Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unexpected browser windows opening with adware

Started by DanoNH , Apr 27 2011 08:23 PM

  • This topic is locked This topic is locked

#1
DanoNH
Posted 27 April 2011 - 08:23 PM

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts
Ok, here goes. At first, when I opened Google Chrome, instead of my Google home page, there was a blank page with a heading of Adfly.ly (? sorry, not sure exactly), along with a blue "Skip this Ad" button. Of course I clicked this without thinking and my browser went to Google afterwards.

After seeing this page a few times when opening my browser, I checked my Google Chrome home page setting and sure enough it was still set to Google. I used Trend Micro Titanium Internet Security (TIS) to run a scan, which appeared to get "stuck" at 16%. I then installed Malwarebytes and scanned and it removed 20 something things. I also tried Spybot S&D, and it found some cookies but nothing that seemed like malware. Then I tried scanning with Trend again and it was taking a really long time and wouldn't finish. So I decided to uninstall/reinstall Trend Micro. After uninstalling I rebooted and started to install, at which point I was prompted that TIS conflicted with Malwarebytes and Spybot so I uninstalled them. My Trend is installed, updated, and has successfully completed 2 full scans, each time finding a bunch of items, some are what I think are legitimate Vista AntiMalware removal tools that I have successfully used in the past on someone else's computer.

Recently, I have been getting spontaneous random browser windows opening in Chrome with Facebook page of Will and Kate's wedding. I also have seen some weird pages open with Internet Explorer 9 with pages such as cigarette ads, work at home ads, but luckily no adult stuff. I can only close these by right-clicking on the task bar icon and selecting Close. I no sooner close one and another opens. I uninstalled IE9 (was offered as a Windows Update) and haven't seen any popups in a while...

It seems like when I scan with the TIS software, maybe something gets scanned which triggers it. Today I found the Geeks To Go site, downloaded OTL.exe and here is my first scan results from OTL.txt:

OTL logfile created on: 4/27/2011 9:44:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Downloads - Admin
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 71.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 29.73 Gb Free Space | 12.80% Space Free | Partition Type: NTFS
Drive D: | 233.42 Gb Total Space | 43.46 Gb Free Space | 18.62% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 527.23 Gb Free Space | 56.60% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 516.49 Gb Free Space | 55.45% Space Free | Partition Type: NTFS

Computer Name: ZEUS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 18:54:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads - Admin\OTL.exe
PRC - [2011/04/27 17:51:48 | 000,474,116 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\local.exe
PRC - [2011/04/27 16:36:08 | 000,474,116 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe
PRC - [2011/02/28 16:26:48 | 000,023,840 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/06 05:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 05:55:24 | 005,542,168 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
PRC - [2010/10/22 01:36:04 | 003,291,360 | ---- | M] () -- C:\Program Files (x86)\Bitvise WinSSHD\sshdctrl.exe
PRC - [2010/10/13 23:02:02 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/09/15 06:00:50 | 000,624,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.76\aaCenter.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 18:54:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads - Admin\OTL.exe
MOD - [2010/11/20 08:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/10/17 18:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/10/15 21:38:16 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/24 23:26:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/16 13:33:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/16 13:33:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/16 13:33:37 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 05:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/24 16:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/24 14:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) [Auto | Running] -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD)
SRV - [2010/10/13 13:44:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2010/01/27 08:43:06 | 000,049,664 | ---- | M] (The Digital Lifestyle.com) [Auto | Running] -- C:\Program Files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe -- (mceBackup Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/03 00:12:30 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/04/03 00:12:30 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/04/03 00:12:30 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/04/03 00:12:30 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/01/07 17:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/12/16 13:33:38 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/12/13 02:32:57 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/12/13 02:32:37 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2010/12/13 02:32:21 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/13 02:31:33 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/17 18:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/10/13 11:57:09 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/10/06 07:12:35 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 13:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/06/11 11:51:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/08/25 00:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/07 14:03:40 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 18 0F 39 2E F7 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://danswebspot.c...onsulting.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {6D0612DB-D5D3-474f-959E-FA754CCA2B1B}:3.0.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.8
FF - prefs.js..extensions.enabledItems: {79fcaa13-5f29-4c33-aad7-6c48c175760a}:0.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: {d5eeb813-935a-435d-b01e-b3a02f2cb408}:0.9.2
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.backup.ftp: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "201.59.176.82"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "201.59.176.82"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "200.172.79.174"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "200.172.79.174"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "200.172.79.174"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.172.79.174"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "200.172.79.174"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/14 00:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/04/26 00:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/22 16:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/24 21:26:46 | 000,000,000 | ---D | M]

[2010/10/13 21:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/04/21 12:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/04/02 01:15:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Page Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6D0612DB-D5D3-474f-959E-FA754CCA2B1B}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (zoomFox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}(2)
[2010/12/21 15:05:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/12/08 10:17:23 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/04/02 01:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] ("Universal Print") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
[2010/10/13 21:01:56 | 000,000,000 | ---D | M] ("Universal Print") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}(16999)
[2011/01/21 23:07:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] ("Dictionary Tooltip") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2011/04/02 01:15:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/02 01:17:45 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2011/04/02 01:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 01:16:29 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 01:17:33 | 000,000,000 | ---D | M] (CodeBurner for Firebug) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/18 23:49:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/10/13 21:01:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\foxmarks@kei(16945).com
[2011/04/02 01:17:20 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Kempelton) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 10:06:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 01:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2010/09/05 11:11:17 | 000,002,382 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\searchplugins\aviary.xml
[2011/03/17 09:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/17 09:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/14 00:08:18 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
[2011/04/26 00:59:23 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1464\6.6.1079\FIREFOXEXTENSION
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/27 19:59:37 | 000,433,443 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14916 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinSSHD Activation State Checker] C:\Program Files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe (Bitvise)
O4 - HKCU..\Run: [HKCU] C:\Users\Admin\AppData\Local\Temp\31517.exe ()
O4 - HKCU..\Run: [Local] C:\Users\Admin\AppData\Roaming\local.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Microsoft Windows] C:\Users\Admin\AppData\Roaming\Microsoft\JavaUpdate.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Skype] C:\Users\Admin\AppData\Roaming\svchost.exe (Mozilla Corporation)
O4 - HKCU..\Run: [Windows Defender] C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{749caee9-d6ea-11df-98ed-00248c0998f8}\Shell - "" = AutoRun
O33 - MountPoints2\{749caee9-d6ea-11df-98ed-00248c0998f8}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 07:04:11 | 000,000,000 | --SD | C] -- C:\Users\Admin\Documents\My Shapes
[2011/04/27 21:05:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44222E2A-778C-454E-BAAA-23120A69D7CB}
[2011/04/27 17:51:47 | 000,474,116 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\local.exe
[2011/04/27 16:36:07 | 000,474,116 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe
[2011/04/27 11:21:16 | 000,560,132 | -H-- | C] (Mozilla Corporation) -- C:\Users\Admin\AppData\Roaming\svchost.exe
[2011/04/27 09:04:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{426CFE15-1242-4E60-B139-497496D9BDFC}
[2011/04/26 00:50:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2011/04/26 00:50:04 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/04/26 00:49:53 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/04/26 00:49:53 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/04/26 00:49:53 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/04/26 00:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/26 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F253EB8-BC8D-4C51-B668-16AADD3C89CA}
[2011/04/25 22:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/25 22:07:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F7E047E-8E8B-495C-B06D-7235385FB04B}
[2011/04/25 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6C6A8BA-0E9C-4774-8FF5-765B43F7E542}
[2011/04/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1899E1BC-BFAC-48A3-94D4-F04CBCCD9BD7}
[2011/04/24 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A38E0263-6579-4387-A6C9-19E2F5F47632}
[2011/04/24 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7E1ACB71-2829-4151-8C4E-4D9E1FAA58A4}
[2011/04/23 23:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/23 23:32:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/23 17:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/23 12:03:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9F447BE6-ADA1-4F77-B74E-618826056B14}
[2011/04/22 09:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/22 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/22 08:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/22 08:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/04/22 08:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/22 08:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/21 23:38:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6C02C8DF-94C2-404B-AD19-35BE9237BCE7}
[2011/04/16 23:35:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{607AFD77-2960-4DAF-8949-B560078019D3}
[2011/04/15 01:14:03 | 000,000,000 | ---D | C] -- C:\temp
[2011/04/10 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A9EDEDB8-B794-4A65-A1AD-78FCAA22416B}
[2011/04/09 22:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\James Bond 007™ - Blood Stone
[2011/04/09 22:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011/04/09 22:00:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D5D74060-1B6E-46BF-A9AD-12FDD5B3C380}
[2011/04/08 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{940C414D-73C3-48E5-B111-2AD7BE3548A7}
[2011/04/08 21:13:19 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2011/04/08 21:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2011
[2011/04/04 21:57:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E134CF5A-54B6-4379-A21D-782CE5428FA7}
[2011/04/03 13:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011/04/03 13:37:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2011/04/03 13:37:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2011/04/03 13:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/04/03 09:56:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{46F3E77F-8B7A-465E-86E1-45066B346139}
[2011/04/02 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{66CFB16C-31A0-499E-BC19-CE2AA9490C33}
[2011/04/02 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7C5AA355-B1D4-4C29-B0E5-4959AA6563A5}
[2011/04/01 21:28:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\EA Games
[2011/04/01 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAF4D65-F961-43B7-B33A-1960ABE8CADB}
[2011/04/01 09:14:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7ADC152-3C3E-4918-8375-CD7D46BFD3B9}
[2011/03/31 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0EE4E0A-2303-487F-9FAE-05F5D56C3E9C}
[2011/02/26 12:01:12 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\0Q11SIUAOM.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/27 21:22:05 | 000,025,644 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\data.dat
[2011/04/27 21:21:39 | 000,311,246 | RHS- | M] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.dat
[2011/04/27 21:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001UA.job
[2011/04/27 19:59:37 | 000,433,443 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/27 19:59:37 | 000,433,443 | R--- | M] () -- C:\Users\Admin\Desktop\hosts
[2011/04/27 19:17:36 | 000,001,112 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk
[2011/04/27 19:17:12 | 000,004,384 | RHS- | M] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.cfg
[2011/04/27 19:16:06 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/04/27 19:16:00 | 000,000,632 | RHS- | M] () -- C:\Users\Admin\ntuser.pol
[2011/04/27 19:09:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 19:09:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 19:00:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 19:00:00 | 2146,246,655 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 18:56:07 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2011/04/27 18:43:44 | 000,002,062 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/04/26 23:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001Core.job
[2011/04/26 00:50:55 | 000,001,444 | ---- | M] () -- C:\Users\Admin\Desktop\Trend Micro Titanium Internet Security.lnk
[2011/04/26 00:49:50 | 000,775,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/26 00:49:50 | 000,658,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/26 00:49:50 | 000,118,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/23 17:14:15 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:11 | 005,635,094 | ---- | M] () -- C:\Users\Admin\Desktop\Sneakers.mp3
[2011/04/22 22:04:51 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/04/22 09:00:36 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/21 12:30:27 | 000,008,511 | -H-- | M] () -- C:\Users\Admin\AppData\Roaming\Adminlog.dat
[2011/04/20 23:25:48 | 000,538,624 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\chrtmp
[2011/04/19 16:20:01 | 000,208,448 | RHS- | M] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.xtr
[2011/04/15 03:42:26 | 005,054,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/15 00:49:00 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/10 00:04:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/10 00:04:20 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/09 15:10:57 | 000,001,307 | ---- | M] () -- C:\Users\Admin\Desktop\DPC Latency Tester v1.2.0.lnk
[2011/04/08 21:13:14 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2011/04/08 21:12:29 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/04/08 19:24:58 | 000,000,095 | ---- | M] () -- C:\Users\Admin\Desktop\Crysis 2 Patch 1.2 + MP crack (download torrent) - TPB.url
[2011/04/03 02:24:35 | 000,001,024 | ---- | M] () -- C:\Users\Admin\.rnd
[2011/04/03 00:12:30 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/04/03 00:12:30 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/04/03 00:12:30 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/04/03 00:12:30 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/04/03 00:06:13 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/04/03 00:02:02 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/04/01 15:57:02 | 000,000,084 | ---- | M] () -- C:\Users\Admin\Desktop\WinTV-HVR-2250 Support page.url
[2011/04/01 10:35:37 | 000,002,144 | ---- | M] () -- C:\Users\Admin\Desktop\Durlap01171_work_laptop.rdp
[2011/04/01 10:28:55 | 000,002,122 | ---- | M] () -- C:\Users\Admin\Desktop\Apollo.rdp
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/27 19:57:09 | 000,433,443 | R--- | C] () -- C:\Users\Admin\Desktop\hosts
[2011/04/27 19:17:12 | 000,004,384 | RHS- | C] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.cfg
[2011/04/26 00:50:39 | 000,001,444 | ---- | C] () -- C:\Users\Admin\Desktop\Trend Micro Titanium Internet Security.lnk
[2011/04/25 22:07:25 | 000,025,644 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\data.dat
[2011/04/23 17:14:15 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:10 | 005,635,094 | ---- | C] () -- C:\Users\Admin\Desktop\Sneakers.mp3
[2011/04/22 22:00:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/04/22 09:00:36 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/20 18:19:04 | 000,538,624 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\chrtmp
[2011/04/19 16:19:52 | 000,208,448 | RHS- | C] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.xtr
[2011/04/19 16:19:24 | 000,311,246 | RHS- | C] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.dat
[2011/04/15 00:49:00 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/10 00:04:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/10 00:04:20 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/09 15:11:10 | 000,001,307 | ---- | C] () -- C:\Users\Admin\Desktop\DPC Latency Tester v1.2.0.lnk
[2011/04/08 21:13:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2011/04/08 19:24:58 | 000,000,095 | ---- | C] () -- C:\Users\Admin\Desktop\Crysis 2 Patch 1.2 + MP crack (download torrent) - TPB.url
[2011/04/03 13:37:31 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011/04/03 02:25:34 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2011/04/01 15:57:02 | 000,000,084 | ---- | C] () -- C:\Users\Admin\Desktop\WinTV-HVR-2250 Support page.url
[2010/12/25 23:08:03 | 000,002,062 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/12/23 18:29:38 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/23 18:45:12 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/23 18:45:10 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/23 18:45:09 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/11 21:12:32 | 000,007,610 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/11/04 18:58:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/04 18:58:59 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/04 18:58:04 | 000,026,728 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/10/26 22:14:27 | 000,000,163 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PLGComp.ini
[2010/10/15 21:56:50 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\adesk_patcher64.exe
[2010/10/15 08:40:11 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/15 03:07:36 | 000,746,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/15 02:02:41 | 000,000,487 | ---- | C] () -- C:\Windows\my.ini
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/13 13:32:27 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010/10/13 13:31:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/13 13:31:37 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/13 12:14:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/11 00:42:26 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/13 00:38:41 | 000,022,328 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys
[2009/03/11 19:50:10 | 000,000,105 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.pls
[2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/08/13 12:42:34 | 000,008,511 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\Adminlog.dat

========== LOP Check ==========

[2010/10/13 20:59:39 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\.#
[2010/10/13 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\1407F3B3-F6F4-42A3-9F71-9B11560DB0BD
[2010/10/13 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2011/04/03 13:44:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\App Launcher Gadget
[2010/11/04 07:34:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Autodesk
[2011/04/03 13:37:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010/12/18 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/13 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ContentGuard
[2010/11/20 18:33:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GetRightToGo
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GlarySoft
[2011/03/25 08:47:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hive Cluster
[2010/12/31 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2009/04/16 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iTSfv
[2010/10/13 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Network Associates
[2011/04/03 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2010/10/07 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenDNS Updater
[2010/11/04 07:34:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/10/13 22:03:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Prish
[2011/03/08 23:59:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Rovio
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2010/11/20 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\StreamTorrent
[2010/10/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Subversion
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010/12/13 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ulead Systems
[2009/04/10 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2011/04/27 09:55:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VSO
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/10/13 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1
[2010/10/13 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/04/27 19:16:06 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/20 10:16:47 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Any help would be greatly appreciated. I use this PC for web devel work and I am worried about losing data.

Thanks... Dan
  • 0

Advertisements

#2
DanoNH
Posted 27 April 2011 - 08:25 PM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
I also wanted to ad that I have used uTorrent to download files, and have logged into my computer before to find uTorrent running and seeing some wierd file I don't recall downloading. It could have been my kid or something I suppose, but I'm not sure...

Maybe I got a malicious download somehow?

One more thing: I did notice some corruption in my hosts file that I fixed prior to running OTL.exe. I think Spybot may have done this... This hosts file part is fixed but I think some issues still remain:

127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com

Edited by DanoNH, 01 May 2011 - 08:26 PM.

  • 0

#3
DanoNH
Posted 01 May 2011 - 08:25 PM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
I haven't seen any reply on this yet and was wondering if someone could review my OTL log for potential issues. I have scanned a few times with Malwarebytes run as Administrator, and it keeps finding files in my LocalData/Roaming folder, the registry, and other files, all of which I say to delete, reboot when prompted. I then allow the UAC prompt upon initial reboot login to allow Malwarebytes to delete the threats (or so it appears).

Do I need to disable UAC, run in safe mode, or do some other ting to get rid of these seemingly-recurring issues once and for all?

Thanks... Dan
  • 0

#4
DanoNH
Posted 09 May 2011 - 04:35 AM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Is anyone able to help me at all? No responses whatsoever... Bummer
  • 0

#5
michaelg9
Posted 21 May 2011 - 11:46 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :yes:
:) . My name is Michael and I am here to help you fix your computer. :unsure:
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read.
  • Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Sorry for the late reply. BTW if you answer to your topic, it's likely that nobody will pick your topic, as we usually take topics with zero replies. :)


You have a nice collection there.




Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


Next:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/04/27 17:51:48 | 000,474,116 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\local.exe
    PRC - [2011/04/27 16:36:08 | 000,474,116 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [HKCU] C:\Users\Admin\AppData\Local\Temp\31517.exe ()
    O4 - HKCU..\Run: [Local] C:\Users\Admin\AppData\Roaming\local.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Microsoft Windows] C:\Users\Admin\AppData\Roaming\Microsoft\JavaUpdate.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [Skype] C:\Users\Admin\AppData\Roaming\svchost.exe (Mozilla Corporation)
    O4 - HKCU..\Run: [Windows Defender] C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe (Adobe Systems Incorporated)
    O33 - MountPoints2\{749caee9-d6ea-11df-98ed-00248c0998f8}\Shell - "" = AutoRun
    O33 - MountPoints2\{749caee9-d6ea-11df-98ed-00248c0998f8}\Shell\AutoRun\command - "" = H:\Autorun.exe
    [2011/04/27 21:05:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44222E2A-778C-454E-BAAA-23120A69D7CB}
    [2011/04/27 17:51:47 | 000,474,116 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\local.exe
    [2011/04/27 16:36:07 | 000,474,116 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Admin\AppData\Roaming\Ubdate27,4.exe
    [2011/04/27 11:21:16 | 000,560,132 | -H-- | C] (Mozilla Corporation) -- C:\Users\Admin\AppData\Roaming\svchost.exe
    [2011/04/27 09:04:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{426CFE15-1242-4E60-B139-497496D9BDFC}
    [2011/04/26 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F253EB8-BC8D-4C51-B668-16AADD3C89CA}
    [2011/04/25 22:07:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F7E047E-8E8B-495C-B06D-7235385FB04B}
    [2011/04/25 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D6C6A8BA-0E9C-4774-8FF5-765B43F7E542}
    [2011/04/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1899E1BC-BFAC-48A3-94D4-F04CBCCD9BD7}
    [2011/04/24 21:20:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A38E0263-6579-4387-A6C9-19E2F5F47632}
    [2011/04/24 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7E1ACB71-2829-4151-8C4E-4D9E1FAA58A4}
    [2011/04/23 12:03:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9F447BE6-ADA1-4F77-B74E-618826056B14}
    [2011/04/21 23:38:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6C02C8DF-94C2-404B-AD19-35BE9237BCE7}
    [2011/04/16 23:35:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{607AFD77-2960-4DAF-8949-B560078019D3}
    [2011/04/10 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A9EDEDB8-B794-4A65-A1AD-78FCAA22416B}
    [2011/04/09 22:00:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D5D74060-1B6E-46BF-A9AD-12FDD5B3C380}
    [2011/04/08 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{940C414D-73C3-48E5-B111-2AD7BE3548A7}
    [2011/04/04 21:57:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E134CF5A-54B6-4379-A21D-782CE5428FA7}
    2011/04/03 09:56:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{46F3E77F-8B7A-465E-86E1-45066B346139}
    [2011/04/02 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{66CFB16C-31A0-499E-BC19-CE2AA9490C33}
    [2011/04/02 09:15:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7C5AA355-B1D4-4C29-B0E5-4959AA6563A5}
    [2011/04/01 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAF4D65-F961-43B7-B33A-1960ABE8CADB}
    [2011/04/01 09:14:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7ADC152-3C3E-4918-8375-CD7D46BFD3B9}
    [2011/03/31 09:14:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F0EE4E0A-2303-487F-9FAE-05F5D56C3E9C}
    [2011/02/26 12:01:12 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Admin\AppData\Roaming\0Q11SIUAOM.exe
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2011/04/27 21:22:05 | 000,025,644 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\data.dat
    [2011/04/20 23:25:48 | 000,538,624 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\chrtmp
    [2011/04/19 16:20:01 | 000,208,448 | RHS- | M] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.xtr
    [2011/04/03 00:06:13 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
    [2011/04/03 00:02:02 | 000,001,489 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
    [3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2011/04/25 22:07:25 | 000,025,644 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\data.dat
    [2011/04/20 18:19:04 | 000,538,624 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\chrtmp
    [2011/04/19 16:19:52 | 000,208,448 | RHS- | C] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.xtr
    [2011/04/19 16:19:24 | 000,311,246 | RHS- | C] () -- C:\Users\Admin\AppData\Roaming\--((Mutex))--.dat
    [2010/10/15 21:56:50 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\adesk_patcher64.exe
    [2010/02/08 07:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
    [2005/08/13 12:42:34 | 000,008,511 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\Adminlog.dat
    [2010/10/13 20:59:39 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Roaming\.#
    [2010/10/13 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\1407F3B3-F6F4-42A3-9F71-9B11560DB0BD

    :Services

    :Reg

    :Files
    %AppData%\data.dat
    %Programs%\Startup\Driver.dll
    %System%\Driver.dll
    %System%\amvo0.dll

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Next:
Please post the file named Extras.txt stored in C:\Users\Admin\Downloads


There are some custom setting in FireFox, according proxy, ftp etc:

FF - prefs.js..network.proxy.backup.ftp: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "201.59.176.82"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "201.59.176.82"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "200.172.79.174"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "200.172.79.174"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "200.172.79.174"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.172.79.174"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "200.172.79.174"
FF - prefs.js..network.proxy.ssl_port: 3128


Did you set them?
  • 0

#6
DanoNH
Posted 22 May 2011 - 10:07 AM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Thank you so much for helping me, Michael. Hopefully I've performed and posted everything correctly.

Here is my ComboFix log:

ComboFix 11-05-21.03 - Admin 05/22/2011 9:16.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.5204 [GMT -4:00]
Running from: c:\users\Admin\Desktop\Clean\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\.#
c:\users\Admin\AppData\Roaming\.#\MBX@1654@162970.###
c:\users\Admin\AppData\Roaming\.#\MBX@1654@1629A0.###
c:\users\Admin\AppData\Roaming\.#\MBX@1654@1629D0.###
c:\users\Admin\AppData\Roaming\0Q11SIUAOM.exe
c:\users\Admin\AppData\Roaming\Adminlog.dat
c:\users\Admin\AppData\Roaming\chrtmp
c:\users\Admin\AppData\Roaming\MSWINSCK.OCX
c:\windows\My.ini
c:\windows\system32\service
c:\windows\system32\Temp
c:\windows\system32\drivers\etc\lmhosts . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-22 14:35 . 2011-05-22 14:35 -------- d-----w- c:\users\Samai\AppData\Local\temp
2011-05-22 14:35 . 2011-05-22 14:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 14:35 . 2011-05-22 14:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-22 14:35 . 2011-05-22 14:35 -------- d-----w- c:\users\Samai.Zeus\AppData\Local\temp
2011-05-22 14:35 . 2011-05-22 14:35 -------- d-----w- c:\users\Dan\AppData\Local\temp
2011-05-22 13:13 . 2011-05-22 13:13 -------- d-----w- C:\32788R22FWJFW
2011-05-21 18:03 . 2011-05-22 06:03 -------- d-----w- c:\users\Admin\AppData\Local\{5952DB83-E2E5-47E5-B008-F9B149C2147A}
2011-05-17 03:26 . 2011-05-17 03:26 -------- d-----w- c:\program files (x86)\Microsoft Games
2011-05-17 03:24 . 2011-05-17 03:24 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Game Studios
2011-05-17 03:23 . 2011-05-17 03:24 -------- d-----w- c:\programdata\Microsoft Games
2011-05-17 03:23 . 2011-05-17 03:23 -------- d-----w- c:\users\Admin\AppData\Roaming\Microsoft Game Studios
2011-05-14 18:02 . 2011-05-21 06:03 -------- d-----w- c:\users\Admin\AppData\Local\{B3ED886D-DDC9-4A99-A109-5F2B17109610}
2011-05-14 15:44 . 2011-03-18 05:24 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-05-14 15:44 . 2011-03-18 05:24 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-05-14 15:43 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-05-14 15:43 . 2011-05-14 15:44 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-05-14 15:43 . 2010-05-15 20:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-05-14 15:43 . 2010-05-15 20:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-05-14 15:43 . 2011-05-14 15:43 -------- d-----w- c:\program files (x86)\Zone Labs
2011-05-14 15:42 . 2011-05-14 15:42 -------- d-----w- c:\programdata\CheckPoint
2011-05-14 15:42 . 2011-05-22 14:46 -------- d-----w- c:\windows\Internet Logs
2011-05-13 17:46 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-13 17:46 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-13 13:12 . 2011-05-13 13:13 -------- d-----w- c:\users\Samai.Zeus\AppData\Local\{797DAF54-8200-44C1-B636-37405E0A66CA}
2011-05-11 22:59 . 2011-05-11 22:59 -------- d-----w- c:\users\Samai.Zeus\AppData\Local\{47648DB7-C5A5-4241-8CC3-18FF543EB6D6}
2011-05-11 02:13 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 02:13 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 02:13 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 05:59 . 2011-05-14 06:02 -------- d-----w- c:\users\Admin\AppData\Local\{42DD012B-9CD8-49B2-A33C-CDC0D33848CB}
2011-05-09 04:38 . 2011-05-09 04:38 -------- d-----w- c:\users\Admin\AppData\Local\{63171AE3-C8E2-4BCE-AC1A-B114FC861D51}
2011-05-07 02:06 . 2011-05-07 02:06 -------- d-----w- c:\users\Admin\AppData\Local\SKIDROW
2011-05-07 00:16 . 2011-05-09 04:48 -------- d-----w- c:\users\Admin\dwhelper
2011-05-06 13:46 . 2011-05-08 01:47 -------- d-----w- c:\users\Admin\AppData\Local\{4ED04698-788B-4C58-A1F9-F6CD4D43D272}
2011-05-06 04:55 . 2011-05-06 04:55 -------- d-----w- c:\program files (x86)\Valve
2011-05-06 01:06 . 2011-05-06 01:07 -------- d-----w- c:\windows\AutoRearm
2011-05-06 01:03 . 2011-05-17 16:34 -------- d-----w- c:\windows\AutoKMS
2011-05-05 21:31 . 2011-05-05 21:31 -------- d-----w- c:\users\Admin\AppData\Local\{7A0EFAE3-9A64-46EA-A884-12AEB162AADF}
2011-05-02 09:29 . 2011-05-05 09:30 -------- d-----w- c:\users\Admin\AppData\Local\{D8C8EA59-44AE-47E9-8DB8-6029ECCFDE35}
2011-05-01 15:09 . 2011-05-01 15:09 -------- d-----w- c:\users\Admin\AppData\Local\{2618B918-3D38-4062-A333-B749A5B988D7}
2011-05-01 11:23 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\A822.tmp
2011-05-01 11:17 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\D95D.tmp
2011-05-01 11:17 . 2011-05-01 11:17 -------- d-----w- c:\program files (x86)\Sophos
2011-04-30 15:08 . 2011-05-01 03:09 -------- d-----w- c:\users\Admin\AppData\Local\{B090F0B1-6C8B-4A77-B552-266FFF566C30}
2011-04-30 14:16 . 2011-04-30 14:16 -------- d-----w- c:\users\Dan\AppData\Roaming\Rovio
2011-04-30 11:41 . 2011-04-30 11:41 -------- d-----w- c:\users\Dan\AppData\Local\{5071A85E-D005-42DF-82BC-0D8B606B5002}
2011-04-30 11:41 . 2011-04-30 11:41 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2011-04-30 11:38 . 2011-04-30 11:39 -------- d-----r- c:\users\Dan\Virtual Machines
2011-04-29 01:30 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-29 01:30 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-29 01:30 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-29 01:30 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-29 01:30 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-29 01:30 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-29 01:30 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-04-29 01:30 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-29 01:06 . 2011-04-30 01:06 -------- d-----w- c:\users\Admin\AppData\Local\{5121FE67-0CDC-443F-8DDF-09DFF402C8A1}
2011-04-29 00:43 . 2011-04-29 00:43 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-04-28 16:49 . 2011-05-21 13:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-28 13:05 . 2011-04-28 13:05 -------- d-----w- c:\users\Admin\AppData\Local\{BCA05E37-E951-4AF7-9CD0-A48D002759D5}
2011-04-28 10:08 . 2011-04-28 10:08 -------- d-----w- c:\windows\system32\Macromed
2011-04-28 08:41 . 2011-04-28 08:41 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-28 08:37 . 2011-04-28 08:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 01:05 . 2011-04-28 01:05 -------- d-----w- c:\users\Admin\AppData\Local\{44222E2A-778C-454E-BAAA-23120A69D7CB}
2011-04-27 13:04 . 2011-04-27 13:05 -------- d-----w- c:\users\Admin\AppData\Local\{426CFE15-1242-4E60-B139-497496D9BDFC}
2011-04-27 10:27 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:27 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 04:50 . 2011-04-03 04:12 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-04-26 04:49 . 2011-04-03 04:12 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-04-26 04:49 . 2011-04-03 04:12 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-04-26 04:49 . 2011-04-03 04:12 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-26 04:39 . 2011-04-26 04:46 -------- d-----w- c:\program files\Trend Micro
2011-04-26 04:37 . 2011-04-26 04:37 -------- d-----w- c:\users\Admin\AppData\Local\{7F253EB8-BC8D-4C51-B668-16AADD3C89CA}
2011-04-26 02:07 . 2011-04-26 02:07 -------- d-----w- c:\users\Admin\AppData\Local\{7F7E047E-8E8B-495C-B06D-7235385FB04B}
2011-04-26 01:21 . 2011-04-26 01:21 -------- d-----w- c:\users\Admin\AppData\Local\{D6C6A8BA-0E9C-4774-8FF5-765B43F7E542}
2011-04-25 13:21 . 2011-04-25 13:21 -------- d-----w- c:\users\Admin\AppData\Local\{1899E1BC-BFAC-48A3-94D4-F04CBCCD9BD7}
2011-04-25 01:27 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-25 01:20 . 2011-04-25 01:21 -------- d-----w- c:\users\Admin\AppData\Local\{A38E0263-6579-4387-A6C9-19E2F5F47632}
2011-04-24 04:04 . 2011-04-24 04:04 -------- d-----w- c:\users\Admin\AppData\Local\{7E1ACB71-2829-4151-8C4E-4D9E1FAA58A4}
2011-04-24 03:32 . 2011-04-24 03:32 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 03:32 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 16:03 . 2011-04-23 16:03 -------- d-----w- c:\users\Admin\AppData\Local\{9F447BE6-ADA1-4F77-B74E-618826056B14}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 19:04 . 2011-04-13 19:04 45432 ----a-w- c:\windows\system32\drivers\point64.sys
2011-04-13 07:38 . 2010-10-19 11:37 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-13 07:37 . 2010-10-19 11:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-10 04:04 . 2011-04-10 04:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-10 04:04 . 2011-04-10 04:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-10 04:04 . 2011-04-10 04:04 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-10 04:04 . 2011-04-10 04:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-10 04:04 . 2011-04-10 04:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-10 04:04 . 2011-04-10 04:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-10 04:04 . 2011-04-10 04:04 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-10 04:04 . 2011-04-10 04:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-10 04:04 . 2011-04-10 04:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-10 04:04 . 2011-04-10 04:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-10 04:04 . 2011-04-10 04:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-10 04:04 . 2011-04-10 04:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-10 04:04 . 2011-04-10 04:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-10 04:04 . 2011-04-10 04:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-10 04:04 . 2011-04-10 04:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-10 04:04 . 2011-04-10 04:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-10 04:04 . 2011-04-10 04:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-10 04:04 . 2011-04-10 04:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-10 04:04 . 2011-04-10 04:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-10 04:04 . 2011-04-10 04:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-10 04:04 . 2011-04-10 04:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-10 04:04 . 2011-04-10 04:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-10 04:04 . 2011-04-10 04:04 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-10 04:04 . 2011-04-10 04:04 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-10 04:04 . 2011-04-10 04:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-10 04:04 . 2011-04-10 04:04 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-10 04:04 . 2011-04-10 04:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-10 04:04 . 2011-04-10 04:04 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-10 04:04 . 2011-04-10 04:04 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-10 04:04 . 2011-04-10 04:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-10 04:04 . 2011-04-10 04:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-10 04:04 . 2011-04-10 04:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-10 04:04 . 2011-04-10 04:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-10 04:04 . 2011-04-10 04:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-10 04:04 . 2011-04-10 04:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-10 04:04 . 2011-04-10 04:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-10 04:04 . 2011-04-10 04:04 448512 ----a-w- c:\windows\system32\html.iec
2011-04-10 04:04 . 2011-04-10 04:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-10 04:04 . 2011-04-10 04:04 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-10 04:04 . 2011-04-10 04:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-10 04:04 . 2011-04-10 04:04 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-10 04:04 . 2011-04-10 04:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 03:00 . 2011-04-09 03:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 03:00 . 2011-04-09 03:00 464896 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-30 19:13 . 2010-10-13 18:51 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-30 07:24 . 2011-03-30 07:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll
2011-03-28 08:02 . 2011-03-28 08:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-4\Microsoft.MediaCenter.Sports.UI.dll
2011-03-26 07:11 . 2011-03-26 07:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2011-03-25 01:36 . 2010-10-13 18:50 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-25 01:25 . 2010-10-13 18:50 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-25 01:25 . 2010-10-15 11:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-12 00:41 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 06:34 . 2011-04-14 21:26 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 21:26 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 21:26 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 21:26 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-14 21:26 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 21:26 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-27 10:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-27 10:28 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 21:26 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 21:26 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 21:26 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 21:26 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-26 18:50 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-26 18:50 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-24 06:15 . 2011-04-14 21:26 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 21:26 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 21:25 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 21:26 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 21:26 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 21:26 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 21:25 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 21:25 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 21:25 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 590056]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"WinSSHD Activation State Checker"="c:\program files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe" [2010-10-22 246016]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-06 5542168]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Norton Ghost 15.0"="c:\program files (x86)\Norton Ghost\Agent\VProTray.exe" [2010-03-04 2598760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zinio Alert Messenger.lnk - c:\program files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe [2010-10-13 126976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 XAMPP;XAMPP Service;c:\xampp\service.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-16 1436424]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A822.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-13 3246040]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-16 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 mceBackup Service;mceBackup Service;c:\program files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe [2010-01-27 49664]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
S2 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2011-02-28 23840]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-11-22 21:24]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-13 15:53]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-13 15:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 23:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 390728]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\
FF - prefs.js: browser.startup.homepage - hxxp://danswebspot.com/|http://cartierconsulting.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A822.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Bitvise WinSSHD\WinSSHD.exe
c:\program files (x86)\Bitvise WinSSHD\sshdctrl.exe
c:\program files (x86)\ASUS\AASP\1.00.76\aaCenter.exe
.
**************************************************************************
.
Completion time: 2011-05-22 10:52:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-22 14:52
.
Pre-Run: 40,060,243,968 bytes free
Post-Run: 41,050,017,792 bytes free
.
- - End Of File - - 8B0DE89349388C807D4458042A00BE03


My OTL.txt log file after cleanup and Quick Scan:

OTL logfile created on: 5/22/2011 11:28:16 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop\Clean
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 74.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 38.36 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Drive D: | 233.42 Gb Total Space | 60.99 Gb Free Space | 26.13% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 476.70 Gb Free Space | 51.17% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 576.23 Gb Free Space | 61.86% Space Free | Partition Type: NTFS

Computer Name: ZEUS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 02:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Clean\OTL.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/28 16:26:48 | 000,023,840 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2011/01/31 01:36:41 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
PRC - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/06 05:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 05:55:24 | 005,542,168 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
PRC - [2010/10/22 01:36:04 | 003,291,360 | ---- | M] () -- C:\Program Files (x86)\Bitvise WinSSHD\sshdctrl.exe
PRC - [2010/10/13 23:02:02 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
PRC - [2010/10/13 13:44:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/09/15 06:00:50 | 000,624,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.76\aaCenter.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 02:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Clean\OTL.exe
MOD - [2010/11/20 08:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/10/17 18:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/10/15 21:38:16 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/01/24 23:26:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/16 13:33:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/16 13:33:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/16 13:33:37 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 05:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/24 16:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/24 14:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) [Auto | Running] -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD)
SRV - [2010/10/13 13:44:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2010/01/27 08:43:06 | 000,049,664 | ---- | M] (The Digital Lifestyle.com) [Auto | Running] -- C:\Program Files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe -- (mceBackup Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/03 00:12:30 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/04/03 00:12:30 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/04/03 00:12:30 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/04/03 00:12:30 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 13:33:38 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/12/13 02:32:57 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/12/13 02:32:37 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2010/12/13 02:32:21 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/13 02:31:33 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/17 18:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/10/13 11:57:09 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/10/06 07:12:35 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 13:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/06/11 11:51:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/08/25 00:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/07 14:03:40 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 98 E2 EE B0 14 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://danswebspot.c...onsulting.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {6D0612DB-D5D3-474f-959E-FA754CCA2B1B}:3.0.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.9
FF - prefs.js..extensions.enabledItems: {79fcaa13-5f29-4c33-aad7-6c48c175760a}:0.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: {d5eeb813-935a-435d-b01e-b3a02f2cb408}:0.9.2
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.backup.ftp: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "201.59.176.82"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "201.59.176.82"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "201.59.176.82"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "200.172.79.174"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "200.172.79.174"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "200.172.79.174"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "200.172.79.174"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "200.172.79.174"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/14 00:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/05/22 02:46:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/28 21:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/28 21:30:23 | 000,000,000 | ---D | M]

[2010/10/13 21:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/05/17 06:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/04/02 01:15:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Page Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6D0612DB-D5D3-474f-959E-FA754CCA2B1B}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (zoomFox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}(2)
[2010/12/21 15:05:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/04/02 01:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/13 21:01:56 | 000,000,000 | ---D | M] ("Universal Print") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}(16999)
[2011/01/21 23:07:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/04/02 01:17:45 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 01:17:33 | 000,000,000 | ---D | M] (CodeBurner for Firebug) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/18 23:49:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/10/13 21:01:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\foxmarks@kei(16945).com
[2011/05/05 21:45:32 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Kempelton) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 10:06:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/09/05 11:11:17 | 000,002,382 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\searchplugins\aviary.xml
[2011/04/28 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/17 09:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/10/14 00:08:18 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{BE2100B3-1D80-48EB-ACCF-D26750644378}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/30 18:06:22 | 000,433,897 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14932 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinSSHD Activation State Checker] C:\Program Files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe (Bitvise)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 07:04:11 | 000,000,000 | --SD | C] -- C:\Users\Admin\Documents\My Shapes
[2011/05/22 11:09:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 10:46:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/22 09:13:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 09:13:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/22 08:24:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 08:24:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 08:24:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 08:23:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/22 08:21:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/22 02:49:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Clean
[2011/05/21 14:03:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5952DB83-E2E5-47E5-B008-F9B149C2147A}
[2011/05/16 23:33:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/16 23:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/05/16 23:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Game Studios
[2011/05/16 23:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/05/16 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft Game Studios
[2011/05/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3ED886D-DDC9-4A99-A109-5F2B17109610}
[2011/05/14 11:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/05/14 11:43:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/05/14 11:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/05/14 11:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/05/14 11:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/10 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{42DD012B-9CD8-49B2-A33C-CDC0D33848CB}
[2011/05/09 00:38:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{63171AE3-C8E2-4BCE-AC1A-B114FC861D51}
[2011/05/06 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SKIDROW
[2011/05/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\dwhelper
[2011/05/06 09:46:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4ED04698-788B-4C58-A1F9-F6CD4D43D272}
[2011/05/06 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/06 01:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEStudio
[2011/05/06 00:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011/05/05 23:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/05 23:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/05 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\AutoRearm
[2011/05/05 21:03:57 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2011/05/05 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A0EFAE3-9A64-46EA-A884-12AEB162AADF}
[2011/05/02 05:29:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D8C8EA59-44AE-47E9-8DB8-6029ECCFDE35}
[2011/05/01 11:09:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2618B918-3D38-4062-A333-B749A5B988D7}
[2011/05/01 07:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/01 07:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/04/30 11:08:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B090F0B1-6C8B-4A77-B552-266FFF566C30}
[2011/04/28 21:06:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5121FE67-0CDC-443F-8DDF-09DFF402C8A1}
[2011/04/28 20:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/04/28 20:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/04/28 12:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/28 09:05:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BCA05E37-E951-4AF7-9CD0-A48D002759D5}
[2011/04/28 06:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/04/28 04:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/28 04:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/28 04:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/26 00:50:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2011/04/26 00:50:04 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/04/26 00:49:53 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/04/26 00:49:53 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/04/26 00:49:53 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/04/26 00:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/23 23:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/23 23:32:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/23 17:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 11:32:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 11:32:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/22 11:25:40 | 000,001,112 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk
[2011/05/22 11:24:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/22 11:24:08 | 000,000,632 | RHS- | M] () -- C:\Users\Admin\ntuser.pol
[2011/05/22 11:22:52 | 2146,246,655 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 11:22:02 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2011/05/22 11:17:33 | 000,000,787 | ---- | M] () -- C:\Users\Admin\Desktop\hosts
[2011/05/22 11:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001UA.job
[2011/05/22 02:03:13 | 000,002,062 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/05/21 23:08:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001Core.job
[2011/05/18 16:30:00 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2011/05/18 14:26:15 | 000,002,122 | ---- | M] () -- C:\Users\Admin\Desktop\Apollo.rdp
[2011/05/17 03:36:42 | 000,001,081 | ---- | M] () -- C:\Users\Admin\Desktop\putty.exe - Shortcut.lnk
[2011/05/17 03:22:48 | 000,006,972 | ---- | M] () -- C:\Users\Admin\Desktop\How_do_I_create_a_cron_job.pdf
[2011/05/16 22:41:59 | 000,658,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/16 22:41:59 | 000,118,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/16 22:41:58 | 000,771,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/16 21:15:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2011/05/15 16:22:56 | 000,016,621 | ---- | M] () -- C:\Users\Admin\Desktop\dn3251e951223626f6264f.pdf
[2011/05/14 11:45:03 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/05/13 15:09:19 | 000,002,393 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2011/05/06 01:42:37 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/06 01:37:33 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2011/04/30 18:06:22 | 000,433,897 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/04/29 23:34:28 | 000,000,132 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/29 22:40:49 | 000,001,456 | ---- | M] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/29 21:12:58 | 005,054,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/28 21:30:33 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/28 12:14:26 | 000,433,443 | ---- | M] () -- C:\Users\Admin\Desktop\hosts_WithAdobeAndSpybotEntries
[2011/04/28 12:14:26 | 000,433,443 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110430-180622.backup
[2011/04/28 06:19:28 | 000,001,470 | ---- | M] () -- C:\Users\Admin\Desktop\iexplore - Shortcut.lnk
[2011/04/28 04:41:41 | 000,001,345 | ---- | M] () -- C:\Users\Admin\Desktop\SpybotSD - Shortcut.lnk
[2011/04/23 17:14:15 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:11 | 005,635,094 | ---- | M] () -- C:\Users\Admin\Desktop\Sneakers.mp3
[2011/04/22 22:04:51 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 08:24:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 08:24:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 08:24:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 08:24:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 08:24:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 03:36:42 | 000,001,081 | ---- | C] () -- C:\Users\Admin\Desktop\putty.exe - Shortcut.lnk
[2011/05/17 03:24:35 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2011/05/17 03:23:00 | 000,006,972 | ---- | C] () -- C:\Users\Admin\Desktop\How_do_I_create_a_cron_job.pdf
[2011/05/15 16:23:04 | 000,016,621 | ---- | C] () -- C:\Users\Admin\Desktop\dn3251e951223626f6264f.pdf
[2011/05/14 11:43:51 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/05/14 11:24:00 | 000,004,096 | -HS- | C] () -- C:\VSNAP.IDX
[2011/05/06 01:42:37 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/06 01:37:33 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2011/05/04 21:32:07 | 000,002,393 | ---- | C] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2011/04/29 23:34:28 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/28 21:30:33 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 21:30:33 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/28 20:40:52 | 000,001,412 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/04/28 20:40:51 | 000,001,446 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/28 06:19:28 | 000,001,470 | ---- | C] () -- C:\Users\Admin\Desktop\iexplore - Shortcut.lnk
[2011/04/28 04:41:43 | 000,001,345 | ---- | C] () -- C:\Users\Admin\Desktop\SpybotSD - Shortcut.lnk
[2011/04/27 19:57:09 | 000,433,443 | ---- | C] () -- C:\Users\Admin\Desktop\hosts_WithAdobeAndSpybotEntries
[2011/04/27 19:57:09 | 000,000,787 | ---- | C] () -- C:\Users\Admin\Desktop\hosts
[2011/04/23 17:14:15 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:10 | 005,635,094 | ---- | C] () -- C:\Users\Admin\Desktop\Sneakers.mp3
[2011/04/22 22:00:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/25 23:08:03 | 000,002,062 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/12/23 18:29:38 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/23 18:45:12 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/23 18:45:10 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/23 18:45:09 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/11 21:12:32 | 000,007,610 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/11/04 18:58:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/04 18:58:59 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/04 18:58:04 | 000,026,728 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/10/26 22:14:27 | 000,000,163 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PLGComp.ini
[2010/10/15 08:40:11 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/15 03:07:36 | 000,746,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/13 13:32:27 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010/10/13 13:31:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/13 13:31:37 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/13 12:14:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/11 00:42:26 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/13 00:38:41 | 000,022,328 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys
[2009/03/11 19:50:10 | 000,000,105 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.pls
[2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/10/13 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2011/05/16 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\App Launcher Gadget
[2010/11/04 07:34:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Autodesk
[2011/04/03 13:37:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010/12/18 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/13 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ContentGuard
[2010/11/20 18:33:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GetRightToGo
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GlarySoft
[2011/03/25 08:47:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hive Cluster
[2010/12/31 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2009/04/16 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iTSfv
[2010/10/13 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Network Associates
[2011/04/03 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2010/10/07 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenDNS Updater
[2010/11/04 07:34:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/10/13 22:03:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Prish
[2011/03/08 23:59:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Rovio
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2010/11/20 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\StreamTorrent
[2010/10/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Subversion
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010/12/13 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ulead Systems
[2009/04/10 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2011/05/14 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VSO
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/10/13 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1
[2010/10/13 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/05/22 11:24:14 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/20 10:16:47 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


My GooredFix.txt log file:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:48 on 22/05/2011 (Admin)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:30 29/04/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [13:14 17/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [04:08 14/10/2010]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\" [06:46 22/05/2011]

-=E.O.F=-


As far as the Firefox proxy settings, I don't remember explicitly setting them but could they be old entries from FEBE or CLEO or Xmarks or LastPass or QuickProxy? I do use QuickProxy a lot because of different locations I have been and I have copied my Firefox profile around over the years to different machines...

I am wondering what programs and/or tools may not work after all of this clean up...

Thank you very much again.

-Dan

Edited by DanoNH, 22 May 2011 - 06:04 PM.

  • 0

#7
DanoNH
Posted 22 May 2011 - 06:08 PM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Hi Michael,

I edited my last response because I realized that Zone Alarm had locked my hosts file. Once I turned off that setting, I was able to default it.

-Dan
  • 0

#8
michaelg9
Posted 23 May 2011 - 05:34 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Please don't quote your logs, just post them as is.

I cleared the proxy settings of FireFox, just to let you know

Normally, the fixes shouldn't affect legit programs, but if they do, let me know :)


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.backup.ftp: "201.59.176.82"
    FF - prefs.js..network.proxy.backup.ftp_port: 3128
    FF - prefs.js..network.proxy.backup.gopher: "201.59.176.82"
    FF - prefs.js..network.proxy.backup.gopher_port: 3128
    FF - prefs.js..network.proxy.backup.socks: "201.59.176.82"
    FF - prefs.js..network.proxy.backup.socks_port: 3128
    FF - prefs.js..network.proxy.backup.ssl: "201.59.176.82"
    FF - prefs.js..network.proxy.backup.ssl_port: 3128
    FF - prefs.js..network.proxy.ftp: "200.172.79.174"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.gopher: "200.172.79.174"
    FF - prefs.js..network.proxy.gopher_port: 3128
    FF - prefs.js..network.proxy.http: "200.172.79.174"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "200.172.79.174"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "200.172.79.174"
    FF - prefs.js..network.proxy.ssl_port: 3128
    [2011/05/21 14:03:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5952DB83-E2E5-47E5-B008-F9B149C2147A}
    [2011/05/14 14:02:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B3ED886D-DDC9-4A99-A109-5F2B17109610}
    [2011/05/10 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{42DD012B-9CD8-49B2-A33C-CDC0D33848CB}
    [2011/05/09 00:38:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{63171AE3-C8E2-4BCE-AC1A-B114FC861D51}
    [2011/05/06 09:46:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4ED04698-788B-4C58-A1F9-F6CD4D43D272}
    [2011/05/05 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\AutoRearm
    [2011/05/05 21:03:57 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
    [2011/05/05 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7A0EFAE3-9A64-46EA-A884-12AEB162AADF}
    [2011/05/02 05:29:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D8C8EA59-44AE-47E9-8DB8-6029ECCFDE35}
    [2011/05/01 11:09:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2618B918-3D38-4062-A333-B749A5B988D7}
    [2011/04/30 11:08:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B090F0B1-6C8B-4A77-B552-266FFF566C30}
    [2011/04/28 21:06:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5121FE67-0CDC-443F-8DDF-09DFF402C8A1}
    [2011/04/28 09:05:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BCA05E37-E951-4AF7-9CD0-A48D002759D5}
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    :Services
    MEMSWEEP2

    :Reg

    :Files
    c:\windows\system32\A822.tmp
    c:\windows\system32\drivers\etc\lmhosts
    c:\users\Admin\AppData\Local\{5952DB83-E2E5-47E5-B008-F9B149C2147A}
    c:\users\Admin\AppData\Local\{B3ED886D-DDC9-4A99-A109-5F2B17109610}
    c:\users\Samai.Zeus\AppData\Local\{797DAF54-8200-44C1-B636-37405E0A66CA}
    C:\users\Samai.Zeus\AppData\Local\{47648DB7-C5A5-4241-8CC3-18FF543EB6D6}
    c:\users\Admin\AppData\Local\{42DD012B-9CD8-49B2-A33C-CDC0D33848CB}
    c:\users\Admin\AppData\Local\{4ED04698-788B-4C58-A1F9-F6CD4D43D272}
    c:\users\Admin\AppData\Local\{63171AE3-C8E2-4BCE-AC1A-B114FC861D51}
    c:\windows\AutoRearm
    c:\windows\AutoKMS
    c:\users\Admin\AppData\Local\{7A0EFAE3-9A64-46EA-A884-12AEB162AADF}
    c:\users\Admin\AppData\Local\{D8C8EA59-44AE-47E9-8DB8-6029ECCFDE35}
    c:\users\Admin\AppData\Local\{2618B918-3D38-4062-A333-B749A5B988D7}
    c:\windows\system32\A822.tmp
    c:\windows\system32\D95D.tmp
    c:\users\Admin\AppData\Local\{B090F0B1-6C8B-4A77-B552-266FFF566C30}
    c:\users\Dan\AppData\Local\{5071A85E-D005-42DF-82BC-0D8B606B5002}
    c:\users\Admin\AppData\Local\{5121FE67-0CDC-443F-8DDF-09DFF402C8A1}
    c:\users\Admin\AppData\Local\{BCA05E37-E951-4AF7-9CD0-A48D002759D5}
    c:\users\Admin\AppData\Local\{44222E2A-778C-454E-BAAA-23120A69D7CB}
    c:\users\Admin\AppData\Local\{426CFE15-1242-4E60-B139-497496D9BDFC}
    c:\users\Admin\AppData\Local\{7F253EB8-BC8D-4C51-B668-16AADD3C89CA}
    c:\users\Admin\AppData\Local\{7F7E047E-8E8B-495C-B06D-7235385FB04B}
    c:\users\Admin\AppData\Local\{D6C6A8BA-0E9C-4774-8FF5-765B43F7E542}
    c:\users\Admin\AppData\Local\{1899E1BC-BFAC-48A3-94D4-F04CBCCD9BD7}
    c:\users\Admin\AppData\Local\{A38E0263-6579-4387-A6C9-19E2F5F47632}
    c:\users\Admin\AppData\Local\{7E1ACB71-2829-4151-8C4E-4D9E1FAA58A4}
    c:\users\Admin\AppData\Local\{9F447BE6-ADA1-4F77-B74E-618826056B14}

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:
  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.


Next:
Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


I cleared some crack programs for adobe and/or MS Office, it would be advisable to activate them with the legit way...
  • 0

#9
DanoNH
Posted 23 May 2011 - 07:10 AM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Hi Michael,

Sorry about quoting the log files, and thanks again for your time and help. Thanks for letting me know about the Firefox settings. I am becoming more familiar with OTL and the fixes format...

Here is my OTL log after the quick scan:

OTL logfile created on: 5/23/2011 8:27:10 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Admin\Desktop\Clean
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 70.00% Memory free
16.00 Gb Paging File | 13.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 37.96 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
Drive D: | 233.42 Gb Total Space | 60.98 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 405.46 Gb Free Space | 43.53% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 574.41 Gb Free Space | 61.66% Space Free | Partition Type: NTFS

Computer Name: ZEUS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/22 02:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Clean\OTL.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/28 16:26:48 | 000,023,840 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2011/01/31 01:36:36 | 000,038,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/06 05:56:42 | 000,390,728 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 05:55:24 | 005,542,168 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/16 04:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe
PRC - [2010/10/22 01:36:04 | 003,291,360 | ---- | M] () -- C:\Program Files (x86)\Bitvise WinSSHD\sshdctrl.exe
PRC - [2010/10/13 23:02:02 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/03 20:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
PRC - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/09/15 06:00:50 | 000,624,640 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.76\aaCenter.exe


========== Modules (SafeList) ==========

MOD - [2011/05/22 02:48:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Clean\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/10/17 18:43:02 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/10/15 21:38:16 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/01/24 23:26:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/12/16 13:33:58 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/16 13:33:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/16 13:33:37 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/13 02:32:54 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 05:58:36 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/24 16:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/11/23 18:46:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/24 14:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/10/22 01:36:04 | 005,695,784 | ---- | M] (Bitvise) [Auto | Running] -- C:\Program Files (x86)\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD)
SRV - [2010/10/13 13:44:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 20:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 08:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2010/01/27 08:43:06 | 000,049,664 | ---- | M] (The Digital Lifestyle.com) [Auto | Running] -- C:\Program Files (x86)\The Digital Lifestyle.com\mcBackup 3.0\mceBackupService.exe -- (mceBackup Service)
SRV - [2009/09/21 21:19:22 | 002,963,960 | ---- | M] (Symantec) [Auto | Running] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe -- (SymSnapService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/03 00:12:30 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/04/03 00:12:30 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/04/03 00:12:30 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/04/03 00:12:30 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 13:33:38 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/12/13 02:32:57 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/12/13 02:32:37 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2010/12/13 02:32:21 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/12/13 02:31:33 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/17 18:42:58 | 000,145,512 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/10/13 11:57:09 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/10/06 07:12:35 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 13:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/06/11 11:51:24 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw89.sys -- (hcw89)
DRV:64bit: - [2010/05/31 11:31:10 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/05/31 11:30:44 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/12 08:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/01 23:03:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2009/09/21 21:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009/09/21 21:20:42 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009/08/25 00:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/07 14:03:40 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/05/31 11:31:10 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 98 E2 EE B0 14 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://danswebspot.c...onsulting.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {6D0612DB-D5D3-474f-959E-FA754CCA2B1B}:3.0.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.9
FF - prefs.js..extensions.enabledItems: {79fcaa13-5f29-4c33-aad7-6c48c175760a}:0.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0
FF - prefs.js..extensions.enabledItems: {d5eeb813-935a-435d-b01e-b3a02f2cb408}:0.9.2
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 0
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.1
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""

FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/14 00:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/05/22 02:46:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/28 21:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/28 21:30:23 | 000,000,000 | ---D | M]

[2010/10/13 21:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2011/05/22 18:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (ShowIP) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/04/02 01:15:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Page Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6D0612DB-D5D3-474f-959E-FA754CCA2B1B}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (zoomFox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}(2)
[2010/12/21 15:05:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011/04/02 01:17:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/13 21:01:56 | 000,000,000 | ---D | M] ("Universal Print") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}(16999)
[2011/01/21 23:07:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/04/02 01:17:45 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] (CLEO) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/04/02 01:17:33 | 000,000,000 | ---D | M] (CodeBurner for Firebug) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/18 23:49:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/10/13 21:01:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\foxmarks@kei(16945).com
[2011/05/05 21:45:32 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (Kempelton) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2011/05/22 18:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\staged
[2011/04/02 10:06:43 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\extensions\[email protected]
[2010/09/05 11:11:17 | 000,002,382 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fohbc6ei.default\searchplugins\aviary.xml
[2011/04/28 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/17 09:14:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2010/10/14 00:08:18 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{BE2100B3-1D80-48EB-ACCF-D26750644378}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{C6128004-4838-4708-9A97-BB172D17767D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FOHBC6EI.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/23 07:55:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinSSHD Activation State Checker] C:\Program Files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe (Bitvise)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk = C:\Program Files (x86)\Zinio Alert Messenger\Zinio Alert Messenger.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 07:04:11 | 000,000,000 | --SD | C] -- C:\Users\Admin\Documents\My Shapes
[2011/05/22 17:54:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EF560F4E-6786-4DDC-AB45-128DD2F705E3}
[2011/05/22 11:48:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\GooredFix Backups
[2011/05/22 11:09:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/22 10:46:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/22 09:13:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/22 09:13:14 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/22 08:24:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/22 08:24:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/22 08:24:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/22 08:23:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/22 08:21:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/22 02:49:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Clean
[2011/05/16 23:33:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/16 23:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/05/16 23:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Game Studios
[2011/05/16 23:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2011/05/16 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft Game Studios
[2011/05/14 11:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/05/14 11:43:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/05/14 11:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/05/14 11:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/05/14 11:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/06 22:06:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SKIDROW
[2011/05/06 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\dwhelper
[2011/05/06 01:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011/05/06 01:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEStudio
[2011/05/06 00:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011/05/05 23:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/05 23:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/01 07:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/01 07:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/04/28 20:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/04/28 20:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/04/28 12:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/28 06:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/04/28 04:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/28 04:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/28 04:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/04/26 00:50:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2011/04/26 00:50:04 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/04/26 00:49:53 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/04/26 00:49:53 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/04/26 00:49:53 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/04/26 00:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/23 23:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/23 23:32:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/23 17:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2011/05/23 08:31:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 08:31:27 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/23 08:23:04 | 000,000,632 | RHS- | M] () -- C:\Users\Admin\ntuser.pol
[2011/05/23 08:23:02 | 000,001,112 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zinio Alert Messenger.lnk
[2011/05/23 08:22:19 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/05/23 08:21:42 | 2146,246,655 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/23 08:08:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001UA.job
[2011/05/23 07:56:53 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2011/05/23 07:55:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/05/22 23:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2045766283-185155172-3896411630-1001Core.job
[2011/05/22 20:11:05 | 000,001,425 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_WithAdobeEntries
[2011/05/22 20:11:05 | 000,001,425 | ---- | M] () -- C:\Users\Admin\Desktop\hosts_WithAdobeEntries
[2011/05/22 20:08:53 | 000,000,783 | ---- | M] () -- C:\Users\Admin\Desktop\hosts
[2011/05/22 19:55:22 | 000,001,245 | ---- | M] () -- C:\Users\Admin\Desktop\etc - Shortcut.lnk
[2011/05/22 19:49:19 | 000,001,117 | ---- | M] () -- C:\Users\Admin\Desktop\procexp.exe - Shortcut.lnk
[2011/05/22 02:03:13 | 000,002,062 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/05/18 16:30:00 | 000,000,600 | ---- | M] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2011/05/18 14:26:15 | 000,002,122 | ---- | M] () -- C:\Users\Admin\Desktop\Apollo.rdp
[2011/05/17 03:36:42 | 000,001,081 | ---- | M] () -- C:\Users\Admin\Desktop\putty.exe - Shortcut.lnk
[2011/05/17 03:22:48 | 000,006,972 | ---- | M] () -- C:\Users\Admin\Desktop\How_do_I_create_a_cron_job.pdf
[2011/05/16 22:41:59 | 000,658,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/16 22:41:59 | 000,118,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/16 22:41:58 | 000,771,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/15 16:22:56 | 000,016,621 | ---- | M] () -- C:\Users\Admin\Desktop\dn3251e951223626f6264f.pdf
[2011/05/14 11:45:03 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/05/13 15:09:19 | 000,002,393 | ---- | M] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2011/05/06 01:42:37 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/06 01:37:33 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2011/04/29 23:34:28 | 000,000,132 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/29 22:40:49 | 000,001,456 | ---- | M] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/29 21:12:58 | 005,054,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/28 21:30:33 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/28 12:14:26 | 000,433,443 | ---- | M] () -- C:\Users\Admin\Desktop\hosts_WithAdobeAndSpybotEntries
[2011/04/28 12:14:26 | 000,433,443 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110430-180622.backup
[2011/04/28 06:19:28 | 000,001,470 | ---- | M] () -- C:\Users\Admin\Desktop\iexplore - Shortcut.lnk
[2011/04/28 04:41:41 | 000,001,345 | ---- | M] () -- C:\Users\Admin\Desktop\SpybotSD - Shortcut.lnk
[2011/04/23 17:14:15 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:11 | 005,635,094 | ---- | M] () -- C:\Users\Admin\Desktop\Sneakers.mp3

========== Files Created - No Company Name ==========

[2011/05/22 20:11:05 | 000,001,425 | ---- | C] () -- C:\Users\Admin\Desktop\hosts_WithAdobeEntries
[2011/05/22 19:55:22 | 000,001,245 | ---- | C] () -- C:\Users\Admin\Desktop\etc - Shortcut.lnk
[2011/05/22 19:49:19 | 000,001,117 | ---- | C] () -- C:\Users\Admin\Desktop\procexp.exe - Shortcut.lnk
[2011/05/22 08:24:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/22 08:24:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/22 08:24:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/22 08:24:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/22 08:24:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/17 03:36:42 | 000,001,081 | ---- | C] () -- C:\Users\Admin\Desktop\putty.exe - Shortcut.lnk
[2011/05/17 03:24:35 | 000,000,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\PUTTY.RND
[2011/05/17 03:23:00 | 000,006,972 | ---- | C] () -- C:\Users\Admin\Desktop\How_do_I_create_a_cron_job.pdf
[2011/05/15 16:23:04 | 000,016,621 | ---- | C] () -- C:\Users\Admin\Desktop\dn3251e951223626f6264f.pdf
[2011/05/14 11:43:51 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/05/14 11:24:00 | 000,004,096 | -HS- | C] () -- C:\VSNAP.IDX
[2011/05/06 01:42:37 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011/05/06 01:37:33 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2011/05/04 21:32:07 | 000,002,393 | ---- | C] () -- C:\Users\Admin\Desktop\Google Chrome.lnk
[2011/04/29 23:34:28 | 000,000,132 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/28 21:30:33 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/28 21:30:33 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/28 20:40:52 | 000,001,412 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/04/28 20:40:51 | 000,001,446 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/28 06:19:28 | 000,001,470 | ---- | C] () -- C:\Users\Admin\Desktop\iexplore - Shortcut.lnk
[2011/04/28 04:41:43 | 000,001,345 | ---- | C] () -- C:\Users\Admin\Desktop\SpybotSD - Shortcut.lnk
[2011/04/27 19:57:09 | 000,433,443 | ---- | C] () -- C:\Users\Admin\Desktop\hosts_WithAdobeAndSpybotEntries
[2011/04/27 19:57:09 | 000,000,783 | ---- | C] () -- C:\Users\Admin\Desktop\hosts
[2011/04/23 17:14:15 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/04/23 17:05:10 | 005,635,094 | ---- | C] () -- C:\Users\Admin\Desktop\Sneakers.mp3
[2011/04/22 22:00:40 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/25 23:08:03 | 000,002,062 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/12/23 18:29:38 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/23 18:45:12 | 000,189,480 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/23 18:45:10 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/11/23 18:45:09 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/11 21:12:32 | 000,007,610 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/11/04 18:58:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/04 18:58:59 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/04 18:58:04 | 000,026,728 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/10/26 22:14:27 | 000,000,163 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PLGComp.ini
[2010/10/15 08:40:11 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/10/15 03:07:36 | 000,746,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/13 13:32:27 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2010/10/13 13:31:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/10/13 13:31:37 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/13 12:14:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/11 00:42:26 | 000,001,456 | ---- | C] () -- C:\Users\Admin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 19:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/13 00:38:41 | 000,022,328 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\PnkBstrK.sys
[2009/03/11 19:50:10 | 000,000,105 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\default.pls
[2007/12/28 03:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/10/13 20:59:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acronis
[2011/05/16 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\App Launcher Gadget
[2010/11/04 07:34:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Autodesk
[2011/04/03 13:37:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010/12/18 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/13 21:00:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ContentGuard
[2010/11/20 18:33:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlashGet
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GetRightToGo
[2010/11/04 07:34:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GlarySoft
[2011/03/25 08:47:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Hive Cluster
[2010/12/31 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImgBurn
[2010/11/04 07:37:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2009/04/16 01:03:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\iTSfv
[2010/10/13 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Network Associates
[2011/04/03 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2010/10/07 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenDNS Updater
[2010/11/04 07:34:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/10/13 22:03:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Prish
[2011/03/08 23:59:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Rovio
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2010/11/20 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\StreamTorrent
[2010/10/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Subversion
[2010/11/04 07:37:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010/12/13 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thinstall
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ulead Systems
[2009/04/10 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2011/05/14 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VSO
[2010/10/13 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/10/13 23:02:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioAlertMessenger.9310D8F796442B71068C511E15D70529A702D19D.1
[2010/10/13 22:55:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/05/23 08:22:19 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/20 10:16:47 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Here is my WVCheck file:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0838_23-05-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last Success Time for Update Detection: 2011-05-22 23:30:35
Last Success Time for Update Download: 2011-05-13 17:46:32
Last Success Time for Update Installation: 2011-05-13 18:04:46


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Users\Admin\Documents\Tech Tips\Windows\WinXP product activation cracked.doc
Size: 21504 bytes
Creation; 18/3/2009 22:39:49
Modification; 6/12/2002 1:35:44
MD5; 0d213c8fc052fe335dd4d4d2c39d961d
Matched: The words 'winXP' and 'crack' in one sentence.
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 26/2/2011 10:58:36
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 26/2/2011 10:58:36
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 19:52:11
Modification; 13/7/2009 21:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 9/2/2011 15:29:34
Modification; 21/12/2010 1:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 9/2/2011 15:29:34
Modification; 21/12/2010 1:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 26/2/2011 10:59:4
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 15:29:34
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 15:29:34
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 26/2/2011 10:58:36
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
E:\My Backups\RecoveredFrom22Dec2010Archive\Drive©\Users\Admin\Documents\Tech Tips\Windows\WinXP product activation cracked.doc
Size: 21504 bytes
Creation; 18/3/2009 22:39:49
Modification; 6/12/2002 1:35:44
MD5; 0d213c8fc052fe335dd4d4d2c39d961d
Matched: The words 'winXP' and 'crack' in one sentence.
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 0852_23-05-2011 --------

And here is the contents of my CKFiles.txt file:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\program files (x86)\electronic arts\shift 2 unleashed\gui\glass_cracks.bspr
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\english\en_mp_cracked.ff
c:\users\admin\documents\tech tips\security\passwordcrackinginfo.pdf
c:\users\admin\documents\tech tips\windows\winxp product activation cracked.doc
c:\users\admin\documents\unh\senior project\web+otherdocs\cracking thin air.pdf
c:\users\admin\documents\unh\senior project\web+otherdocs\researchers crack 802.1x.doc
scanner sequence 3.DK.11
----- EOF -----


I am very interested in learning more about this whole process. Where can I learn about what tools to use and how to do these things myself?

Thank you again,
Dan
  • 0

#10
michaelg9
Posted 23 May 2011 - 08:14 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

If you want to learn how to remove malware, click this link. Otherwise, it wouldn't be advisable to use these tools without an expert's help, because you may damage your computer.


Is your copy of Windows 7 genuine?

How's your computer running and are there any other problems?

Please answer me these questions before we proceed
  • 0

Advertisements

#11
DanoNH
Posted 23 May 2011 - 08:43 AM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Hello Michael,

My computer seems good so far. Yes, my copy of Windows 7 Ultimate is genuine.

The only thing I see right now (and it's not really security or malware-related) is that my desktop gadgets don't appear automatically after a reboot unless I right-click on the desktop and select Gadgets. Then I have to close the Gadgets window.

Other than that, so far, so good. Thank you again very much.

-Dan
  • 0

#12
michaelg9
Posted 23 May 2011 - 02:47 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

If I understand your problem correct, then the solution is easy. Just place a shortcut of sidebar to the startup folder. Read here how to do it


Let's confirm you're clean:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#13
DanoNH
Posted 23 May 2011 - 09:52 PM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Here is the MBAM log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6658

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/23/2011 10:19:28 PM
mbam-log-2011-05-23 (22-19-28).txt

Scan type: Quick scan
Objects scanned: 208671
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

According to MBAM, the machine appears to be officially clear of malware. Thank you so much for your time and assistance, Michael!
  • 0

#14
michaelg9
Posted 24 May 2011 - 01:59 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Congratulations! Your logs are clean! :unsure: Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.
  • Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
  • Click on the CleanUp! button and follow the prompts.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
  • After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image

Next:


Make your Internet Explorer more secure - Internet Explorer is not the most secure browser you can use, but as long as it exists on your system, take these simple steps to make it more secure:
From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialize and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Now navigate to Advanced tab and select:
  • Empty temporary Internet files folder when browser is closed.
Next press the Apply button and then the OK to exit the Internet Properties page.


Next:


Use Firefox instead of Internet Explorer, as most of malware are exploiting Internet Explorer's vulnerabilities, with Firefox you will be more secure.
Note: If you are going to use Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Next:


Antivirus - No need to explain how important is the use of ONE antivirus. It is not recommended to run more than one firewall or anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other
If you already have one installed, keep it.


Next:


Firewall - Another very important security tool called firewall. The are my recommendations, however you must use only one:
If you already have one installed, keep it.


Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • Javacool's SpywareBlaster: - It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.
    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)

    Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
    Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial


Next:


Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.


Next:


Posted ImageUpgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE).
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the file and select "Run as an Administrator.")


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :)
  • 0

#15
DanoNH
Posted 24 May 2011 - 05:26 AM

DanoNH

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,155 posts
Excellent, thank you!

I have a few comments/questions:

Is there any reputable or worthwhile No Script extension for the Google Chrome web browser? I found NotScripts, but it is somewhat convoluted and requires you to manually edit a file in your Chrome profile folder to insert a password.



Next:


Uninstall ComboFix from your computer:
Click on Start > Run
Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.

Every time I tried this, Combofix would run and want to scan all over again. I'm not sure if it's completely gone yet, but maybe.



Next:


Automatic Updates for Windows
Click Start.
Select Settings and then Control Panel.
Select Automatic Updates.
Click Automatic (recommended)
Choose a day and a time when you know the computer will be on and connected to the internet.
Click Apply then OK.

I have custom hardware in this machine such as a TV tuner, dual SLI video cards, etc. I have had a big problem before when blindly accepting driver updates, so I set this so I can review the packages first on all of my computers. Just a personal preference...



Next:


Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

I do not believe that there is a Recovery Console option in Windows 7; it is called Startup Repair.


I was a long-time Firefox user (from the beta days), but Chrome lured me in. Now, with the release of FF4, I am tempted to switch back... I actually have and use it, just not as the default browser. Kind of feel like I'm cheating on FF with Chrome, actually. LOL

Oh, and FYI I have applied to GeekU because of my interest and fascination with this entire process, and my interest in helping others. :)


Thanks again,
Dan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP