019,694 | ---- | C] () -- C:\Windows\SysWow64\graphics.com
[2000/07/26 07:00:00 | 000,016,144 | ---- | C] () -- C:\Windows\SysWow64\tsd32.dll
[2000/07/26 07:00:00 | 000,014,710 | ---- | C] () -- C:\Windows\SysWow64\kb16.com
[2000/07/26 07:00:00 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\win87em.dll
[2000/07/26 07:00:00 | 000,012,642 | ---- | C] () -- C:\Windows\SysWow64\edlin.exe
[2000/07/26 07:00:00 | 000,012,498 | ---- | C] () -- C:\Windows\SysWow64\append.exe
[2000/07/26 07:00:00 | 000,011,932 | ---- | C] () -- C:\Windows\SysWow64\rsvp.ini
[2000/07/26 07:00:00 | 000,011,717 | ---- | C] () -- C:\Windows\SysWow64\setver.exe
[2000/07/26 07:00:00 | 000,009,029 | ---- | C] () -- C:\Windows\SysWow64\ansi.sys
[2000/07/26 07:00:00 | 000,008,424 | ---- | C] () -- C:\Windows\SysWow64\exe2bin.exe
[2000/07/26 07:00:00 | 000,007,265 | ---- | C] () -- C:\Windows\SysWow64\iasperf.ini
[2000/07/26 07:00:00 | 000,007,052 | ---- | C] () -- C:\Windows\SysWow64\nlsfunc.exe
[2000/07/26 07:00:00 | 000,006,826 | ---- | C] () -- C:\Windows\SysWow64\pschdprf.ini
[2000/07/26 07:00:00 | 000,004,768 | ---- | C] () -- C:\Windows\SysWow64\himem.sys
[2000/07/26 07:00:00 | 000,003,458 | ---- | C] () -- C:\Windows\SysWow64\rasctrs.ini
[2000/07/26 07:00:00 | 000,003,338 | ---- | C] () -- C:\Windows\SysWow64\redir.exe
[2000/07/26 07:00:00 | 000,003,252 | ---- | C] () -- C:\Windows\SysWow64\nw16.exe
[2000/07/26 07:00:00 | 000,002,891 | ---- | C] () -- C:\Windows\SysWow64\perfci.ini
[2000/07/26 07:00:00 | 000,002,732 | ---- | C] () -- C:\Windows\SysWow64\perfwci.ini
[2000/07/26 07:00:00 | 000,002,656 | ---- | C] () -- C:\Windows\SysWow64\netware.drv
[2000/07/26 07:00:00 | 000,001,505 | ---- | C] () -- C:\Windows\SysWow64\faxperf.ini
[2000/07/26 07:00:00 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\perffilt.ini
[2000/07/26 07:00:00 | 000,001,131 | ---- | C] () -- C:\Windows\SysWow64\loadfix.com
[2000/07/26 07:00:00 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\vwipxspx.exe
[2000/07/26 07:00:00 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\mscdexnt.exe
[2000/07/26 07:00:00 | 000,000,882 | ---- | C] () -- C:\Windows\SysWow64\share.exe
[2000/07/26 07:00:00 | 000,000,882 | ---- | C] () -- C:\Windows\SysWow64\fastopen.exe
[2000/07/26 07:00:00 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\prodspec.ini
[2000/07/26 07:00:00 | 000,000,023 | ---- | C] () -- C:\Windows\welcome.ini
[1999/08/10 12:02:20 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[1999/08/10 12:02:16 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\Windows\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\Windows\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 773 bytes -> C:\Users\Marcums\Documents\send engine back to me.eml:OECustomProperty
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by TxRattler, 13 March 2011 - 09:39 PM.

  • 0

Advertisements

#2
RKinner
Posted 13 March 2011 - 11:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,448 posts
  • MVP
You have a hosts file hijack:

O1 - Hosts: 65.98.95.68 www.google.com
O1 - Hosts: 65.98.95.68 google.com
O1 - Hosts: 65.98.95.68 google.com.au
O1 - Hosts: 65.98.95.68 www.google.com.au
O1 - Hosts: 65.98.95.68 google.be
O1 - Hosts: 65.98.95.68 www.google.be
O1 - Hosts: 65.98.95.68 google.com.br
O1 - Hosts: 65.98.95.68 www.google.com.br
O1 - Hosts: 65.98.95.68 google.ca
O1 - Hosts: 65.98.95.68 www.google.ca
O1 - Hosts: 65.98.95.68 google.ch
O1 - Hosts: 65.98.95.68 www.google.ch
O1 - Hosts: 65.98.95.68 google.de
O1 - Hosts: 65.98.95.68 www.google.de
O1 - Hosts: 65.98.95.68 google.dk
O1 - Hosts: 65.98.95.68 www.google.dk
O1 - Hosts: 65.98.95.68 google.fr
O1 - Hosts: 65.98.95.68 www.google.fr
O1 - Hosts: 65.98.95.68 google.ie
O1 - Hosts: 65.98.95.68 www.google.ie
O1 - Hosts: 65.98.95.68 google.it
O1 - Hosts: 65.98.95.68 www.google.it
O1 - Hosts: 65.98.95.68 google.co.jp
O1 - Hosts: 65.98.95.68 www.google.co.jp
O1 - Hosts: 65.98.95.68 google.nl
O1 - Hosts: 22 more lines...


Copy the text in the code box by highlighting and Ctrl + c 

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
[2010/04/19 07:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/21 08:59:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....467&clcid=0x409 (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1125148382158 (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7680.9054282407 (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.game...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\Windows\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab (Reg Error: Key error.)
  
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL by right clicking and Run As Administrator. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again by right clicking and Run As Administrator and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Close all browsers. Open IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
TxRattler
Posted 14 March 2011 - 10:36 PM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\Windows\Downloaded Program Files\LegitCheckControl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\Windows\Downloaded Program Files\swdir.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
C:\Program Files (x86)\Yahoo!\Common\yinst.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\ not found.
Starting removal of ActiveX control {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
C:\Windows\Downloaded Program Files\WebflowActiveXInstaller_DSR.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321FB770-1FBE-4BFE-BDC1-6F622D4FA499}\ not found.
Starting removal of ActiveX control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
C:\Windows\Downloaded Program Files\muweb.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\Windows\Downloaded Program Files\iuctl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {B9191F79-5613-4C76-AA2A-398534BB8999}
C:\Program Files (x86)\Yahoo!\Common\yaddbook.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9191F79-5613-4C76-AA2A-398534BB8999}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\Windows\Downloaded Program Files\popcaploader.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
File Animation Java Classes file://C:\Windows\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\Windows\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MARCUM

User: Marcums
->Temp folder emptied: 25654317 bytes
->Temporary Internet Files folder emptied: 69357956 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57256163 bytes
->Flash cache emptied: 16909 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 64512 bytes
%systemroot%\System32 .tmp files removed: 72209 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2491893 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 29763 bytes

Total Files Cleaned = 148.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03142011_232733

Files\Folders moved on Reboot...
C:\Users\Marcums\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
TxRattler
Posted 14 March 2011 - 10:44 PM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 3/14/2011 11:38:30 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marcums\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 396.96 Gb Free Space | 88.00% Space Free | Partition Type: NTFS

Computer Name: MARCUMS-PC | User Name: Marcums | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 11:23:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcums\Downloads\OTL.exe
PRC - [2011/03/05 19:03:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/30 18:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/09/02 16:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 10:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/12/30 19:07:06 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Marcums\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2004/11/09 11:32:44 | 000,393,216 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files (x86)\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 11:23:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcums\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/15 10:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 05:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/04 18:53:36 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/17 19:34:58 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/11/12 14:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 04:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 04:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/03 16:24:28 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/03 16:24:24 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/12 05:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 10:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:6.011.025.001


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/01/26 01:03:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2011/02/22 00:32:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\[email protected] [2011/02/22 00:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:03:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/02/27 10:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2009/12/12 23:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions
[2009/12/12 23:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/12 02:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/14 09:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions
[2010/09/23 00:23:06 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions\[email protected]
[2011/03/12 02:19:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\extensions\[email protected]
[2009/12/12 23:38:59 | 000,004,554 | ---- | M] () -- C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Profiles\c40xruvv.default\searchplugins\aim-search.xml
[2011/03/14 23:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/07 22:48:49 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/19 02:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/22 00:32:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
[2011/02/22 00:33:13 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
[2011/01/26 01:03:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/22 04:55:41 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/03/14 23:27:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files (x86)\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Marcums\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files (x86)\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\Windows\SysWOW64\netshell.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcums\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 23:27:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/08 22:26:13 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/08 22:26:13 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/08 22:26:12 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/08 22:26:12 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/08 22:26:11 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/08 22:26:11 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 22:26:11 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/08 22:26:11 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 22:26:10 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 22:26:10 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 22:26:10 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 22:26:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 22:26:09 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 22:26:09 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 22:26:09 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 22:26:09 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/01 23:04:22 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/01 23:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/01 23:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/03/01 23:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/01 23:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/27 10:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/27 10:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/02/27 08:02:59 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/02/27 08:00:29 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\Sunbelt Software
[2011/02/27 03:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/02/22 16:13:27 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 16:13:27 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 16:13:27 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 16:13:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 02:15:31 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\AVG
[2011/02/22 02:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/02/22 01:56:46 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\AVG Security Toolbar
[2011/02/22 00:50:10 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\AVG10
[2011/02/22 00:33:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/22 00:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/02/22 00:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/22 00:32:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/02/22 00:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/22 00:32:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/02/22 00:31:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/02/18 07:47:38 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2011/02/18 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Local\Deployment
[2011/02/18 07:42:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/02/18 07:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2011/02/18 07:35:05 | 000,000,000 | ---D | C] -- C:\Users\Marcums\AppData\Roaming\PCDr
[2011/02/18 00:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/13 23:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/02/13 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2010/01/07 21:50:20 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Marcums\AppData\Roaming\DataSafeDotNet.exe
[1998/12/08 21:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAREG.DLL
[1998/12/08 21:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAMDMTR.DLL
[1998/12/08 21:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRALPTTR.DLL
[1998/12/08 21:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files (x86)\Common Files\IRAWEBTR.DLL
[1998/12/08 21:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files (x86)\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2011/03/14 23:36:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 23:36:39 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 23:33:44 | 000,861,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/14 23:33:44 | 000,720,258 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/14 23:33:44 | 000,141,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/14 23:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 23:29:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011/03/14 23:29:09 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/14 23:27:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/03/14 22:51:26 | 000,212,213 | ---- | M] () -- C:\Users\Marcums\Documents\TaxReturn2010.pdf
[2011/03/14 18:27:46 | 108,663,849 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/14 15:01:17 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/03/11 15:43:28 | 000,647,572 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/10 00:43:50 | 000,285,326 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/03/01 23:04:15 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/27 10:06:47 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/27 09:23:07 | 000,001,925 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/27 09:23:07 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/27 08:02:59 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/02/22 02:13:39 | 000,001,163 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/22 02:13:39 | 000,001,139 | ---- | M] () -- C:\Users\Marcums\Desktop\AVG PC Tuneup 2011.lnk
[2011/02/22 00:33:01 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/02/19 19:15:21 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/19 19:15:17 | 000,463,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/19 01:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/19 01:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/19 00:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/19 00:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/13 23:33:32 | 000,002,882 | -H-- | M] () -- C:\IPH.PH
[2011/02/13 23:33:30 | 000,001,906 | ---- | M] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/02/13 23:33:30 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk

========== Files Created - No Company Name ==========

[2011/03/14 22:51:26 | 000,212,213 | ---- | C] () -- C:\Users\Marcums\Documents\TaxReturn2010.pdf
[2011/03/14 18:27:46 | 108,663,849 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/11 15:43:28 | 000,647,572 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/03/10 00:43:50 | 000,285,326 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/03/01 23:04:15 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/27 10:06:47 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/22 02:13:39 | 000,001,163 | ---- | C] () -- C:\Users\Marcums\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/22 02:13:39 | 000,001,139 | ---- | C] () -- C:\Users\Marcums\Desktop\AVG PC Tuneup 2011.lnk
[2011/02/22 00:33:01 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2011/02/22 00:33:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/02/18 07:43:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/02/18 07:43:07 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/02/13 23:33:30 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2010/12/17 23:51:48 | 000,010,240 | ---- | C] () -- C:\Users\Marcums\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/07/07 23:35:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/04 21:20:57 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/02/06 08:26:22 | 000,189,952 | ---- | C] () -- C:\Windows\Qcard32.dll
[2009/12/21 23:41:07 | 000,000,000 | ---- | C] () -- C:\Windows\Curses.INI
[2009/12/04 20:47:23 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/12/04 20:47:23 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/12/04 20:46:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/11/28 01:50:08 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_254.dat
[2009/11/18 11:40:05 | 000,000,078 | ---- | C] () -- C:\Windows\pennyhorse.ini
[2009/11/12 07:16:07 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_25c.dat
[2009/08/28 18:19:03 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_72c.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/17 15:46:11 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_244.dat
[2009/04/16 07:51:49 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_248.dat
[2009/04/12 06:56:26 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_890.dat
[2009/04/11 09:05:39 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_cc0.dat
[2009/02/01 18:59:48 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\impborl.dll
[2008/12/15 07:10:23 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_58c.dat
[2008/11/22 07:36:47 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_208.dat
[2008/08/10 09:41:04 | 000,000,004 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\DDEF84
[2008/08/10 09:41:01 | 000,870,128 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\mcs.rma
[2008/06/01 10:16:58 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_1fc.dat
[2008/05/31 06:18:47 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_204.dat
[2008/05/10 09:23:31 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_1d0.dat
[2008/04/23 18:46:23 | 000,104,705 | ---- | C] () -- C:\Windows\hpoins04.dat.temp
[2008/04/23 18:46:22 | 000,017,176 | ---- | C] () -- C:\Windows\hpomdl04.dat.temp
[2007/11/11 23:21:13 | 000,006,048 | ---- | C] () -- C:\Windows\SysWow64\MCC16.dll
[2007/10/29 20:46:00 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\mywebhit.ini
[2007/10/29 20:45:00 | 000,000,421 | ---- | C] () -- C:\Windows\mwinsys.ini
[2007/05/11 09:25:20 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/03/10 09:42:05 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_314.dat
[2007/02/02 22:18:42 | 000,000,319 | ---- | C] () -- C:\Windows\hidpix.ini
[2007/01/30 00:26:09 | 000,027,763 | ---- | C] () -- C:\Users\Marcums\AppData\Roaming\Comma Separated Values (Windows).ADR
[2006/12/23 08:18:48 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2006/10/08 19:25:23 | 000,042,500 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2006/09/12 17:24:09 | 000,046,345 | ---- | C] () -- C:\Windows\NSSetDefaultBrowser.EXE
[2006/09/08 16:33:16 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\Perflib_Perfdata_538.dat
[2006/08/27 16:08:34 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2006/04/09 16:48:33 | 000,001,382 | ---- | C] () -- C:\Windows\EASYCHBK.ini
[2005/12/26 09:05:55 | 000,167,936 | R--- | C] () -- C:\Windows\essspk.exe
[2005/11/18 22:12:46 | 000,000,000 | ---- | C] () -- C:\Windows\autorun.INI
[2005/08/14 17:30:43 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.61-8876480L.exe
[2005/06/29 02:39:39 | 000,104,204 | ---- | C] () -- C:\Windows\hpoins04.dat
[2005/06/29 02:39:39 | 000,017,176 | ---- | C] () -- C:\Windows\hpomdl04.dat
[2005/05/27 21:07:06 | 000,000,264 | ---- | C] () -- C:\Windows\SysWow64\winsusrm.dll
[2005/04/02 06:56:23 | 000,100,724 | ---- | C] () -- C:\Windows\cpeins04.dat
[2005/03/12 02:05:40 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2004/11/26 13:34:09 | 000,000,823 | ---- | C] () -- C:\Windows\TSC.ini
[2004/11/26 13:34:08 | 000,071,749 | ---- | C] () -- C:\Windows\HCExtOutput.dll
[2004/11/26 13:11:04 | 000,000,170 | ---- | C] () -- C:\Windows\GetServer.ini
[2004/11/26 02:04:17 | 000,000,000 | ---- | C] () -- C:\Windows\VPC32.INI
[2004/11/21 23:57:42 | 000,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2004/10/10 07:48:53 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2004/10/10 07:48:53 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2004/10/10 07:48:52 | 000,000,023 | ---- | C] () -- C:\Windows\ANS2000.INI
[2004/09/14 16:55:28 | 000,000,309 | ---- | C] () -- C:\Windows\EReg515.dat
[2004/08/31 16:48:45 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2004/08/18 15:50:29 | 000,000,493 | ---- | C] () -- C:\Windows\Disney.ini
[2004/07/14 23:18:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\Bw32000c.dll
[2004/07/14 23:18:32 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\Bw320007.dll
[2004/07/14 23:18:32 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\Ds32.dll
[2004/02/02 13:10:28 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\Clifford Uninstall.exe
[2004/01/26 20:48:16 | 000,000,071 | ---- | C] () -- C:\Windows\PERWIN01.INI
[2003/10/06 16:16:00 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\nvcod.dll
[2003/08/12 21:12:35 | 000,049,152 | R--- | C] () -- C:\Windows\remvdsi.exe
[2003/07/04 17:18:28 | 000,035,648 | ---- | C] () -- C:\Windows\SysWow64\ntio411.sys
[2003/07/04 17:18:28 | 000,035,408 | ---- | C] () -- C:\Windows\SysWow64\ntio412.sys
[2003/07/04 17:18:28 | 000,034,544 | ---- | C] () -- C:\Windows\SysWow64\ntio804.sys
[2003/07/04 17:18:28 | 000,034,544 | ---- | C] () -- C:\Windows\SysWow64\ntio404.sys
[2003/07/04 17:18:28 | 000,033,824 | ---- | C] () -- C:\Windows\SysWow64\NTIO.SYS
[2003/07/04 17:08:06 | 000,004,126 | ---- | C] () -- C:\Windows\SysWow64\msdxmlc.dll
[2003/05/25 12:13:37 | 000,000,231 | ---- | C] () -- C:\Windows\SIERRA.INI
[2003/05/24 11:23:58 | 000,000,314 | ---- | C] () -- C:\Windows\ka.ini
[2003/05/20 00:29:56 | 000,000,038 | ---- | C] () -- C:\Windows\RealityFusion.ini
[2003/04/07 20:05:21 | 000,000,034 | ---- | C] () -- C:\Windows\phone_var.ini
[2003/04/07 20:05:19 | 000,000,069 | ---- | C] () -- C:\Windows\zip_var.ini
[2003/04/07 20:05:18 | 000,000,212 | ---- | C] () -- C:\Windows\states.ini
[2003/04/07 20:05:04 | 000,051,942 | ---- | C] () -- C:\Windows\name_gender.ini
[2003/04/07 20:05:03 | 000,000,037 | ---- | C] () -- C:\Windows\name_var.ini
[2003/04/07 20:05:01 | 000,000,011 | ---- | C] () -- C:\Windows\city_var.ini
[2003/04/07 20:04:56 | 000,000,058 | ---- | C] () -- C:\Windows\birth_var.ini
[2003/04/07 20:04:51 | 000,000,016 | ---- | C] () -- C:\Windows\addr_var.ini
[2003/04/06 10:17:10 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2003/03/29 23:53:49 | 000,001,110 | ---- | C] () -- C:\Windows\Winamp.ini
[2003/03/23 02:54:46 | 000,018,099 | ---- | C] () -- C:\Windows\mozver.dat
[2003/03/23 02:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\rasexit.INI
[2003/03/23 02:24:55 | 000,000,000 | ---- | C] () -- C:\Windows\netscape.INI
[2003/03/23 02:20:33 | 000,040,558 | ---- | C] () -- C:\Windows\nsreg.dat
[2003/03/23 02:20:02 | 000,634,087 | ---- | C] () -- C:\Windows\cd32.exe
[2003/03/01 12:56:11 | 000,035,586 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/03/01 11:03:31 | 000,042,809 | ---- | C] () -- C:\Windows\SysWow64\key01.sys
[2003/03/01 11:03:31 | 000,042,537 | ---- | C] () -- C:\Windows\SysWow64\KEYBOARD.SYS
[2003/03/01 02:26:48 | 000,027,097 | ---- | C] () -- C:\Windows\SysWow64\country.sys
[2003/03/01 00:19:22 | 000,000,030 | ---- | C] () -- C:\Windows\AUTHMGR.INI
[2003/02/28 22:54:11 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\MSVCRT10.DLL
[2003/02/28 22:49:16 | 000,000,972 | ---- | C] () -- C:\Windows\ODBC.INI
[2003/02/28 22:49:16 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2003/02/28 22:49:11 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2003/02/28 22:21:46 | 000,021,952 | -H-- | C] () -- C:\Program Files (x86)\folder.htt
[2003/02/28 22:20:48 | 000,015,012 | ---- | C] () -- C:\Windows\SysWow64\emptyregdb.dat
[2003/02/28 16:19:12 | 000,001,931 | ---- | C] () -- C:\Windows\SysWow64\msdtcprf.ini
[2003/02/28 16:12:41 | 000,864,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2003/02/28 16:12:39 | 000,004,161 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2003/02/28 16:11:50 | 000,147,608 | ---- | C] () -- C:\Windows\SysWow64\FNTCACHE.DAT
[2002/08/29 08:14:40 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\msencode.dll
[2002/06/10 14:16:22 | 000,005,187 | ---- | C] () -- C:\Windows\SysWow64\lvcoinst.ini
[2000/07/26 07:00:00 | 000,511,754 | ---- | C] () -- C:\Windows\SysWow64\esentprf.ini
[2000/07/26 07:00:00 | 000,395,102 | ---- | C] () -- C:\Windows\SysWow64\perfh009.dat
[2000/07/26 07:00:00 | 000,272,492 | ---- | C] () -- C:\Windows\SysWow64\perfi009.dat
[2000/07/26 07:00:00 | 000,176,400 | ---- | C] () -- C:\Windows\SysWow64\qcut.dll
[2000/07/26 07:00:00 | 000,069,886 | ---- | C] () -- C:\Windows\SysWow64\edit.com
[2000/07/26 07:00:00 | 000,061,572 | ---- | C] () -- C:\Windows\SysWow64\perfc009.dat
[2000/07/26 07:00:00 | 000,053,840 | ---- | C] () -- C:\Windows\SysWow64\dosx.exe
[2000/07/26 07:00:00 | 000,046,258 | ---- | C] () -- C:\Windows\SysWow64\mib.bin
[2000/07/26 07:00:00 | 000,039,386 | ---- | C] () -- C:\Windows\SysWow64\mem.exe
[2000/07/26 07:00:00 | 000,029,370 | ---- | C] () -- C:\Windows\SysWow64\ntdos411.sys
[2000/07/26 07:00:00 | 000,029,274 | ---- | C] () -- C:\Windows\SysWow64\ntdos412.sys
[2000/07/26 07:00:00 | 000,029,146 | ---- | C] () -- C:\Windows\SysWow64\ntdos804.sys
[2000/07/26 07:00:00 | 000,029,146 | ---- | C] () -- C:\Windows\SysWow64\ntdos404.sys
[2000/07/26 07:00:00 | 000,028,270 | ---- | C] () -- C:\Windows\SysWow64\perfd009.dat
[2000/07/26 07:00:00 | 000,027,866 | ---- | C] () -- C:\Windows\SysWow64\ntdos.sys
[2000/07/26 07:00:00 | 000,020,634 | ---- | C] () -- C:\Windows\SysWow64\debug.exe
[2000/07/26 07:00:00 | 000,019,694 | ---- | C] () -- C:\Windows\SysWow64\graphics.com
[2000/07/26 07:00:00 | 000,016,144 | ---- | C] () -- C:\Windows\SysWow64\tsd32.dll
[2000/07/26 07:00:00 | 000,014,710 | ---- | C] () -- C:\Windows\SysWow64\kb16.com
[2000/07/26 07:00:00 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\win87em.dll
[2000/07/26 07:00:00 | 000,012,642 | ---- | C] () -- C:\Windows\SysWow64\edlin.exe
[2000/07/26 07:00:00 | 000,012,498 | ---- | C] () -- C:\Windows\SysWow64\append.exe
[2000/07/26 07:00:00 | 000,011,932 | ---- | C] () -- C:\Windows\SysWow64\rsvp.ini
[2000/07/26 07:00:00 | 000,011,717 | ---- | C] () -- C:\Windows\SysWow64\setver.exe
[2000/07/26 07:00:00 | 000,009,029 | ---- | C] () -- C:\Windows\SysWow64\ansi.sys
[2000/07/26 07:00:00 | 000,008,424 | ---- | C] () -- C:\Windows\SysWow64\exe2bin.exe
[2000/07/26 07:00:00 | 000,007,265 | ---- | C] () -- C:\Windows\SysWow64\iasperf.ini
[2000/07/26 07:00:00 | 000,007,052 | ---- | C] () -- C:\Windows\SysWow64\nlsfunc.exe
[2000/07/26 07:00:00 | 000,006,826 | ---- | C] () -- C:\Windows\SysWow64\pschdprf.ini
[2000/07/26 07:00:00 | 000,004,768 | ---- | C] () -- C:\Windows\SysWow64\himem.sys
[2000/07/26 07:00:00 | 000,003,458 | ---- | C] () -- C:\Windows\SysWow64\rasctrs.ini
[2000/07/26 07:00:00 | 000,003,338 | ---- | C] () -- C:\Windows\SysWow64\redir.exe
[2000/07/26 07:00:00 | 000,003,252 | ---- | C] () -- C:\Windows\SysWow64\nw16.exe
[2000/07/26 07:00:00 | 000,002,891 | ---- | C] () -- C:\Windows\SysWow64\perfci.ini
[2000/07/26 07:00:00 | 000,002,732 | ---- | C] () -- C:\Windows\SysWow64\perfwci.ini
[2000/07/26 07:00:00 | 000,002,656 | ---- | C] () -- C:\Windows\SysWow64\netware.drv
[2000/07/26 07:00:00 | 000,001,505 | ---- | C] () -- C:\Windows\SysWow64\faxperf.ini
[2000/07/26 07:00:00 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\perffilt.ini
[2000/07/26 07:00:00 | 000,001,131 | ---- | C] () -- C:\Windows\SysWow64\loadfix.com
[2000/07/26 07:00:00 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\vwipxspx.exe
[2000/07/26 07:00:00 | 000,000,917 | ---- | C] () -- C:\Windows\SysWow64\mscdexnt.exe
[2000/07/26 07:00:00 | 000,000,882 | ---- | C] () -- C:\Windows\SysWow64\share.exe
[2000/07/26 07:00:00 | 000,000,882 | ---- | C] () -- C:\Windows\SysWow64\fastopen.exe
[2000/07/26 07:00:00 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\prodspec.ini
[2000/07/26 07:00:00 | 000,000,023 | ---- | C] () -- C:\Windows\welcome.ini
[1999/08/10 12:02:20 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[1999/08/10 12:02:16 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\Windows\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\Windows\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 773 bytes -> C:\Users\Marcums\Documents\send engine back to me.eml:OECustomProperty
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#5
TxRattler
Posted 15 March 2011 - 12:59 AM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6060

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/15/2011 12:33:44 AM
mbam-log-2011-03-15 (00-33-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 321311
Time elapsed: 26 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
TxRattler
Posted 15 March 2011 - 02:51 AM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\56049c17-5bacc9ff multiple threats
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\281e7c9f-526ce9d9 multiple threats
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-6a43aed9 multiple threats
C:\Users\Marcums\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\110222011747548.rsc multiple threats
  • 0

#7
TxRattler
Posted 15 March 2011 - 02:58 AM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 537s
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 159):
0x0321D000 \SystemRoot\system32\ntoskrnl.exe
0x037FA000 \SystemRoot\system32\hal.dll
0x00BD4000 \SystemRoot\system32\kdcom.dll
0x00C88000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCC000 \SystemRoot\system32\PSHED.dll
0x00CE0000 \SystemRoot\system32\CLFS.SYS
0x00D3E000 \SystemRoot\system32\CI.dll
0x00E7D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F21000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F30000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F87000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F90000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F9A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FDA000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E71000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C23000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C4D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0103D000 \SystemRoot\system32\drivers\fltmgr.sys
0x01089000 \SystemRoot\system32\drivers\fileinfo.sys
0x0109D000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01216000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010A9000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01107000 \SystemRoot\System32\Drivers\cng.sys
0x013D3000 \SystemRoot\System32\drivers\pcw.sys
0x013E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01458000 \SystemRoot\system32\drivers\ndis.sys
0x0154A000 \SystemRoot\system32\drivers\NETIO.SYS
0x015AA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0144C000 \SystemRoot\System32\Drivers\spldr.sys
0x0117A000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D5000 \SystemRoot\System32\Drivers\mup.sys
0x015E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011B4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015F0000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x013EE000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x028ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02917000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x02926000 \SystemRoot\System32\Drivers\Null.SYS
0x0292F000 \SystemRoot\System32\Drivers\Beep.SYS
0x02936000 \SystemRoot\System32\drivers\vga.sys
0x02944000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02969000 \SystemRoot\System32\drivers\watchdog.sys
0x02979000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02982000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0298B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02994000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0299F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03601000 \SystemRoot\System32\drivers\tcpip.sys
0x029B0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02800000 \SystemRoot\system32\DRIVERS\avgfwd6a.sys
0x02811000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0282F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0283C000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x0289D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03893000 \SystemRoot\system32\drivers\afd.sys
0x0391D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03926000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0394C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0395B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03976000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0398A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03994000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0399E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x039EF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0380B000 \SystemRoot\System32\drivers\discache.sys
0x0381A000 \SystemRoot\System32\Drivers\dfsc.sys
0x03838000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03A23000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03A73000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A99000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044E0000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04AF6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0446A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x044C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03AAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044CD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04BEA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03B05000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BF7000 \SystemRoot\System32\Drivers\RootMdm.sys
0x03B15000 \SystemRoot\system32\drivers\modem.sys
0x03B24000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03B3A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03B5E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B6A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03B99000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BD5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03BEF000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x03A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03A0F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x044DE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03849000 \SystemRoot\system32\DRIVERS\ks.sys
0x00C74000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C6F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04CC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04CDE000 \SystemRoot\system32\drivers\HdAudio.sys
0x04D3A000 \SystemRoot\system32\drivers\portcls.sys
0x04D77000 \SystemRoot\system32\drivers\drmk.sys
0x04D99000 \SystemRoot\system32\drivers\ksthunk.sys
0x05409000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x055B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x055D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x055D6000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x055E7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x04D9F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04DAD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04DC6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04DD4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04DE2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05400000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04C00000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04C13000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04C28000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04C35000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x06083000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x066AC000 \SystemRoot\system32\drivers\usbaudio.sys
0x066C7000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x06719000 \SystemRoot\System32\drivers\Dxapi.sys
0x06725000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00560000 \SystemRoot\System32\TSDDD.dll
0x00700000 \SystemRoot\System32\cdd.dll
0x06733000 \SystemRoot\system32\drivers\luafv.sys
0x06756000 \SystemRoot\system32\drivers\WudfPf.sys
0x06777000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0678C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03062000 \SystemRoot\system32\drivers\HTTP.sys
0x0312A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03148000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03160000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0318D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x031DB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03000000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x05814000 \SystemRoot\system32\drivers\peauth.sys
0x058BA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x058C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x058F2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05904000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x05938000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05E05000 \SystemRoot\System32\DRIVERS\srv.sys
0x05E9B000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x05EA5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76DA0000 \Windows\System32\ntdll.dll
0x47750000 \Windows\System32\smss.exe
0xFF0C0000 \Windows\System32\apisetschema.dll

Processes (total 84):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
356 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
556 csrss.exe
640 C:\Windows\System32\wininit.exe
652 csrss.exe
700 C:\Windows\System32\services.exe
732 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\atiesrxx.exe
568 C:\Windows\System32\svchost.exe
636 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1188 C:\Program Files\Dell\DellDock\DockLogin.exe
1196 C:\Windows\System32\atieclxx.exe
1332 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\spoolsv.exe
1516 C:\Windows\System32\svchost.exe
1644 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1664 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
1688 C:\Windows\System32\svchost.exe
1788 C:\Program Files (x86)\AVG\AVG10\avgfws.exe
1816 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1888 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1916 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
1928 LVPrS64H.exe
1436 C:\Program Files (x86)\AVG\AVG10\avgam.exe
1172 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2196 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2272 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2328 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\svchost.exe
2532 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2684 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2788 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3036 C:\Windows\System32\svchost.exe
3204 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3700 C:\Windows\System32\taskhost.exe
3824 C:\Windows\System32\taskeng.exe
3828 C:\Windows\System32\dwm.exe
3956 C:\Windows\explorer.exe
4028 C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
3480 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
3532 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3576 C:\Windows\System32\conhost.exe
2288 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3796 C:\Windows\System32\SearchIndexer.exe
1404 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
348 C:\Program Files\Logitech\SetPointP\SetPoint.exe
3276 C:\Users\Marcums\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
3024 C:\Program Files\Windows Sidebar\sidebar.exe
2512 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4004 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
928 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3160 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
3140 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2528 C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe
1608 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
1772 C:\Program Files (x86)\ALLTEL DSL Check-up Center\SmartBridge\MotiveSB.exe
2624 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
4136 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4216 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
4508 C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
4684 C:\Program Files\Windows Media Player\wmpnetwk.exe
4788 C:\Windows\System32\svchost.exe
4964 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4116 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
1796 C:\Windows\System32\conhost.exe
1452 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5324 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
4084 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
5548 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1496 C:\Windows\servicing\TrustedInstaller.exe
5572 C:\Windows\System32\audiodg.exe
6032 C:\Windows\System32\SearchProtocolHost.exe
4156 C:\Windows\System32\SearchFilterHost.exe
1208 C:\Users\Marcums\Downloads\MBRCheck.exe
5164 C:\Windows\System32\conhost.exe
3380 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC45

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!
  • 0

#8
RKinner
Posted 15 March 2011 - 09:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,448 posts
  • MVP
"C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\56049c17-5bacc9ff multiple threats
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\281e7c9f-526ce9d9 multiple threats
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-6a43aed9 multiple threats"


Go into Control Panel, Add/Remove Software and remove any old versions of Java other than Java 6 upgrade 24 (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Delete the folders

C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23
C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31

and any other folders you find in

C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\ other than C:\Users\Marcums\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24

Also Delete any old folders in C:\Program Files\Java other than JRE6.

Ron
  • 0

#9
TxRattler
Posted 15 March 2011 - 10:37 PM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks, I havent got any redirecting yet.
  • 0

#10
RKinner
Posted 15 March 2011 - 11:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,448 posts
  • MVP
We need to clean up System Restore.

The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



http://www.sophos.co...icle/17803.html

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Programs, Accessories, then right-click on Command Prompt and Run As Administrator then right click, Paste, (Or Edit, Paste) then hit Enter.

To hide hidden files again:


Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.





Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox



If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#11
TxRattler
Posted 17 March 2011 - 05:59 PM

TxRattler

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, thanks for those tips. Will work on it when I have more time this weekend then will let you know how it goes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP