Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Quick Screen flashes, maxxed out, can't run otl even is safemode.

Started by cradl , Jun 07 2011 10:35 PM

This topic is locked

#1
cradl

Posted 07 June 2011 - 10:35 PM

Member

Member
279 posts

Ok i have been noticing some screen flashing alot. Pages load and system opens up drives slower. As if someone else was on network... Came home yesterday and noticed Mbam was going nuts in systray. block,block,.... Roommate was on and said "well it poped up asking if you wanted to update" (bit torrent, 'even on system)Got online and redirect after redirect, popups, popups. Uninstalled it and reset homepage. (FF not IE). looked at logs alot of unidentified logons... ran mbytes nothing, spyware blaster nothing, security essentials nothing, hijack this log alot of messed up things haven't seen before. Tried to run OTL all three versions and non responsive on "scanning firefox" even in safemode without networking. Tried sys restore and said there were none, I know there were I created some a couple days ago. Windows firewall was not runing also nor could I get it to run... So I downloaded "VIPRER" ran it. Had to go to work came home and roomy must have closed it out after finish and also ran CC. Have logs for VIPRER if needed and will run HJT. System is a little better but still jerky and sluggish. Don't notice screen flash. Oh ya had to run REVO uninstaller to get rid of bittorrent.

#2
Essexboy

Posted 08 June 2011 - 06:06 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets try something different

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTS to your Desktop and double-click on it to run it

Make sure you close all other programs and don't use the PC while the scan runs.
Select All Users
Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
When the scan is complete Notepad will open with the report file loaded in it.
Please attach the log in your next post.

#3
cradl

Posted 08 June 2011 - 11:59 AM

Member

Topic Starter
Member
279 posts

Here you go.

OTS logfile created on: 6/8/2011 1:28:15 PM - Run 1
OTS by OldTimer - Version 3.1.43.0 Folder = C:\Users\AMUN-RE\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.89 Gb Total Space | 7.07 Gb Free Space | 7.15% Space Free | Partition Type: NTFS
Drive D: | 90.93 Gb Total Space | 40.18 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 1863.01 Gb Total Space | 976.63 Gb Free Space | 52.42% Space Free | Partition Type: NTFS
Computer Name: SIA
Current User Name: AMUN-RE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.scr -> C:\Users\AMUN-RE\Desktop\OTS.scr -> [2011/06/08 13:23:49 | 000,645,632 | ---- | M] (OldTimer Tools)
mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
nlssrv32.exe -> C:\Windows\System32\nlssrv32.exe -> [2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.)
motohelperservice.exe -> C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -> [2011/04/26 16:23:02 | 000,223,088 | ---- | M] ()
motohelperagent.exe -> C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe -> [2011/04/26 16:22:44 | 000,681,840 | ---- | M] ()
atieclxx.exe -> C:\Windows\System32\atieclxx.exe -> [2011/04/19 22:04:36 | 000,393,216 | ---- | M] (AMD)
atiesrxx.exe -> C:\Windows\System32\atiesrxx.exe -> [2011/04/19 22:04:06 | 000,176,128 | ---- | M] (AMD)
btwdins.exe -> C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -> [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.)
ramaint.exe -> C:\Program Files\LogMeIn\x86\ramaint.exe -> [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.)
lmiguardiansvc.exe -> C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -> [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.)
explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
memeobackgroundservice.exe -> C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -> [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation)
taskhost.exe -> C:\Windows\System32\taskhost.exe -> [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation)
logmein.exe -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.)
filezilla server.exe -> C:\Program Files\FileZilla Server\FileZilla server.exe -> [2010/10/17 15:38:42 | 000,742,912 | ---- | M] (FileZilla Project)
bservice.exe -> C:\Program Files\Roxio\BackOnTrack\App\BService.exe -> [2010/09/13 13:02:00 | 000,039,408 | ---- | M] ()
memeodashboard.exe -> C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe -> [2010/04/30 10:47:00 | 000,069,896 | ---- | M] (Memeo)
seagatedashboardservice.exe -> C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo)
nusb3mon.exe -> C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe -> [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)
saibsvc.exe -> C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -> [2009/06/02 20:05:58 | 000,457,200 | ---- | M] ()
[Modules - Safe List]
ots.scr -> C:\Users\AMUN-RE\Desktop\OTS.scr -> [2011/06/08 13:23:49 | 000,645,632 | ---- | M] (OldTimer Tools)
sspicli.dll -> C:\Windows\System32\sspicli.dll -> [2010/11/20 08:21:26 | 000,100,352 | ---- | M] (Microsoft Corporation)
samcli.dll -> C:\Windows\System32\samcli.dll -> [2010/11/20 08:21:04 | 000,051,200 | ---- | M] (Microsoft Corporation)
netutils.dll -> C:\Windows\System32\netutils.dll -> [2010/11/20 08:20:29 | 000,022,528 | ---- | M] (Microsoft Corporation)
kernelbase.dll -> C:\Windows\System32\KernelBase.dll -> [2010/11/20 08:19:26 | 000,288,256 | ---- | M] (Microsoft Corporation)
cfgmgr32.dll -> C:\Windows\System32\cfgmgr32.dll -> [2010/11/20 08:18:12 | 000,145,920 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll -> [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation)
sechost.dll -> C:\Windows\System32\sechost.dll -> [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation)
profapi.dll -> C:\Windows\System32\profapi.dll -> [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation)
dwmapi.dll -> C:\Windows\System32\dwmapi.dll -> [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation)
devobj.dll -> C:\Windows\System32\devobj.dll -> [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation)
cryptbase.dll -> C:\Windows\System32\cryptbase.dll -> [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
(XJMHNDO) XJMHNDO [On_Demand | Stopped] -> C:\Windows\Temp\XJMHNDO.exe -> [2011/06/06 15:30:13 | 000,433,024 | ---- | M] (Sysinternals - www.sysinternals.com)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation)
(nlsX86cc) Nalpeiron Licensing Service [Auto | Running] -> C:\Windows\System32\nlssrv32.exe -> [2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.)
(MotoHelper) MotoHelper Service [Auto | Running] -> C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -> [2011/04/26 16:23:02 | 000,223,088 | ---- | M] ()
(Adobe Version Cue CS4) Adobe Version Cue CS4 [On_Demand | Stopped] -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -> [2011/04/26 15:46:24 | 000,288,112 | ---- | M] (Adobe Systems Incorporated)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2011/04/26 13:28:59 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(AMD External Events Utility) AMD External Events Utility [Auto | Running] -> C:\Windows\System32\atiesrxx.exe -> [2011/04/19 22:04:06 | 000,176,128 | ---- | M] (AMD)
(btwdins) Bluetooth Service [Auto | Running] -> C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -> [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.)
(Firefox Service) Firefox Service [Auto | Stopped] -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]\svc.exe -> [2011/03/09 20:07:10 | 000,083,456 | ---- | M] ()
(LMIMaint) LogMeIn Maintenance Service [Auto | Running] -> C:\Program Files\LogMeIn\x86\RaMaint.exe -> [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.)

(LMIGuardianSvc) LMIGuardianSvc [Auto | Running] -> C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -> [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.)

(FontCache) Windows Font Cache Service [Auto | Running] -> C:\Windows\System32\FntCache.dll -> [2011/02/19 02:30:54 | 000,805,376 | ---- | M] (Microsoft Corporation)

(MemeoBackgroundService) MemeoBackgroundService [Auto | Running] -> C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -> [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo)

(WatAdminSvc) Windows Activation Technologies Service [Unknown | Stopped] -> C:\Windows\System32\Wat\WatAdminSvc.exe -> [2011/01/03 18:50:40 | 001,343,400 | ---- | M] (Microsoft Corporation)

(Power) Power [Auto | Running] -> C:\Windows\System32\umpo.dll -> [2010/11/20 08:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation)

(sppuinotify) SPP Notification Service [On_Demand | Stopped] -> C:\Windows\System32\sppuinotify.dll -> [2010/11/20 08:21:24 | 000,053,760 | ---- | M] (Microsoft Corporation)

(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\System32\provsvc.dll -> [2010/11/20 08:20:57 | 000,165,376 | ---- | M] (Microsoft Corporation)

(HomeGroupListener) HomeGroup Listener [On_Demand | Running] -> C:\Windows\System32\ListSvc.dll -> [2010/11/20 08:19:28 | 000,194,560 | ---- | M] (Microsoft Corporation)

(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\System32\dhcpcore.dll -> [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation)

(AxInstSV) ActiveX Installer (AxInstSV) [On_Demand | Stopped] -> C:\Windows\System32\AxInstSv.dll -> [2010/11/20 08:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)

(sppsvc) Software Protection [Auto | Stopped] -> C:\Windows\System32\sppsvc.exe -> [2010/11/20 08:17:30 | 003,179,520 | ---- | M] (Microsoft Corporation)

(NisSrv) Microsoft Network Inspection [On_Demand | Stopped] -> C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -> [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation)

(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation)

(LogMeIn) LogMeIn [Auto | Running] -> C:\Program Files\LogMeIn\x86\LogMeIn.exe -> [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.)

(FileZilla Server) FileZilla Server FTP server [Auto | Running] -> C:\Program Files\FileZilla Server\FileZilla Server.exe -> [2010/10/17 15:38:42 | 000,742,912 | ---- | M] (FileZilla Project)

(BOT4Service) BOT4Service [Auto | Running] -> C:\Program Files\Roxio\BackOnTrack\App\BService.exe -> [2010/09/13 13:02:00 | 000,039,408 | ---- | M] ()

(RoxWatch12) Roxio Hard Drive Watcher 12 [Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -> [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions)

(RoxMediaDB13) RoxMediaDB13 [On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -> [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions)

(SeagateDashboardService) Seagate Dashboard Service [Auto | Running] -> C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -> [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo)

(WwanSvc) WWAN AutoConfig [On_Demand | Stopped] -> C:\Windows\System32\wwansvc.dll -> [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation)

(WbioSrvc) Windows Biometric Service [On_Demand | Stopped] -> C:\Windows\System32\wbiosrvc.dll -> [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)

(Themes) Themes [Auto | Running] -> C:\Windows\System32\themeservice.dll -> [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)

(RpcEptMapper) RPC Endpoint Mapper [Unknown | Running] -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)

(SensrSvc) Adaptive Brightness [On_Demand | Stopped] -> C:\Windows\System32\sensrsvc.dll -> [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation)

(PeerDistSvc) BranchCache [On_Demand | Stopped] -> C:\Windows\System32\PeerDistSvc.dll -> [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation)

(PNRPsvc) Peer Name Resolution Protocol [On_Demand | Running] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)

(p2pimsvc) Peer Networking Identity Manager [On_Demand | Running] -> C:\Windows\System32\pnrpsvc.dll -> [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation)

(PNRPAutoReg) PNRP Machine Name Publication Service [On_Demand | Stopped] -> C:\Windows\System32\pnrpauto.dll -> [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation)

(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)

(defragsvc) Disk Defragmenter [On_Demand | Stopped] -> C:\Windows\System32\defragsvc.dll -> [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)

(BDESVC) BitLocker Drive Encryption Service [Unknown | Stopped] -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)

(AppIDSvc) Application Identity [On_Demand | Stopped] -> C:\Windows\System32\appidsvc.dll -> [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation)

(9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) Roxio SAIB Service [Auto | Running] -> C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -> [2009/06/02 20:05:58 | 000,457,200 | ---- | M] ()

(WcesComm) Windows Mobile-2003-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation)

(RapiMgr) Windows Mobile-based device connectivity [Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]

(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)

(atikmdag) atikmdag [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2011/04/19 22:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.)

(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmdag.sys -> [2011/04/19 22:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.)

(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atikmpag.sys -> [2011/04/19 21:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.)

(dc3d) MS Hardware Device Detection Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\dc3d.sys -> [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation)

(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> C:\Windows\System32\LMIRfsClientNP.dll -> [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.)

(vmbus) Virtual Machine Bus [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmbus.sys -> [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation)

(storflt) Disk Virtual Machine Bus Acceleration Filter Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vmstorfl.sys -> [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation)

(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\storvsc.sys -> [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation)

(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\vhdmp.sys -> [2010/11/20 08:30:14 | 000,160,128 | ---- | M] (Microsoft Corporation)

(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\System32\drivers\rdyboost.sys -> [2010/11/20 08:30:10 | 000,173,440 | ---- | M] (Microsoft Corporation)

(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\hwpolicy.sys -> [2010/11/20 08:29:53 | 000,014,208 | ---- | M] (Microsoft Corporation)

(TsUsbFlt) TsUsbFlt [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\TsUsbFlt.sys -> [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation)

(RdpVideoMiniport) Remote Desktop Video Miniport Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\rdpvideominiport.sys -> [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation)

(RMCAST) Reliable Multicast Protocol [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rmcast.sys -> [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation)

(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Running] -> C:\Windows\system32\drivers\1394ohci.sys -> [2010/11/20 06:01:12 | 000,164,864 | ---- | M] (Microsoft Corporation)

(WinUsb) WinUsb [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\winusb.sys -> [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation)

(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\system32\drivers\CompositeBus.sys -> [2010/11/20 05:50:21 | 000,031,232 | ---- | M] (Microsoft Corporation)

(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\System32\drivers\scfilter.sys -> [2010/11/20 05:24:56 | 000,026,624 | ---- | M] (Microsoft Corporation)

(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\VMBusHID.sys -> [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation)

(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\vms3cap.sys -> [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation)

(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\acpipmi.sys -> [2010/11/20 04:47:55 | 000,010,240 | ---- | M] (Microsoft Corporation)

(SBRE) SBRE [Kernel | System | Running] -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software)

(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation)

(MpNWMon) Microsoft Malware Protection Network Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\MpNWMon.sys -> [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation)

(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> C:\Windows\System32\drivers\LMIRfsDriver.sys -> [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.)

(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> C:\Program Files\LogMeIn\x86\rainfo.sys -> [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.)

(radpms) Driver for RADPMS Device [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\radpms.sys -> [2010/09/17 15:39:58 | 000,013,408 | ---- | M] (LogMeIn, Inc.)

(ivusb) Initio Driver for USB Default Controller [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ivusb.sys -> [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation)

(FsUsbExDisk) FsUsbExDisk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\FsUsbExDisk.Sys -> [2010/06/14 10:32:54 | 000,036,608 | ---- | M] ()

(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(nusb3xhc) Renesas Electronics USB 3.0 Host Controller Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nusb3xhc.sys -> [2010/04/27 10:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation)

(nusb3hub) Renesas Electronics USB 3.0 Hub Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nusb3hub.sys -> [2010/04/27 10:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation)

(btusbflt) Bluetooth USB Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\btusbflt.sys -> [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.)

(SCDEmu) SCDEmu [Kernel | System | Running] -> C:\Windows\System32\drivers\scdemu.sys -> [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.)

(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

(RTL8187) Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\RTL8187.sys -> [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation )

(yukonw7) NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\yk62x86.sys -> [2009/09/28 10:22:00 | 000,315,392 | ---- | M] ()

(AsIO) AsIO [Kernel | System | Running] -> C:\Windows\System32\drivers\AsIO.sys -> [2009/08/04 11:28:18 | 000,011,296 | ---- | M] ()

(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\ASACPI.sys -> [2009/07/16 12:36:30 | 000,013,216 | ---- | M] ()

(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\ksecpkg.sys -> [2009/07/13 21:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation)

(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\fsdepends.sys -> [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation)

(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\system32\drivers\vdrvroot.sys -> [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation)

(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\System32\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)

(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\System32\drivers\pcw.sys -> [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation)

(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\cng.sys -> [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation)

(WSDPrintDevice) WSD Print Support via UMB [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\WSDPrint.sys -> [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation)

(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\rdpbus.sys -> [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation)

(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\System32\drivers\RDPREFMP.sys -> [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation)

(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\agilevpn.sys -> [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation)

(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\System32\drivers\wfplwf.sys -> [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation)

(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ndiscap.sys -> [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation)

(vwifimp) Microsoft Virtual WiFi Miniport Service [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\vwifimp.sys -> [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation)

(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\vwififlt.sys -> [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation)

(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\vwifibus.sys -> [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation)

(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\umpass.sys -> [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation)

(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mshidkmdf.sys -> [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation)

(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\MTConfig.sys -> [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation)

(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\System32\drivers\discache.sys -> [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation)

(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\DRIVERS\amdppm.sys -> [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation)

(motandroidusb) Mot ADB Interface Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\motoandroid.sys -> [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola)

(SaibVd32) Virtual Disk Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\SaibVd32.sys -> [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions)

(SahdIa32) HDD Filter Driver [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\SahdIa32.sys -> [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions)

(SaibIa32) Volume Filter Driver [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\SaibIa32.sys -> [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions)

(Si3114r5) SiI-3114 SoftRaid 5 Controller [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\Si3114r5.sys -> [2008/04/29 18:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc)

(SiFilter) SATALink driver accelerator [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\SiWinAcc.sys -> [2008/04/29 18:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.)

(SiRemFil) SATALink External Device Filter [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\SiRemFil.sys -> [2008/04/29 18:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.)

(qcusbser) Qualcomm USB Device for Legacy Serial Communication [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\qcusbser.sys -> [2007/04/27 19:20:44 | 000,275,968 | ---- | M] (QUALCOMM Incorporated)

(W8100XP) Marvell Libertas 802.11b/g SoftAP Driver for Windows XP [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mrv8ka51.sys -> [2005/01/06 12:18:40 | 000,310,656 | ---- | M] ()

(cmudax) C-Media High Definition Audio Interface [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\cmudax.sys -> [2004/10/21 20:56:08 | 001,275,584 | ---- | M] (C-Media Inc.)

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->

< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->

HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->

HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->

HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->

< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: Main\\"Start Page Redirect Cache" -> http://www.msn.com/ ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-US ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> 11 14 31 14 F0 0D CC 01 [binary data] ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: URLSearchHooks\\"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: "ProxyEnable" -> 0 ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\: "ProxyOverride" -> 192.168.*.*;*.local ->

< FireFox Settings [Prefs.js] > -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\FireFox\Profiles\jatfysgo.default\prefs.js ->

browser.search.defaultthis.engineName -> " " ->

browser.search.defaulturl -> "http://search.condui...={searchTerms}" ->

browser.search.selectedEngine -> " " ->

browser.search.useDBForOrder -> true ->

browser.startup.homepage -> "www.google.com" ->

extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 ->

extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 ->

extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 ->

extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 ->

extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->

extensions.enabledItems -> [email protected]:1.0.0.652 ->

extensions.enabledItems -> {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 ->

extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 ->

keyword.URL -> "http://search.condui...d=CT2790392&q=" ->

network.proxy.type -> 0 ->

< FireFox Settings [User.js] > -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\FireFox\Profiles\jatfysgo.default\user.js ->

< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla

HKLM\software\mozilla\Firefox\Extensions -> ->

HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2011/03/19 12:00:14 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions -> ->

HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/06 02:24:42 | 000,000,000 | ---D | M]

HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/06 02:24:42 | 000,000,000 | ---D | M]

< FireFox Extensions [User Folders] > ->

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Extensions -> [2011/01/11 04:42:06 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions -> [2011/06/06 10:21:28 | 000,000,000 | ---D | M]

BiosAgentPlus Plugin for Firefox and Opera -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{1B9B9C44-7E38-4680-B7F9-5482F4950E71} -> [2011/05/16 18:12:11 | 000,000,000 | ---D | M]

BitTorrentBar Community Toolbar -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} -> [2011/06/06 10:21:28 | 000,000,000 | ---D | M]

DownloadHelper -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2011/04/21 05:57:31 | 000,000,000 | ---D | M]

Download Statusbar -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2011/04/21 05:57:31 | 000,000,000 | ---D | M]

Adobe DLM (powered by getPlus®) -> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2011/04/21 05:57:31 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected] -> [2011/06/06 10:21:29 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected] -> [2011/05/14 11:43:21 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected] -> [2011/04/21 05:57:31 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\nostmp -> [2011/05/06 02:24:52 | 000,000,000 | ---D | M]

-> C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected] -> [2011/05/23 16:39:10 | 000,000,000 | ---D | M]

< FireFox SearchPlugins [User Folders] > ->

< FireFox Extensions [Program Folders] > ->

-> C:\Program Files\Mozilla Firefox\extensions -> [2011/05/09 13:37:54 | 000,000,000 | ---D | M]

Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2011/05/09 13:37:55 | 000,000,000 | ---D | M]

Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/25 12:42:57 | 000,000,000 | ---D | M]

No name found -> -> File not found

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI -> ()

Conduit Engine -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> [2011/06/06 10:21:29 | 000,000,000 | ---D | M]

Ghostery -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> [2011/05/14 11:43:21 | 000,000,000 | ---D | M]

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> ()

LogMeIn, Inc. Remote Access Plugin -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> [2011/04/21 05:57:31 | 000,000,000 | ---D | M]

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> ()

No name found -> C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected] -> ()

< HOSTS File > ([2009/06/10 17:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts ->

Reset Hosts

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->

{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

"" -> [] -> File not found

"Adobe_ID0ENQBO" -> C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE] -> [2008/08/15 05:46:20 | 000,378,224 | ---- | M] (Adobe Systems Incorporated)

"AdobeCS4ServiceManager" -> C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2011/04/26 15:28:34 | 000,611,712 | ---- | M] (Adobe Systems Incorporated)

"Cmaudio" -> [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found

"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation)

"MSC" -> C:\Program Files\Microsoft Security Client\msseces.exe ["C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation)

"NUSB3MON" -> C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe ["C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe"] -> [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation)

"Seagate Dashboard" -> C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui] -> [2010/04/30 10:47:02 | 000,079,112 | ---- | M] ()

"StartCCC" -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2011/04/19 22:11:22 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.)

< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 21:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)

< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->

"mctadmin" -> C:\Windows\System32\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> [2009/07/13 21:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation)

< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

\\"ConsentPromptBehaviorAdmin" -> [5] -> File not found

\\"ConsentPromptBehaviorUser" -> [3] -> File not found

\\"PromptOnSecureDesktop" -> [0] -> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats

< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Internet Explorer\MenuExt\ ->

Append Link Target to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Append to Existing PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Convert Link Target to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Convert to Adobe PDF -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2010/09/22 18:09:18 | 000,349,640 | ---- | M] (Adobe Systems Incorporated)

Send image to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm] -> [2008/12/10 11:36:32 | 000,001,430 | ---- | M] ()

Send page to &Bluetooth Device... -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm] -> [2009/08/24 23:43:00 | 000,004,037 | ---- | M] ()

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222] -> [2007/05/31 09:21:16 | 000,176,520 | ---- | M] (Microsoft Corporation)

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223] -> [2007/05/31 09:21:16 | 000,176,520 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015] -> [2009/08/24 23:43:00 | 000,004,037 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650] -> [2009/08/24 23:43:00 | 000,004,037 | ---- | M] ()

< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Internet Explorer\Extensions\ ->

CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015] -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->

< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix

"" -> http://

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4982 domain(s) found. ->

< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\] > -> HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->

HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_22] ->

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->

DhcpNameServer -> 192.168.2.1 74.128.19.102 74.128.17.114 ->

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{1CEB6A82-2669-4332-A952-AFCC39BE7E8F}\\DhcpNameServer -> 192.168.2.1 74.128.19.102 74.128.17.114 (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) ->

{919FDCB9-88F3-457A-8651-3318F9F0B962}\\DhcpNameServer -> 192.168.2.1 (Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter) ->

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

explorer.exe -> C:\Windows\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

SystemPropertiesPerformance.exe -> C:\Windows\System32\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)

/pagefile -> -> File not found

*MultiFile Done* -> ->

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found

< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->

pku2u -> C:\Windows\System32\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->

< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->

"AutoRun" -> 1 ->

"DisplayName" -> CD-ROM Driver ->

"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found

< Drives with AutoRun files > -> ->

C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2009/06/10 17:42:20 | 000,000,024 | ---- | M] ()

M:\Autorun.inf [[autorun] | icon=\GoFlex.ico | ] -> M:\Autorun.inf [ NTFS ] -> [2010/02/15 00:53:50 | 000,000,027 | ---- | M] ()

< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

\J

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell

\J\shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\shell\AutoRun\command

\J\shell\AutoRun\command\\"" -> [J:\VZAccess_Manager.exe /z detect] -> File not found

\{94879b52-6987-11e0-a85c-0011d82cae57}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94879b52-6987-11e0-a85c-0011d82cae57}\shell

\{94879b52-6987-11e0-a85c-0011d82cae57}\shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94879b52-6987-11e0-a85c-0011d82cae57}\shell\AutoRun\command

\{94879b52-6987-11e0-a85c-0011d82cae57}\shell\AutoRun\command\\"" -> [H:\setup.exe -a] -> File not found

\{b6d28c66-2683-11e0-baa3-0011d82cae57}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d28c66-2683-11e0-baa3-0011d82cae57}\shell

\{b6d28c66-2683-11e0-baa3-0011d82cae57}\shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d28c66-2683-11e0-baa3-0011d82cae57}\shell\AutoRun\command

\{b6d28c66-2683-11e0-baa3-0011d82cae57}\shell\AutoRun\command\\"" -> [J:\VZAccess_Manager.exe /z detect] -> File not found

\{b6d28c95-2683-11e0-baa3-0011d82cae57}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d28c95-2683-11e0-baa3-0011d82cae57}\shell

\{b6d28c95-2683-11e0-baa3-0011d82cae57}\shell\\"" -> [AutoRun] -> File not found

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6d28c95-2683-11e0-baa3-0011d82cae57}\shell\AutoRun\command

\{b6d28c95-2683-11e0-baa3-0011d82cae57}\shell\AutoRun\command\\"" -> [M:\VZAccess_Manager.exe /z detect] -> File not found

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

comfile [open] -> "%1" %* ->

exefile [open] -> "%1" %* ->

< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->

.com [@ = comfile] -> "%1" %* ->

.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]

< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->

C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe -> [2011/03/25 16:25:42 | 000,840,992 | ---- | M] (Broadcom Corporation.)

C:^Users^AMUN-RE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk -> C:\Users\AMUN-RE\AppData\Roaming\Dropbox\bin\Dropbox.exe -> [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.)

< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->

Acrobat Assistant 8.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe -> [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.)

Adobe Acrobat Speed Launcher hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe -> [2011/01/31 00:36:36 | 000,038,840 | ---- | M] (Adobe Systems Incorporated)

Adobe ARM hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe -> [2010/09/21 14:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated)

AutoStartNPSAgent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found

BitTorrent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found

CPMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe -> [2010/08/25 12:27:26 | 000,084,464 | ---- | M] ()

Desktop Disc Tool hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe -> [2010/06/30 10:10:14 | 000,477,680 | ---- | M] ()

dvd43 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\dvd43\DVD43_Tray.exe -> [2009/10/23 20:34:36 | 000,827,904 | ---- | M] ()

Google Update hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Users\AMUN-RE\AppData\Local\Google\Update\GoogleUpdate.exe -> [2011/01/23 00:06:55 | 000,136,176 | ---- | M] (Google Inc.)

GrooveMonitor hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2008/10/25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation)

iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2011/04/14 11:32:28 | 000,421,160 | ---- | M] (Apple Inc.)

LogMeIn GUI hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\LogMeIn\x86\LogMeInSystray.exe -> [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.)

Memeo AutoSync hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe -> [2010/04/16 17:43:12 | 000,144,608 | ---- | M] (Memeo Inc.)

Memeo Instant Backup hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe -> [2011/01/24 14:35:38 | 000,136,416 | ---- | M] (Memeo Inc.)

Memeo Send hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe -> [2010/07/20 14:18:14 | 000,236,816 | ---- | M] ()

Microsoft Default Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -> [2010/05/10 14:12:28 | 000,439,568 | ---- | M] (Microsoft Corporation)

QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\QTTask.exe -> [2010/11/29 18:38:18 | 000,421,888 | ---- | M] (Apple Inc.)

RoxWatchTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe -> [2010/07/16 07:48:18 | 000,307,184 | ---- | M] (Sonic Solutions)

SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Java\Java Update\jusched.exe -> [2010/10/29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.)

Windows Mobile Device Center hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Windows\WindowsMobile\wmdc.exe -> [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation)

< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->

"startup" -> 2 ->

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->

*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->

FastUserSwitchingCompatibility -> -> File not found

Ias -> -> File not found

Nla -> -> File not found

Ntmssvc -> -> File not found

NWCWorkstation -> -> File not found

Nwsapagent -> -> File not found

SRService -> -> File not found

WmdmPmSp -> -> File not found

LogonHours -> -> File not found

PCAudit -> -> File not found

helpsvc -> -> File not found

uploadmgr -> -> File not found

Themes -> C:\Windows\System32\themeservice.dll -> [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation)

BDESVC -> C:\Windows\System32\bdesvc.dll -> [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation)

*MultiFile Done* -> ->

< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->

{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse

{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System

{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive

{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy

{6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers

{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices

{D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices

{D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices

Base -> Driver Group

Boot Bus Extender -> Driver Group

Boot file system -> Driver Group

File system -> Driver Group

Filter -> Driver Group

HelpSvc -> Service

MsMpSvc -> C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -> [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation)

NTDS -> -> File not found

PCI Configuration -> Driver Group

PNP Filter -> Driver Group

Power -> C:\Windows\System32\umpo.dll -> [2010/11/20 08:21:33 | 000,119,808 | ---- | M] (Microsoft Corporation)

Primary disk -> Driver Group

RpcEptMapper -> C:\Windows\System32\RpcEpMap.dll -> [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation)

sacsvr -> Service

SCSI Class -> Driver Group

System Bus Extender -> Driver Group

vmms -> Service

WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation)

< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->

batfile [open] -> "%1" %* ->

cmdfile [open] -> "%1" %* ->

comfile [open] -> "%1" %* ->

cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2009/07/13 21:14:15 | 000,113,152 | ---- | M] (Microsoft Corporation)

exefile [open] -> "%1" %* ->

hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2009/07/13 21:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation)

http [open] -> "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

https [open] -> "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2009/07/13 21:14:21 | 000,009,216 | ---- | M] (Microsoft Corporation)

piffile [open] -> "%1" %* ->

scrfile [config] -> "%1" ->

scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l ->

scrfile [open] -> "%1" /S ->

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->

Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

Directory [runas] -> cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t -> [2010/11/20 08:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

[Files/Folders - Created Within 30 Days]

OTS.scr -> C:\Users\AMUN-RE\Desktop\OTS.scr -> [2011/06/08 13:23:48 | 000,645,632 | ---- | C] (OldTimer Tools)

RK_Quarantine -> C:\Users\AMUN-RE\Desktop\RK_Quarantine -> [2011/06/08 13:16:24 | 000,000,000 | ---D | C]

pss -> C:\Windows\pss -> [2011/06/07 10:20:05 | 000,000,000 | ---D | C]

SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2011/06/06 22:10:17 | 000,098,392 | ---- | C] (Sunbelt Software)

sbbd.exe -> C:\Windows\System32\sbbd.exe -> [2011/06/06 22:10:17 | 000,027,984 | ---- | C] (Sunbelt Software)

VIPRERescue9500 -> C:\Users\AMUN-RE\Desktop\VIPRERescue9500 -> [2011/06/06 21:45:41 | 000,000,000 | ---D | C]

OTL.com -> C:\Users\AMUN-RE\Desktop\OTL.com -> [2011/06/06 21:36:39 | 000,580,096 | ---- | C] (OldTimer Tools)

OTL.scr -> C:\Users\AMUN-RE\Desktop\OTL.scr -> [2011/06/06 21:36:31 | 000,580,096 | ---- | C] (OldTimer Tools)

OTL.exe -> C:\Users\AMUN-RE\Desktop\OTL.exe -> [2011/06/06 21:18:25 | 000,580,096 | ---- | C] (OldTimer Tools)

TMRBLog -> C:\Users\AMUN-RE\Desktop\TMRBLog -> [2011/06/06 20:19:32 | 000,000,000 | ---D | C]

log -> C:\Users\AMUN-RE\Desktop\log -> [2011/06/06 20:18:57 | 000,000,000 | ---D | C]

RootkitBuster.exe -> C:\Users\AMUN-RE\Desktop\RootkitBuster.exe -> [2011/06/06 20:18:48 | 002,486,352 | ---- | C] (Trend Micro Inc.)

SpywareBlaster -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster -> [2011/06/06 20:06:41 | 000,000,000 | ---D | C]

SpywareBlaster -> C:\Program Files\SpywareBlaster -> [2011/06/06 20:06:27 | 000,000,000 | ---D | C]

ESET -> C:\Program Files\ESET -> [2011/06/06 16:11:55 | 000,000,000 | ---D | C]

$RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2011/06/06 15:57:40 | 000,000,000 | -HSD | C]

Trend Micro -> C:\Program Files\Trend Micro -> [2011/06/06 15:32:36 | 000,000,000 | ---D | C]

HijackThis -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis -> [2011/06/06 15:32:36 | 000,000,000 | ---D | C]

esetsmartinstaller_enu.exe -> C:\Users\AMUN-RE\Desktop\esetsmartinstaller_enu.exe -> [2011/06/06 15:24:45 | 002,322,184 | ---- | C] (ESET)

HJTInstall.exe -> C:\Users\AMUN-RE\Desktop\HJTInstall.exe -> [2011/06/06 15:21:30 | 000,812,344 | ---- | C] (Trend Micro Inc.)

spywareblastersetup44.exe -> C:\Users\AMUN-RE\Desktop\spywareblastersetup44.exe -> [2011/06/06 15:04:01 | 003,194,296 | ---- | C] (Javacool Software LLC )

Data Recovory Collections -> C:\Users\AMUN-RE\Desktop\Data Recovory Collections -> [2011/06/06 02:35:35 | 000,000,000 | ---D | C]

MyFontsOrder2953938 -> C:\Users\AMUN-RE\Desktop\MyFontsOrder2953938 -> [2011/06/06 01:29:02 | 000,000,000 | ---D | C]

Family Guy Clips -> C:\Users\AMUN-RE\Desktop\Family Guy Clips -> [2011/06/06 00:46:35 | 000,000,000 | ---D | C]

Paragon Drive Image Free Edition -> C:\Users\AMUN-RE\Desktop\Paragon Drive Image Free Edition -> [2011/06/05 22:34:52 | 000,000,000 | ---D | C]

gifs -> C:\Users\AMUN-RE\Desktop\gifs -> [2011/06/05 22:27:30 | 000,000,000 | ---D | C]

SUPERAntiSpyware.com -> C:\Users\AMUN-RE\AppData\Roaming\SUPERAntiSpyware.com -> [2011/06/04 23:39:10 | 000,000,000 | ---D | C]

SUPERAntiSpyware.com -> C:\ProgramData\SUPERAntiSpyware.com -> [2011/06/04 23:39:10 | 000,000,000 | ---D | C]

SUPERAntiSpyware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware -> [2011/06/04 23:39:02 | 000,000,000 | ---D | C]

SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/06/04 23:38:55 | 000,000,000 | ---D | C]

Fonts from myfonts.com -> C:\Users\AMUN-RE\Desktop\Fonts from myfonts.com -> [2011/05/31 12:20:14 | 000,000,000 | ---D | C]

MyFontsOrder2954089 -> C:\Users\AMUN-RE\Desktop\MyFontsOrder2954089 -> [2011/05/31 12:17:45 | 000,000,000 | ---D | C]

FileZilla Server -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server -> [2011/05/31 05:11:49 | 000,000,000 | ---D | C]

FileZilla Server -> C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla Server -> [2011/05/31 05:11:48 | 000,000,000 | ---D | C]

FileZilla Server -> C:\Program Files\FileZilla Server -> [2011/05/31 05:11:46 | 000,000,000 | ---D | C]

MyFontsWebfontsOrderM2954089 -> C:\Users\AMUN-RE\Desktop\MyFontsWebfontsOrderM2954089 -> [2011/05/30 16:08:07 | 000,000,000 | ---D | C]

MyFontsWebfontsOrderM2953938 -> C:\Users\AMUN-RE\Desktop\MyFontsWebfontsOrderM2953938 -> [2011/05/30 15:07:20 | 000,000,000 | ---D | C]

Deco_32.dll -> C:\Windows\System32\Deco_32.dll -> [2011/05/30 07:24:23 | 000,227,840 | ---- | C] (Iterated Systems, Inc.)

nlssrv32.exe -> C:\Windows\System32\nlssrv32.exe -> [2011/05/30 07:22:54 | 000,066,560 | ---- | C] (Nalpeiron Ltd.)

onOne Software -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software -> [2011/05/30 07:22:49 | 000,000,000 | ---D | C]

androidsdk -> C:\androidsdk -> [2011/05/27 13:34:01 | 000,000,000 | ---D | C]

TOP 25 - 07-05-11 -> C:\Users\AMUN-RE\Desktop\TOP 25 - 07-05-11 -> [2011/05/27 01:51:53 | 000,000,000 | ---D | C]

supersized2 -> C:\Users\AMUN-RE\Desktop\supersized2 -> [2011/05/27 01:44:12 | 000,000,000 | ---D | C]

jQuery Background -> C:\Users\AMUN-RE\Desktop\jQuery Background -> [2011/05/27 00:16:42 | 000,000,000 | ---D | C]

Alien Skin -> C:\Users\AMUN-RE\AppData\Roaming\Alien Skin -> [2011/05/26 01:11:45 | 000,000,000 | ---D | C]

Alien Skin -> C:\Users\AMUN-RE\AppData\Local\Alien Skin -> [2011/05/26 00:35:43 | 000,000,000 | ---D | C]

WinRAR -> C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/25 17:25:46 | 000,000,000 | ---D | C]

WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2011/05/25 17:25:46 | 000,000,000 | ---D | C]

Adobe Application Manager 2.0 -> C:\Users\AMUN-RE\Desktop\Adobe Application Manager 2.0 -> [2011/05/25 05:00:00 | 000,000,000 | ---D | C]

Diskdump.sys -> C:\Windows\System32\drivers\Diskdump.sys -> [2011/05/25 00:21:03 | 000,027,008 | ---- | C] (Microsoft Corporation)

Microsoft Baseline Security Analyzer 2 -> C:\Program Files\Microsoft Baseline Security Analyzer 2 -> [2011/05/24 20:13:06 | 000,000,000 | ---D | C]

SecurityScans -> C:\Users\AMUN-RE\SecurityScans -> [2011/05/24 20:03:43 | 000,000,000 | ---D | C]

Fonts -> C:\Users\AMUN-RE\Desktop\Fonts -> [2011/05/24 07:45:59 | 000,000,000 | ---D | C]

ATI -> C:\ProgramData\ATI -> [2011/05/23 19:28:19 | 000,000,000 | ---D | C]

AMD APP -> C:\Program Files\AMD APP -> [2011/05/23 19:27:51 | 000,000,000 | ---D | C]

Catalyst Control Center -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center -> [2011/05/23 19:27:37 | 000,000,000 | ---D | C]

RStudio 5.4 Corp -> C:\Users\AMUN-RE\Desktop\RStudio 5.4 Corp -> [2011/05/22 00:40:22 | 000,000,000 | ---D | C]

TB2.5_SETUP_Professional.exe -> C:\Users\AMUN-RE\Desktop\TB2.5_SETUP_Professional.exe -> [2011/05/20 12:37:05 | 072,762,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd )

epmpro_linux.exe -> C:\Users\AMUN-RE\Desktop\epmpro_linux.exe -> [2011/05/20 12:27:20 | 049,585,120 | ---- | C] (EASEUS )

Roxio Projects -> C:\Users\AMUN-RE\Documents\Roxio Projects -> [2011/05/20 02:52:30 | 000,000,000 | ---D | C]

Dropbox -> C:\Users\AMUN-RE\Dropbox -> [2011/05/20 01:07:52 | 000,000,000 | R--D | C]

Dropbox -> C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox -> [2011/05/20 00:57:22 | 000,000,000 | ---D | C]

Alien Skin -> C:\ProgramData\Alien Skin -> [2011/05/19 22:54:29 | 000,000,000 | ---D | C]

Alien Skin -> C:\Program Files\Alien Skin -> [2011/05/19 22:49:50 | 000,000,000 | ---D | C]

Ken Burns Slideshow -> C:\Users\AMUN-RE\Desktop\Ken Burns Slideshow -> [2011/05/19 03:36:21 | 000,000,000 | ---D | C]

Laconic Software -> C:\Users\AMUN-RE\AppData\Roaming\Laconic Software -> [2011/05/17 13:55:27 | 000,000,000 | ---D | C]

eSupport.com -> C:\Users\AMUN-RE\AppData\Local\eSupport.com -> [2011/05/16 17:58:28 | 000,000,000 | ---D | C]

Windows 7 Useful Programs -> C:\Users\AMUN-RE\Desktop\Windows 7 Useful Programs -> [2011/05/16 14:17:42 | 000,000,000 | ---D | C]

FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/16 13:27:21 | 000,404,640 | ---- | C] (Adobe Systems Incorporated)

Broadcom -> C:\Users\AMUN-RE\AppData\Local\Broadcom -> [2011/05/15 18:33:24 | 000,000,000 | ---D | C]

Bluetooth Exchange Folder -> C:\Users\AMUN-RE\Documents\Bluetooth Exchange Folder -> [2011/05/15 18:33:24 | 000,000,000 | ---D | C]

btwcoins.dll -> C:\Windows\System32\btwcoins.dll -> [2011/05/15 18:30:24 | 000,020,008 | ---- | C] (Broadcom Corporation.)

WIDCOMM -> C:\Program Files\WIDCOMM -> [2011/05/15 18:26:02 | 000,000,000 | ---D | C]

WindowsMobile -> C:\Windows\WindowsMobile -> [2011/05/15 16:29:26 | 000,000,000 | ---D | C]

New folder (5) -> C:\Users\AMUN-RE\Desktop\New folder (5) -> [2011/05/15 15:17:58 | 000,000,000 | ---D | C]

Mael -> C:\Users\AMUN-RE\AppData\Roaming\Mael -> [2011/05/14 04:11:12 | 000,000,000 | ---D | C]

HxD Hex Editor -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor -> [2011/05/14 03:27:58 | 000,000,000 | ---D | C]

HxD -> C:\Program Files\HxD -> [2011/05/14 03:27:57 | 000,000,000 | ---D | C]

Motorola -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola -> [2011/05/13 14:56:04 | 000,000,000 | ---D | C]

srobbin-jquery-backstretch-d528a4a -> C:\Users\AMUN-RE\Desktop\srobbin-jquery-backstretch-d528a4a -> [2011/05/12 13:27:15 | 000,000,000 | ---D | C]

poqexec.exe -> C:\Windows\System32\poqexec.exe -> [2011/05/10 23:06:19 | 000,123,904 | ---- | C] (Microsoft Corporation)

usbport.sys -> C:\Windows\System32\drivers\usbport.sys -> [2011/05/10 17:52:52 | 000,284,672 | ---- | C] (Microsoft Corporation)

usbd.sys -> C:\Windows\System32\drivers\usbd.sys -> [2011/05/10 17:52:51 | 000,005,888 | ---- | C] (Microsoft Corporation)

ntkrnlpa.exe -> C:\Windows\System32\ntkrnlpa.exe -> [2011/05/10 17:52:48 | 003,967,872 | ---- | C] (Microsoft Corporation)

ntoskrnl.exe -> C:\Windows\System32\ntoskrnl.exe -> [2011/05/10 17:52:47 | 003,912,576 | ---- | C] (Microsoft Corporation)

javaws.exe -> C:\Windows\System32\javaws.exe -> [2011/05/09 13:37:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)

javaw.exe -> C:\Windows\System32\javaw.exe -> [2011/05/09 13:37:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)

java.exe -> C:\Windows\System32\java.exe -> [2011/05/09 13:37:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)

pcouffin.sys -> C:\Users\AMUN-RE\AppData\Roaming\pcouffin.sys -> [2011/01/30 01:25:31 | 000,047,360 | ---- | C] (VSO Software)

adobetmp000823803 -> C:\ProgramData\adobetmp000823803 -> [2011/01/04 10:59:33 | 001,451,360 | ---- | C] (Adobe Systems, Incorporated)

adobetmp000523924 -> C:\ProgramData\adobetmp000523924 -> [2008/08/14 09:14:14 | 000,083,336 | ---- | C] (Adobe Systems Incorporated)

[Files/Folders - Modified Within 30 Days]

OTS.scr -> C:\Users\AMUN-RE\Desktop\OTS.scr -> [2011/06/08 13:23:49 | 000,645,632 | ---- | M] (OldTimer Tools)

RogueKiller.exe -> C:\Users\AMUN-RE\Desktop\RogueKiller.exe -> [2011/06/08 13:11:09 | 000,511,488 | ---- | M] ()

GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000UA.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000UA.job -> [2011/06/08 13:10:00 | 000,000,916 | ---- | M] ()

GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/06/08 12:57:00 | 000,000,888 | ---- | M] ()

7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/08 12:30:43 | 000,020,768 | -H-- | M] ()

7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/08 12:30:43 | 000,020,768 | -H-- | M] ()

GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/06/08 12:24:32 | 000,000,884 | ---- | M] ()

bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/08 12:21:17 | 000,067,584 | --S- | M] ()

hiberfil.sys -> C:\hiberfil.sys -> [2011/06/08 12:21:09 | 2415,321,088 | -HS- | M] ()

GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000Core.job -> C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000Core.job -> [2011/06/08 03:10:07 | 000,000,864 | ---- | M] ()

test side green.png -> C:\Users\AMUN-RE\Desktop\test side green.png -> [2011/06/08 02:13:38 | 000,415,191 | ---- | M] ()

test side red.png -> C:\Users\AMUN-RE\Desktop\test side red.png -> [2011/06/08 02:13:09 | 000,367,214 | ---- | M] ()

test side.png -> C:\Users\AMUN-RE\Desktop\test side.png -> [2011/06/08 02:12:27 | 000,397,201 | ---- | M] ()

test1side.png -> C:\Users\AMUN-RE\Desktop\test1side.png -> [2011/06/08 02:10:39 | 000,310,266 | ---- | M] ()

perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/08 00:47:16 | 000,626,040 | ---- | M] ()

perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/08 00:47:16 | 000,107,316 | ---- | M] ()

SBRC.dat -> C:\Windows\System32\SBRC.dat -> [2011/06/06 22:10:22 | 000,000,000 | ---- | M] ()

VIPRERescue9500.exe -> C:\Users\AMUN-RE\Desktop\VIPRERescue9500.exe -> [2011/06/06 21:44:11 | 091,152,384 | ---- | M] ()

OTL.com -> C:\Users\AMUN-RE\Desktop\OTL.com -> [2011/06/06 21:36:45 | 000,580,096 | ---- | M] (OldTimer Tools)

OTL.scr -> C:\Users\AMUN-RE\Desktop\OTL.scr -> [2011/06/06 21:36:40 | 000,580,096 | ---- | M] (OldTimer Tools)

OTL.exe -> C:\Users\AMUN-RE\Desktop\OTL.exe -> [2011/06/06 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools)

setup_av_free.exe -> C:\Users\AMUN-RE\Desktop\setup_av_free.exe -> [2011/06/06 21:13:06 | 058,064,040 | ---- | M] ()

RootkitBuster_3.60.1016.zip -> C:\Users\AMUN-RE\Desktop\RootkitBuster_3.60.1016.zip -> [2011/06/06 20:16:39 | 001,113,789 | ---- | M] ()

HijackThis.lnk -> C:\Users\AMUN-RE\Desktop\HijackThis.lnk -> [2011/06/06 15:32:36 | 000,002,039 | ---- | M] ()

esetsmartinstaller_enu.exe -> C:\Users\AMUN-RE\Desktop\esetsmartinstaller_enu.exe -> [2011/06/06 15:24:51 | 002,322,184 | ---- | M] (ESET)

HJTInstall.exe -> C:\Users\AMUN-RE\Desktop\HJTInstall.exe -> [2011/06/06 15:21:33 | 000,812,344 | ---- | M] (Trend Micro Inc.)

SecurityCheck.exe -> C:\Users\AMUN-RE\Desktop\SecurityCheck.exe -> [2011/06/06 15:16:48 | 000,879,092 | ---- | M] ()

spywareblastersetup44.exe -> C:\Users\AMUN-RE\Desktop\spywareblastersetup44.exe -> [2011/06/06 15:04:34 | 003,194,296 | ---- | M] (Javacool Software LLC )

eminemdetox.jpg -> C:\Users\AMUN-RE\Desktop\eminemdetox.jpg -> [2011/06/06 03:59:15 | 000,098,406 | ---- | M] ()

Code Pro Demo.otf -> C:\Users\AMUN-RE\Desktop\Code Pro Demo.otf -> [2011/05/31 23:06:10 | 000,019,832 | ---- | M] ()

Code Pro Light Demo.otf -> C:\Users\AMUN-RE\Desktop\Code Pro Light Demo.otf -> [2011/05/31 23:05:58 | 000,018,840 | ---- | M] ()

mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation)

mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation)

cmicnfg.ini -> C:\Windows\System\cmicnfg.ini -> [2011/05/24 20:45:06 | 000,000,327 | ---- | M] ()

MBSASetup-x86-EN.msi -> C:\Users\AMUN-RE\Desktop\MBSASetup-x86-EN.msi -> [2011/05/24 20:10:58 | 001,625,600 | ---- | M] ()

resmon.resmoncfg -> C:\Users\AMUN-RE\AppData\Local\resmon.resmoncfg -> [2011/05/24 19:42:37 | 000,007,665 | ---- | M] ()

nlssrv32.exe -> C:\Windows\System32\nlssrv32.exe -> [2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.)

Deco_32.dll -> C:\Windows\System32\Deco_32.dll -> [2011/05/17 10:13:20 | 000,227,840 | ---- | M] (Iterated Systems, Inc.)

FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2011/05/17 06:07:10 | 003,287,960 | ---- | M] ()

applicationforregistration.pdf -> C:\Users\AMUN-RE\Documents\applicationforregistration.pdf -> [2011/05/16 18:36:54 | 000,208,735 | ---- | M] ()

FlashPlayerCPLApp.cpl -> C:\Windows\System32\FlashPlayerCPLApp.cpl -> [2011/05/16 13:27:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated)

Bluetooth Problem Report.lnk -> C:\Users\Public\Desktop\Bluetooth Problem Report.lnk -> [2011/05/15 18:30:56 | 000,001,109 | ---- | M] ()

btwcoins.dll -> C:\Windows\System32\btwcoins.dll -> [2011/05/15 18:24:24 | 000,020,008 | ---- | M] (Broadcom Corporation.)

Msft_Kernel_motfilt_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf -> [2011/05/13 14:02:13 | 000,000,000 | -H-- | M] ()

Msft_Kernel_Motousbnet_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf -> [2011/05/13 14:02:12 | 000,000,000 | -H-- | M] ()

Msft_Kernel_motmodem_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf -> [2011/05/13 14:01:37 | 000,000,000 | -H-- | M] ()

Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2011/05/13 14:01:30 | 000,000,000 | -H-- | M] ()

Msft_Kernel_motccgpfl_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf -> [2011/05/13 14:00:18 | 000,000,000 | -H-- | M] ()

Msft_Kernel_motccgp_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf -> [2011/05/13 14:00:17 | 000,000,000 | -H-- | M] ()

rx_image32.Cache -> C:\Users\AMUN-RE\AppData\Local\rx_image32.Cache -> [2011/05/09 20:24:38 | 008,902,352 | ---- | M] ()

rx_audio.Cache -> C:\Users\AMUN-RE\AppData\Local\rx_audio.Cache -> [2011/05/09 20:24:38 | 000,493,272 | ---- | M] ()

TB2.5_SETUP_Professional.exe -> C:\Users\AMUN-RE\Desktop\TB2.5_SETUP_Professional.exe -> [2011/05/09 14:43:44 | 072,762,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd )

10 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->

10 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->

[Files - No Company Name]

RogueKiller.exe -> C:\Users\AMUN-RE\Desktop\RogueKiller.exe -> [2011/06/08 13:11:07 | 000,511,488 | ---- | C] ()

test side green.png -> C:\Users\AMUN-RE\Desktop\test side green.png -> [2011/06/08 02:13:34 | 000,415,191 | ---- | C] ()

test side red.png -> C:\Users\AMUN-RE\Desktop\test side red.png -> [2011/06/08 02:13:06 | 000,367,214 | ---- | C] ()

test side.png -> C:\Users\AMUN-RE\Desktop\test side.png -> [2011/06/08 02:12:18 | 000,397,201 | ---- | C] ()

test1side.png -> C:\Users\AMUN-RE\Desktop\test1side.png -> [2011/06/08 02:10:35 | 000,310,266 | ---- | C] ()

SBRC.dat -> C:\Windows\System32\SBRC.dat -> [2011/06/06 22:10:22 | 000,000,000 | ---- | C] ()

VIPRERescue9500.exe -> C:\Users\AMUN-RE\Desktop\VIPRERescue9500.exe -> [2011/06/06 21:40:12 | 091,152,384 | ---- | C] ()

setup_av_free.exe -> C:\Users\AMUN-RE\Desktop\setup_av_free.exe -> [2011/06/06 21:11:32 | 058,064,040 | ---- | C] ()

RootkitBuster_3.60.1016.zip -> C:\Users\AMUN-RE\Desktop\RootkitBuster_3.60.1016.zip -> [2011/06/06 20:16:36 | 001,113,789 | ---- | C] ()

HijackThis.lnk -> C:\Users\AMUN-RE\Desktop\HijackThis.lnk -> [2011/06/06 15:32:36 | 000,002,039 | ---- | C] ()

SecurityCheck.exe -> C:\Users\AMUN-RE\Desktop\SecurityCheck.exe -> [2011/06/06 15:16:42 | 000,879,092 | ---- | C] ()

eminemdetox.jpg -> C:\Users\AMUN-RE\Desktop\eminemdetox.jpg -> [2011/06/06 03:59:11 | 000,098,406 | ---- | C] ()

Code Pro Demo.otf -> C:\Users\AMUN-RE\Desktop\Code Pro Demo.otf -> [2011/06/06 01:29:34 | 000,019,832 | ---- | C] ()

Code Pro Light Demo.otf -> C:\Users\AMUN-RE\Desktop\Code Pro Light Demo.otf -> [2011/06/06 01:29:34 | 000,018,840 | ---- | C] ()

Microsoft Baseline Security Analyzer 2.2.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk -> [2011/05/24 20:13:08 | 000,001,093 | ---- | C] ()

MBSASetup-x86-EN.msi -> C:\Users\AMUN-RE\Desktop\MBSASetup-x86-EN.msi -> [2011/05/24 20:10:58 | 001,625,600 | ---- | C] ()

applicationforregistration.pdf -> C:\Users\AMUN-RE\Documents\applicationforregistration.pdf -> [2011/05/16 18:36:54 | 000,208,735 | ---- | C] ()

Bluetooth Problem Report.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk -> [2011/05/15 18:30:56 | 000,001,121 | ---- | C] ()

Bluetooth Problem Report.lnk -> C:\Users\Public\Desktop\Bluetooth Problem Report.lnk -> [2011/05/15 18:30:56 | 000,001,109 | ---- | C] ()

Windows Mobile Device Center.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk -> [2011/05/15 16:32:38 | 000,002,419 | ---- | C] ()

Msft_Kernel_motfilt_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf -> [2011/05/13 14:02:13 | 000,000,000 | -H-- | C] ()

Msft_Kernel_Motousbnet_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf -> [2011/05/13 14:02:12 | 000,000,000 | -H-- | C] ()

Msft_Kernel_motmodem_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf -> [2011/05/13 14:01:37 | 000,000,000 | -H-- | C] ()

Msft_User_WpdMtpDr_01_09_00.Wdf -> C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf -> [2011/05/13 14:01:30 | 000,000,000 | -H-- | C] ()

Msft_Kernel_motccgpfl_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf -> [2011/05/13 14:00:18 | 000,000,000 | -H-- | C] ()

Msft_Kernel_motccgp_01007.Wdf -> C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf -> [2011/05/13 14:00:17 | 000,000,000 | -H-- | C] ()

Perfmon.PerfmonCfg -> C:\Users\AMUN-RE\AppData\Local\Perfmon.PerfmonCfg -> [2011/05/02 18:23:43 | 000,000,337 | ---- | C] ()

SpoonUninstall-dBpoweramp Music Converter.dat -> C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat -> [2011/04/30 15:34:29 | 000,017,851 | ---- | C] ()

SpoonUninstall.exe -> C:\Windows\System32\SpoonUninstall.exe -> [2011/04/30 15:34:28 | 006,904,040 | ---- | C] ()

wininit.ini -> C:\Windows\wininit.ini -> [2011/04/22 07:58:28 | 000,000,010 | ---- | C] ()

_delis32.ini -> C:\Windows\_delis32.ini -> [2011/04/22 07:58:10 | 000,000,276 | ---- | C] ()

OVDecode.dll -> C:\Windows\System32\OVDecode.dll -> [2011/04/19 22:10:32 | 000,059,904 | ---- | C] ()

ubl9clt.dll -> C:\Windows\System32\ubl9clt.dll -> [2011/04/16 12:40:40 | 000,000,016 | -H-- | C] ()

LOOP.exe -> C:\Windows\LOOP.exe -> [2011/04/06 07:34:12 | 000,311,295 | ---- | C] ()

cool.ini -> C:\Windows\cool.ini -> [2011/03/26 04:59:17 | 000,000,165 | ---- | C] ()

AbsynthIAC.dll -> C:\Windows\System32\AbsynthIAC.dll -> [2011/03/26 04:41:52 | 016,371,712 | ---- | C] ()

dsdxirmv.exe -> C:\Windows\dsdxirmv.exe -> [2011/03/26 04:41:15 | 000,118,784 | ---- | C] ()

libmmd.dll -> C:\Windows\System32\libmmd.dll -> [2011/03/26 04:40:16 | 000,520,267 | ---- | C] ()

rx_audio.Cache -> C:\Users\AMUN-RE\AppData\Local\rx_audio.Cache -> [2011/03/23 16:50:07 | 000,493,272 | ---- | C] ()

rx_image32.Cache -> C:\Users\AMUN-RE\AppData\Local\rx_image32.Cache -> [2011/03/23 16:49:18 | 008,902,352 | ---- | C] ()

atipblag.dat -> C:\Windows\System32\atipblag.dat -> [2011/03/17 13:51:44 | 000,003,929 | ---- | C] ()

keyfile3.drm -> C:\Users\AMUN-RE\AppData\Local\keyfile3.drm -> [2011/03/06 22:47:54 | 000,004,096 | -H-- | C] ()

RDVGHelper.exe -> C:\Windows\System32\RDVGHelper.exe -> [2011/03/02 04:11:35 | 000,080,896 | ---- | C] ()

PrintBrmUi.exe -> C:\Windows\System32\PrintBrmUi.exe -> [2011/03/02 04:09:27 | 000,066,048 | ---- | C] ()

atiicdxx.dat -> C:\Windows\System32\atiicdxx.dat -> [2011/02/28 17:30:06 | 000,233,012 | ---- | C] ()

xvidvfw.dll -> C:\Windows\System32\xvidvfw.dll -> [2011/02/22 15:39:04 | 000,240,640 | ---- | C] ()

AsIO.dll -> C:\Windows\System32\AsIO.dll -> [2011/02/22 00:36:46 | 000,024,576 | ---- | C] ()

AsIO.sys -> C:\Windows\System32\drivers\AsIO.sys -> [2011/02/22 00:36:46 | 000,011,296 | ---- | C] ()

AsInsHelp64.sys -> C:\Windows\System32\drivers\AsInsHelp64.sys -> [2011/02/22 00:36:42 | 000,011,832 | ---- | C] ()

AsInsHelp32.sys -> C:\Windows\System32\drivers\AsInsHelp32.sys -> [2011/02/22 00:36:42 | 000,010,216 | ---- | C] ()

Language_trs.ini -> C:\Windows\Language_trs.ini -> [2011/02/22 00:36:16 | 000,001,769 | ---- | C] ()

ASACPI.sys -> C:\Windows\System32\drivers\ASACPI.sys -> [2011/02/22 00:35:23 | 000,013,216 | ---- | C] ()

net_rim_plazmic_flint_dialog.dll -> C:\Windows\System32\net_rim_plazmic_flint_dialog.dll -> [2011/02/11 04:13:08 | 000,225,280 | ---- | C] ()

ff_samplerate.dll -> C:\Windows\System32\ff_samplerate.dll -> [2011/02/07 14:00:08 | 001,529,856 | ---- | C] ()

ffmpegmt.dll -> C:\Windows\System32\ffmpegmt.dll -> [2011/02/07 14:00:08 | 000,925,667 | ---- | C] ()

xvidcore.dll -> C:\Windows\System32\xvidcore.dll -> [2011/02/07 14:00:08 | 000,721,798 | ---- | C] ()

ff_libfaad2.dll -> C:\Windows\System32\ff_libfaad2.dll -> [2011/02/07 14:00:08 | 000,336,384 | ---- | C] ()

TomsMoComp_ff.dll -> C:\Windows\System32\TomsMoComp_ff.dll -> [2011/02/07 14:00:08 | 000,324,096 | ---- | C] ()

ff_libdts.dll -> C:\Windows\System32\ff_libdts.dll -> [2011/02/07 14:00:08 | 000,216,576 | ---- | C] ()

ff_libmad.dll -> C:\Windows\System32\ff_libmad.dll -> [2011/02/07 14:00:08 | 000,151,552 | ---- | C] ()

libmpeg2_ff.dll -> C:\Windows\System32\libmpeg2_ff.dll -> [2011/02/07 14:00:08 | 000,145,408 | ---- | C] ()

ff_unrar.dll -> C:\Windows\System32\ff_unrar.dll -> [2011/02/07 14:00:08 | 000,140,800 | ---- | C] ()

ff_liba52.dll -> C:\Windows\System32\ff_liba52.dll -> [2011/02/07 14:00:08 | 000,121,856 | ---- | C] ()

ff_wmv9.dll -> C:\Windows\System32\ff_wmv9.dll -> [2011/02/07 14:00:08 | 000,100,864 | ---- | C] ()

FLT_ffdshow.dll -> C:\Windows\System32\FLT_ffdshow.dll -> [2011/02/07 14:00:08 | 000,065,024 | ---- | C] ()

ff_vfw.dll -> C:\Windows\System32\ff_vfw.dll -> [2011/02/07 13:45:52 | 000,080,896 | ---- | C] ()

ffmpeg.dll -> C:\Windows\System32\ffmpeg.dll -> [2011/02/07 13:39:02 | 004,166,551 | ---- | C] ()

FsUsbExDisk.Sys -> C:\Windows\System32\FsUsbExDisk.Sys -> [2011/01/30 22:32:04 | 000,036,608 | ---- | C] ()

FsUsbExDevice.Dll -> C:\Windows\System32\FsUsbExDevice.Dll -> [2011/01/30 22:32:03 | 000,110,592 | ---- | C] ()

DVD43.dll -> C:\Windows\System32\DVD43.dll -> [2011/01/30 01:27:29 | 000,611,840 | ---- | C] ()

inst.exe -> C:\Users\AMUN-RE\AppData\Roaming\inst.exe -> [2011/01/30 01:25:31 | 000,087,608 | ---- | C] ()

pcouffin.cat -> C:\Users\AMUN-RE\AppData\Roaming\pcouffin.cat -> [2011/01/30 01:25:31 | 000,007,887 | ---- | C] ()

pcouffin.inf -> C:\Users\AMUN-RE\AppData\Roaming\pcouffin.inf -> [2011/01/30 01:25:31 | 000,001,144 | ---- | C] ()

atitmpxx.dll -> C:\Windows\System32\atitmpxx.dll -> [2011/01/26 23:12:00 | 000,023,040 | ---- | C] ()

QBChanUtil_Trigger.ini -> C:\Windows\QBChanUtil_Trigger.ini -> [2011/01/20 06:25:47 | 000,000,096 | ---- | C] ()

resmon.resmoncfg -> C:\Users\AMUN-RE\AppData\Local\resmon.resmoncfg -> [2011/01/05 22:50:23 | 000,007,665 | ---- | C] ()

cmirmdrv.exe -> C:\Windows\System32\cmirmdrv.exe -> [2011/01/03 21:49:06 | 000,237,568 | ---- | C] ()

cmirmdrv.dll -> C:\Windows\System32\cmirmdrv.dll -> [2011/01/03 21:49:06 | 000,028,672 | ---- | C] ()

ImpTable.bin -> C:\Windows\ImpTable.bin -> [2011/01/03 21:49:06 | 000,001,176 | ---- | C] ()

ativpsrm.bin -> C:\Windows\ativpsrm.bin -> [2011/01/03 14:57:32 | 000,000,000 | ---- | C] ()

Registration.ini -> C:\Windows\System32\Registration.ini -> [2010/08/18 15:56:38 | 000,000,151 | ---- | C] ()

dxr.dll -> C:\Windows\System32\dxr.dll -> [2010/08/14 04:45:18 | 000,249,856 | ---- | C] ()

gdsmux.exe -> C:\Windows\System32\gdsmux.exe -> [2010/08/14 04:45:10 | 000,358,400 | ---- | C] ()

mkx.dll -> C:\Windows\System32\mkx.dll -> [2010/08/14 04:43:52 | 000,150,528 | ---- | C] ()

avi.dll -> C:\Windows\System32\avi.dll -> [2010/08/14 04:43:42 | 000,109,568 | ---- | C] ()

mp4.dll -> C:\Windows\System32\mp4.dll -> [2010/08/14 04:43:34 | 000,141,824 | ---- | C] ()

ogm.dll -> C:\Windows\System32\ogm.dll -> [2010/08/14 04:43:22 | 000,123,392 | ---- | C] ()

dsmux.exe -> C:\Windows\System32\dsmux.exe -> [2010/08/14 04:42:54 | 000,113,152 | ---- | C] ()

ts.dll -> C:\Windows\System32\ts.dll -> [2010/08/14 04:42:48 | 000,154,112 | ---- | C] ()

avs.dll -> C:\Windows\System32\avs.dll -> [2010/08/14 04:42:10 | 000,097,792 | ---- | C] ()

mkv2vfr.exe -> C:\Windows\System32\mkv2vfr.exe -> [2010/08/14 04:42:06 | 000,137,728 | ---- | C] ()

avss.dll -> C:\Windows\System32\avss.dll -> [2010/08/14 04:41:54 | 000,093,184 | ---- | C] ()

mkzlib.dll -> C:\Windows\System32\mkzlib.dll -> [2010/08/14 04:40:02 | 000,080,384 | ---- | C] ()

mkunicode.dll -> C:\Windows\System32\mkunicode.dll -> [2010/08/14 04:39:58 | 000,024,576 | ---- | C] ()

ac3config.exe -> C:\Windows\System32\ac3config.exe -> [2009/08/11 17:21:26 | 000,087,552 | ---- | C] ()

ac3filter_intl.dll -> C:\Windows\System32\ac3filter_intl.dll -> [2009/08/11 17:21:20 | 001,021,440 | ---- | C] ()

bootstat.dat -> C:\Windows\bootstat.dat -> [2009/07/14 00:57:37 | 000,067,584 | --S- | C] ()

FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2009/07/14 00:33:53 | 003,287,960 | ---- | C] ()

perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2009/07/13 22:05:48 | 000,626,040 | ---- | C] ()

perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2009/07/13 22:05:48 | 000,291,294 | ---- | C] ()

perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2009/07/13 22:05:48 | 000,107,316 | ---- | C] ()

perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2009/07/13 22:05:48 | 000,031,548 | ---- | C] ()

NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2009/07/13 22:05:05 | 000,000,741 | ---- | C] ()

dssec.dat -> C:\Windows\System32\dssec.dat -> [2009/07/13 22:04:11 | 000,215,943 | ---- | C] ()

mib.bin -> C:\Windows\mib.bin -> [2009/07/13 19:55:01 | 000,043,131 | ---- | C] ()

BthpanContextHandler.dll -> C:\Windows\System32\BthpanContextHandler.dll -> [2009/07/13 19:51:43 | 000,073,728 | ---- | C] ()

BWContextHandler.dll -> C:\Windows\System32\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()

mlang.dat -> C:\Windows\System32\mlang.dat -> [2009/06/10 17:26:10 | 000,673,088 | ---- | C] ()

spdifer_config.exe -> C:\Windows\System32\spdifer_config.exe -> [2009/05/20 08:04:42 | 000,045,568 | ---- | C] ()

mmfinfo.dll -> C:\Windows\System32\mmfinfo.dll -> [2009/01/10 18:15:44 | 000,159,744 | ---- | C] ()

qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/11/06 11:37:32 | 003,596,288 | ---- | C] ()

StarOpen.sys -> C:\Windows\System32\drivers\StarOpen.sys -> [2007/10/25 18:26:10 | 000,005,632 | ---- | C] ()

OptimFROG.dll -> C:\Windows\System32\OptimFROG.dll -> [2006/03/04 00:52:00 | 000,088,576 | ---- | C] ()

mrv8ka51.sys -> C:\Windows\System32\drivers\mrv8ka51.sys -> [2005/01/06 12:18:40 | 000,310,656 | ---- | C] ()

[File - Lop Check]

Memeo -> C:\Users\Administrator\AppData\Roaming\Memeo -> [2011/03/28 04:24:42 | 000,000,000 | ---D | M]

onOne Software -> C:\Users\Administrator\AppData\Roaming\onOne Software -> [2011/05/30 07:35:53 | 000,000,000 | ---D | M]

Seagate -> C:\Users\Administrator\AppData\Roaming\Seagate -> [2011/03/28 04:24:36 | 000,000,000 | ---D | M]

Alien Skin -> C:\Users\AMUN-RE\AppData\Roaming\Alien Skin -> [2011/05/30 08:00:51 | 000,000,000 | ---D | M]

Athentech -> C:\Users\AMUN-RE\AppData\Roaming\Athentech -> [2011/05/08 18:31:39 | 000,000,000 | ---D | M]

Auslogics -> C:\Users\AMUN-RE\AppData\Roaming\Auslogics -> [2011/05/16 13:09:04 | 000,000,000 | ---D | M]

com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Users\AMUN-RE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2011/04/23 08:32:16 | 000,000,000 | ---D | M]

dBpoweramp -> C:\Users\AMUN-RE\AppData\Roaming\dBpoweramp -> [2011/05/01 18:15:57 | 000,000,000 | ---D | M]

Dropbox -> C:\Users\AMUN-RE\AppData\Roaming\Dropbox -> [2011/06/08 05:42:52 | 000,000,000 | ---D | M]

Filter Forge 2 -> C:\Users\AMUN-RE\AppData\Roaming\Filter Forge 2 -> [2011/04/20 15:04:08 | 000,000,000 | ---D | M]

jAlbum -> C:\Users\AMUN-RE\AppData\Roaming\jAlbum -> [2011/04/21 05:50:03 | 000,000,000 | ---D | M]

Laconic Software -> C:\Users\AMUN-RE\AppData\Roaming\Laconic Software -> [2011/05/17 13:55:27 | 000,000,000 | ---D | M]

Leadertech -> C:\Users\AMUN-RE\AppData\Roaming\Leadertech -> [2011/01/12 16:07:14 | 000,000,000 | ---D | M]

Mael -> C:\Users\AMUN-RE\AppData\Roaming\Mael -> [2011/05/14 04:11:12 | 000,000,000 | ---D | M]

Memeo -> C:\Users\AMUN-RE\AppData\Roaming\Memeo -> [2011/04/21 05:50:06 | 000,000,000 | ---D | M]

Notepad++ -> C:\Users\AMUN-RE\AppData\Roaming\Notepad++ -> [2011/02/02 08:55:28 | 000,000,000 | ---D | M]

onOne Software -> C:\Users\AMUN-RE\AppData\Roaming\onOne Software -> [2011/05/31 16:05:47 | 000,000,000 | ---D | M]

Publish Providers -> C:\Users\AMUN-RE\AppData\Roaming\Publish Providers -> [2011/04/21 07:27:53 | 000,000,000 | ---D | M]

Research In Motion -> C:\Users\AMUN-RE\AppData\Roaming\Research In Motion -> [2011/04/26 02:01:19 | 000,000,000 | ---D | M]

Samsung -> C:\Users\AMUN-RE\AppData\Roaming\Samsung -> [2011/04/03 12:45:38 | 000,000,000 | ---D | M]

Seagate -> C:\Users\AMUN-RE\AppData\Roaming\Seagate -> [2011/01/12 16:25:56 | 000,000,000 | ---D | M]

Simple Star -> C:\Users\AMUN-RE\AppData\Roaming\Simple Star -> [2011/01/23 00:09:12 | 000,000,000 | ---D | M]

Smith Micro -> C:\Users\AMUN-RE\AppData\Roaming\Smith Micro -> [2011/04/21 05:57:32 | 000,000,000 | ---D | M]

Sony -> C:\Users\AMUN-RE\AppData\Roaming\Sony -> [2011/04/30 14:49:27 | 000,000,000 | ---D | M]

Steinberg -> C:\Users\AMUN-RE\AppData\Roaming\Steinberg -> [2011/02/23 04:54:29 | 000,000,000 | ---D | M]

TagScanner -> C:\Users\AMUN-RE\AppData\Roaming\TagScanner -> [2011/04/21 05:57:32 | 000,000,000 | ---D | M]

uTorrent -> C:\Users\AMUN-RE\AppData\Roaming\uTorrent -> [2011/06/06 13:23:29 | 000,000,000 | ---D | M]

Vso -> C:\Users\AMUN-RE\AppData\Roaming\Vso -> [2011/01/30 11:37:32 | 000,000,000 | ---D | M]

onOne Software -> C:\Users\Default\AppData\Roaming\onOne Software -> [2011/05/30 07:38:36 | 000,000,000 | ---D | M]

onOne Software -> C:\Users\Default User\AppData\Roaming\onOne Software -> [2011/05/30 07:38:36 | 000,000,000 | ---D | M]

SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/04/21 04:00:55 | 000,032,586 | ---- | M] ()

[Custom Scans]

< netsvcs >

< %SYSTEMDRIVE%\*.exe >

< MD5 Scans Start>

< %systemdrive%\EXPLORER.EXE /md5 /s >

explorer.exe : MD5=0FB9C74046656D1579A64660AD67B746 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe -> [2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=15BC38A7492BEFE831966ADB477CF76F -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe -> [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=255CF508D7CFB10E0794D6AC93280BD8 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe -> [2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=2626FC9755BE22F805D3CFA0CE3EE727 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe -> [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=40D777B7A95E00593EB1568C68514493 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe -> [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=8B88EBBB05A0E56B7DCC708498C02B3E -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe -> [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=9FF6C4C91A3711C0A3B18F87B08B518D -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe -> [2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe -> [2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation)

explorer.exe : MD5=C76153C7ECA00FA852BB0C193378F917 -> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe -> [2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation)

< %systemdrive%\SVCHOST.EXE /md5 /s >

svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\System32\svchost.exe -> [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

svchost.exe : MD5=54A47F6B5E09A77E61649109C6A08866 -> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe -> [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)

< %systemdrive%\USERINIT.EXE /md5 /s >

userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\System32\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)

userinit.exe : MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe -> [2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation)

userinit.exe : MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe -> [2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)

< %systemdrive%\WINLOGON.EXE /md5 /s >

winlogon.exe : MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe -> [2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation)

winlogon.exe : MD5=3BABE6767C78FBF5FB8435FEED187F30 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe -> [2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation)

winlogon.exe : MD5=6D13E1406F50C66E2A95D97F22C47560 -> C:\Windows\System32\winlogon.exe -> [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation)

winlogon.exe : MD5=6D13E1406F50C66E2A95D97F22C47560 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe -> [2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation)

winlogon.exe : MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe -> [2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation)

< MD5 Scans End>

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\ -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE"] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/03/20 12:28:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/03/20 12:28:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL] -> [2011/05/06 02:24:39 | 000,711,672 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\ -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE ["C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE] -> [2011/05/06 02:24:35 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\ -> C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE ["C:\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE"] -> [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/03/20 12:28:26 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/03/20 12:28:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command -> ->

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Program Files\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/03/20 12:28:26 | 000,748,336 | ---- | M] (Microsoft Corporation)

[Alternate Data Streams]

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

RogueKiller V5.2.2 [06/05/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: AMUN-RE [Admin rights]

Mode: Scan -- Date : 06/08/2011 13:16:24

Bad processes: 5

[SUSP PATH] svc.exe -- c:\users\amun-re\appdata\roaming\mozilla\firefox\profiles\jatfysgo.default\extensions\[email protected]\svc.exe -> KILLED

[SUSP PATH] DropboxExt.14.dll -- C:\Users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED

[SUSP PATH] DropboxExt.14.dll -- C:\Users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED

[SUSP PATH] DropboxExt.14.dll -- C:\Users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED

[SUSP PATH] DropboxExt.14.dll -- C:\Users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED

Registry Entries: 2

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:

Finished : << RKreport[1].txt >>

RKreport[1].txt

#4
Essexboy

Posted 08 June 2011 - 03:21 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you please only use notepad for your replies - as I had to spend 20 minutes removing the extra lines. On completion could you retry a full OTL scan

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls] [Win32 Services - Safe List] YY -> (XJMHNDO) XJMHNDO [On_Demand | Stopped] -> C:\Windows\Temp\XJMHNDO.exe [Custom Items] :Files c:\users\amun-re\appdata\roaming\mozilla\firefox\profiles\jatfysgo.default\extensions\[email protected]\svc.exe :end [Empty Temp Folders] [EmptyFlash] [CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the [B]Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

#5
cradl

Posted 08 June 2011 - 03:59 PM

Member

Topic Starter
Member
279 posts

Ok done...it rebooted so I said ok.

All Processes Killed
[Win32 Services - Safe List]
Service XJMHNDO stopped successfully!
Service XJMHNDO deleted successfully!
C:\Windows\Temp\XJMHNDO.exe moved successfully.
[Custom Items]
========== FILES ==========
c:\users\amun-re\appdata\roaming\mozilla\firefox\profiles\jatfysgo.default\extensions\[email protected]\svc.exe moved successfully.
[Empty Temp Folders]

User: Administrator
->Temp folder emptied: 113326 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: AMUN-RE
->Temp folder emptied: 519965 bytes
->Temporary Internet Files folder emptied: 1591517 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 147235741 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57694 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 387455045 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 512.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: AMUN-RE
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Cannot create restore point. Unable to start RPC service!
< End of fix log >
OTS by OldTimer - Version 3.1.43.0 fix logfile created on 06082011_174835

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#6
Essexboy

Posted 09 June 2011 - 03:58 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you now try and run an OTL scan please

#7
cradl

Posted 09 June 2011 - 08:07 AM

Member

Topic Starter
Member
279 posts

OTL... OK what settings.. the same as you put last reply?

#8
Essexboy

Posted 09 June 2011 - 09:33 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes please

#9
cradl

Posted 09 June 2011 - 12:20 PM

Member

Topic Starter
Member
279 posts

OTL logfile created on: 6/9/2011 2:08:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\AMUN-RE\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.33% Memory free
5.00 Gb Paging File | 3.63 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.89 Gb Total Space | 6.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
Drive D: | 90.93 Gb Total Space | 40.18 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 976.63 Gb Free Space | 52.42% Space Free | Partition Type: NTFS

Computer Name: SIA | User Name: AMUN-RE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 21:36:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.scr
PRC - [2011/06/06 15:32:36 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 16:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/04/19 22:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/19 22:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/17 15:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/04/30 10:47:00 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe

========== Modules (SafeList) ==========

MOD - [2011/06/06 21:36:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.scr
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Firefox Service)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/26 15:46:24 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2011/04/26 13:28:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/19 22:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/03/01 12:12:00 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/03/01 12:11:56 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/01/24 14:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/03 18:50:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/17 15:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/09/13 13:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/04/30 10:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/19 22:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/19 22:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/19 21:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/08 23:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/03/01 12:12:24 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/17 15:39:58 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2010/07/29 01:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 10:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 10:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/07 04:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/08/04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/16 12:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2008/04/29 18:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/04/29 18:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/04/29 18:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/04/27 19:20:44 | 000,275,968 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2005/01/06 12:18:40 | 000,310,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrv8ka51.sys -- (W8100XP)
DRV - [2004/10/21 20:56:08 | 001,275,584 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax.sys -- (cmudax)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 14 31 14 F0 0D CC 01 [binary data]
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2790392&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/19 12:00:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 02:24:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 02:24:42 | 000,000,000 | ---D | M]

[2011/01/11 04:42:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Extensions
[2011/06/06 10:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions
[2011/05/16 18:12:11 | 000,000,000 | ---D | M] (BiosAgentPlus Plugin for Firefox and Opera) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{1B9B9C44-7E38-4680-B7F9-5482F4950E71}
[2011/06/06 10:21:28 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/04/21 05:57:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/21 05:57:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/21 05:57:31 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/06 10:21:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]
[2011/05/14 11:43:21 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]
[2011/04/21 05:57:31 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]
[2011/05/06 02:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\nostmp
[2011/06/08 17:48:37 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]
[2011/05/09 13:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/09 13:37:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/25 12:42:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\AMUN-RE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATFYSGO.DEFAULT\EXTENSIONS\[email protected]
[2011/05/06 02:24:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/25 12:42:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/06 02:24:38 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - M:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{94879b52-6987-11e0-a85c-0011d82cae57}\Shell - "" = AutoRun
O33 - MountPoints2\{94879b52-6987-11e0-a85c-0011d82cae57}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{b6d28c66-2683-11e0-baa3-0011d82cae57}\Shell - "" = AutoRun
O33 - MountPoints2\{b6d28c66-2683-11e0-baa3-0011d82cae57}\Shell\AutoRun\command - "" = J:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{b6d28c95-2683-11e0-baa3-0011d82cae57}\Shell - "" = AutoRun
O33 - MountPoints2\{b6d28c95-2683-11e0-baa3-0011d82cae57}\Shell\AutoRun\command - "" = M:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 17:48:35 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/06/08 13:23:48 | 000,645,632 | ---- | C] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTS.scr
[2011/06/08 13:16:24 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\RK_Quarantine
[2011/06/07 10:20:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/06/06 22:10:17 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/06 22:10:17 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2011/06/06 21:45:41 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\VIPRERescue9500
[2011/06/06 21:36:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.com
[2011/06/06 21:36:31 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.scr
[2011/06/06 21:18:25 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.exe
[2011/06/06 20:19:32 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\TMRBLog
[2011/06/06 20:18:57 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\log
[2011/06/06 20:18:48 | 002,486,352 | ---- | C] (Trend Micro Inc.) -- C:\Users\AMUN-RE\Desktop\RootkitBuster.exe
[2011/06/06 20:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/06/06 20:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/06 16:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/06 15:57:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/06 15:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/06/06 15:24:45 | 002,322,184 | ---- | C] (ESET) -- C:\Users\AMUN-RE\Desktop\esetsmartinstaller_enu.exe
[2011/06/06 15:21:30 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\AMUN-RE\Desktop\HJTInstall.exe
[2011/06/06 15:04:01 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Users\AMUN-RE\Desktop\spywareblastersetup44.exe
[2011/06/06 02:35:35 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Data Recovory Collections
[2011/06/06 01:29:02 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\MyFontsOrder2953938
[2011/06/06 00:46:35 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Family Guy Clips
[2011/06/05 22:34:52 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Paragon Drive Image Free Edition
[2011/06/05 22:27:30 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\gifs
[2011/06/04 23:39:10 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/04 23:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/04 23:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/04 23:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/31 12:20:14 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Fonts from myfonts.com
[2011/05/31 12:17:45 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\MyFontsOrder2954089
[2011/05/31 05:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/05/31 05:11:48 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2011/05/31 05:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla Server
[2011/05/30 16:08:07 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\MyFontsWebfontsOrderM2954089
[2011/05/30 15:07:20 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\MyFontsWebfontsOrderM2953938
[2011/05/30 07:24:23 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2011/05/30 07:22:54 | 000,066,560 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
[2011/05/30 07:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
[2011/05/27 13:34:01 | 000,000,000 | ---D | C] -- C:\androidsdk
[2011/05/27 01:51:53 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\TOP 25 - 07-05-11
[2011/05/27 01:44:12 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\supersized2
[2011/05/27 00:16:42 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\jQuery Background
[2011/05/26 01:11:45 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Alien Skin
[2011/05/26 00:35:43 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Local\Alien Skin
[2011/05/25 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 17:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/25 05:00:00 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Adobe Application Manager 2.0
[2011/05/25 00:21:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/24 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2011/05/24 20:03:43 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\SecurityScans
[2011/05/24 07:45:59 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Fonts
[2011/05/23 19:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/23 19:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/05/23 19:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/05/22 00:40:22 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\RStudio 5.4 Corp
[2011/05/20 12:37:05 | 072,762,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd ) -- C:\Users\AMUN-RE\Desktop\TB2.5_SETUP_Professional.exe
[2011/05/20 12:27:20 | 049,585,120 | ---- | C] (EASEUS ) -- C:\Users\AMUN-RE\Desktop\epmpro_linux.exe
[2011/05/20 02:52:30 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Documents\Roxio Projects
[2011/05/20 01:07:52 | 000,000,000 | R--D | C] -- C:\Users\AMUN-RE\Dropbox
[2011/05/20 00:57:22 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/05/19 22:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Alien Skin
[2011/05/19 22:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin
[2011/05/19 03:36:21 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Ken Burns Slideshow
[2011/05/17 13:55:27 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Laconic Software
[2011/05/16 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Local\eSupport.com
[2011/05/16 14:17:42 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\Windows 7 Useful Programs
[2011/05/16 13:27:21 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/15 18:33:24 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Local\Broadcom
[2011/05/15 18:33:24 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Documents\Bluetooth Exchange Folder
[2011/05/15 18:30:24 | 000,020,008 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\btwcoins.dll
[2011/05/15 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/05/15 16:29:26 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2011/05/15 15:17:58 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\New folder (5)
[2011/05/14 04:11:12 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\AppData\Roaming\Mael
[2011/05/14 03:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2011/05/14 03:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\HxD
[2011/05/13 14:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2011/05/12 13:27:15 | 000,000,000 | ---D | C] -- C:\Users\AMUN-RE\Desktop\srobbin-jquery-backstretch-d528a4a
[2011/05/10 23:06:19 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/10 17:52:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/10 17:52:51 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/10 17:52:48 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/10 17:52:47 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/01/30 01:25:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AMUN-RE\AppData\Roaming\pcouffin.sys
[2011/01/04 10:59:33 | 001,451,360 | ---- | C] (Adobe Systems, Incorporated) -- C:\ProgramData\adobetmp000823803
[2008/08/14 09:14:14 | 000,083,336 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\adobetmp000523924

========== Files - Modified Within 30 Days ==========

[2011/06/09 14:10:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000UA.job
[2011/06/09 13:57:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 03:10:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000Core.job
[2011/06/09 01:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 18:00:23 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 18:00:23 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/08 17:50:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/08 17:50:21 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 17:41:38 | 003,082,481 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\sucking-air-cat.flv
[2011/06/08 17:36:39 | 003,970,808 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\peter_griffin.swf
[2011/06/08 17:36:27 | 003,969,489 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\stewie_vulger_soundboard.swf
[2011/06/08 17:30:20 | 004,391,825 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\I_m so horny,, (Family Guy Edition).flv
[2011/06/08 17:25:51 | 000,072,414 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\tumblr_llxq1i0k4K1qkefm0o1_250.gif
[2011/06/08 15:45:36 | 000,039,686 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\New.gif
[2011/06/08 14:41:29 | 000,019,955 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\bacon.jpg
[2011/06/08 14:41:14 | 000,021,752 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\oie_420254YOLRG12I.gif
[2011/06/08 13:23:49 | 000,645,632 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTS.scr
[2011/06/08 13:11:09 | 000,511,488 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\RogueKiller.exe
[2011/06/08 02:13:38 | 000,415,191 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\test side green.png
[2011/06/08 02:13:09 | 000,367,214 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\test side red.png
[2011/06/08 02:12:27 | 000,397,201 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\test side.png
[2011/06/08 02:10:39 | 000,310,266 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\test1side.png
[2011/06/08 00:47:16 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/08 00:47:16 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/06 22:10:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2011/06/06 21:44:11 | 091,152,384 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\VIPRERescue9500.exe
[2011/06/06 21:36:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.com
[2011/06/06 21:36:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.scr
[2011/06/06 21:18:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\AMUN-RE\Desktop\OTL.exe
[2011/06/06 21:13:06 | 058,064,040 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\setup_av_free.exe
[2011/06/06 20:16:39 | 001,113,789 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\RootkitBuster_3.60.1016.zip
[2011/06/06 15:32:36 | 000,002,039 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\HijackThis.lnk
[2011/06/06 15:24:51 | 002,322,184 | ---- | M] (ESET) -- C:\Users\AMUN-RE\Desktop\esetsmartinstaller_enu.exe
[2011/06/06 15:21:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\AMUN-RE\Desktop\HJTInstall.exe
[2011/06/06 15:16:48 | 000,879,092 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\SecurityCheck.exe
[2011/06/06 15:04:34 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Users\AMUN-RE\Desktop\spywareblastersetup44.exe
[2011/06/06 03:59:15 | 000,098,406 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\eminemdetox.jpg
[2011/05/31 23:06:10 | 000,019,832 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\Code Pro Demo.otf
[2011/05/31 23:05:58 | 000,018,840 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\Code Pro Light Demo.otf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/24 20:45:06 | 000,000,327 | ---- | M] () -- C:\Windows\System\cmicnfg.ini
[2011/05/24 20:10:58 | 001,625,600 | ---- | M] () -- C:\Users\AMUN-RE\Desktop\MBSASetup-x86-EN.msi
[2011/05/24 19:42:37 | 000,007,665 | ---- | M] () -- C:\Users\AMUN-RE\AppData\Local\resmon.resmoncfg
[2011/05/17 10:17:00 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
[2011/05/17 10:13:20 | 000,227,840 | ---- | M] (Iterated Systems, Inc.) -- C:\Windows\System32\Deco_32.dll
[2011/05/17 06:07:10 | 003,287,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/16 18:36:54 | 000,208,735 | ---- | M] () -- C:\Users\AMUN-RE\Documents\applicationforregistration.pdf
[2011/05/16 13:27:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/15 18:30:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Bluetooth Problem Report.lnk
[2011/05/15 18:24:24 | 000,020,008 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\btwcoins.dll
[2011/05/13 14:02:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/05/13 14:02:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/05/13 14:01:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/05/13 14:01:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/13 14:00:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/05/13 14:00:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf

========== Files Created - No Company Name ==========

[2011/06/08 17:41:32 | 003,082,481 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\sucking-air-cat.flv
[2011/06/08 17:36:29 | 003,970,808 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\peter_griffin.swf
[2011/06/08 17:36:15 | 003,969,489 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\stewie_vulger_soundboard.swf
[2011/06/08 17:29:57 | 004,391,825 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\I_m so horny,, (Family Guy Edition).flv
[2011/06/08 17:25:50 | 000,072,414 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\tumblr_llxq1i0k4K1qkefm0o1_250.gif
[2011/06/08 15:45:34 | 000,039,686 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\New.gif
[2011/06/08 14:41:27 | 000,019,955 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\bacon.jpg
[2011/06/08 14:41:12 | 000,021,752 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\oie_420254YOLRG12I.gif
[2011/06/08 13:11:07 | 000,511,488 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\RogueKiller.exe
[2011/06/08 02:13:34 | 000,415,191 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\test side green.png
[2011/06/08 02:13:06 | 000,367,214 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\test side red.png
[2011/06/08 02:12:18 | 000,397,201 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\test side.png
[2011/06/08 02:10:35 | 000,310,266 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\test1side.png
[2011/06/06 22:10:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2011/06/06 21:40:12 | 091,152,384 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\VIPRERescue9500.exe
[2011/06/06 21:11:32 | 058,064,040 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\setup_av_free.exe
[2011/06/06 20:16:36 | 001,113,789 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\RootkitBuster_3.60.1016.zip
[2011/06/06 15:32:36 | 000,002,039 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\HijackThis.lnk
[2011/06/06 15:16:42 | 000,879,092 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\SecurityCheck.exe
[2011/06/06 03:59:11 | 000,098,406 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\eminemdetox.jpg
[2011/06/06 01:29:34 | 000,019,832 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\Code Pro Demo.otf
[2011/06/06 01:29:34 | 000,018,840 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\Code Pro Light Demo.otf
[2011/05/24 20:13:08 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
[2011/05/24 20:10:58 | 001,625,600 | ---- | C] () -- C:\Users\AMUN-RE\Desktop\MBSASetup-x86-EN.msi
[2011/05/16 18:36:54 | 000,208,735 | ---- | C] () -- C:\Users\AMUN-RE\Documents\applicationforregistration.pdf
[2011/05/15 18:30:56 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
[2011/05/15 18:30:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Bluetooth Problem Report.lnk
[2011/05/15 16:32:38 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011/05/13 14:02:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/05/13 14:02:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/05/13 14:01:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/05/13 14:01:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/13 14:00:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/05/13 14:00:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/05/02 18:23:43 | 000,000,337 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Local\Perfmon.PerfmonCfg
[2011/04/30 15:34:29 | 000,017,851 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/04/30 15:34:28 | 006,904,040 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/04/22 07:58:28 | 000,000,010 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/22 07:58:10 | 000,000,276 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/04/16 12:40:40 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ubl9clt.dll
[2011/04/06 07:34:12 | 000,311,295 | ---- | C] () -- C:\Windows\LOOP.exe
[2011/03/26 04:59:17 | 000,000,165 | ---- | C] () -- C:\Windows\cool.ini
[2011/03/26 04:41:52 | 016,371,712 | ---- | C] () -- C:\Windows\System32\AbsynthIAC.dll
[2011/03/26 04:41:15 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2011/03/26 04:40:16 | 000,520,267 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2011/03/23 16:50:07 | 000,493,272 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Local\rx_audio.Cache
[2011/03/23 16:49:18 | 008,902,352 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Local\rx_image32.Cache
[2011/03/17 13:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/03/06 22:47:54 | 000,004,096 | -H-- | C] () -- C:\Users\AMUN-RE\AppData\Local\keyfile3.drm
[2011/03/02 04:11:35 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/03/02 04:09:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/28 17:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/22 15:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/22 00:36:46 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011/02/22 00:36:46 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/02/22 00:36:42 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011/02/22 00:36:42 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011/02/22 00:36:16 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/22 00:35:23 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011/02/11 04:13:08 | 000,225,280 | ---- | C] () -- C:\Windows\System32\net_rim_plazmic_flint_dialog.dll
[2011/02/07 14:00:08 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011/02/07 14:00:08 | 000,925,667 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2011/02/07 14:00:08 | 000,721,798 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/07 14:00:08 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011/02/07 14:00:08 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011/02/07 14:00:08 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011/02/07 14:00:08 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011/02/07 14:00:08 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011/02/07 14:00:08 | 000,140,800 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011/02/07 14:00:08 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011/02/07 14:00:08 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011/02/07 14:00:08 | 000,065,024 | ---- | C] () -- C:\Windows\System32\FLT_ffdshow.dll
[2011/02/07 13:45:52 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/02/07 13:39:02 | 004,166,551 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011/01/30 22:32:04 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/01/30 22:32:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/01/30 01:27:29 | 000,611,840 | ---- | C] () -- C:\Windows\System32\DVD43.dll
[2011/01/30 01:25:31 | 000,087,608 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Roaming\inst.exe
[2011/01/30 01:25:31 | 000,007,887 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Roaming\pcouffin.cat
[2011/01/30 01:25:31 | 000,001,144 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Roaming\pcouffin.inf
[2011/01/26 23:12:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/01/20 06:25:47 | 000,000,096 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/05 22:50:23 | 000,007,665 | ---- | C] () -- C:\Users\AMUN-RE\AppData\Local\resmon.resmoncfg
[2011/01/03 21:49:06 | 000,237,568 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe
[2011/01/03 21:49:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll
[2011/01/03 21:49:06 | 000,001,176 | ---- | C] () -- C:\Windows\ImpTable.bin
[2011/01/03 14:57:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/18 15:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2010/08/14 04:45:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2010/08/14 04:45:10 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2010/08/14 04:43:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2010/08/14 04:43:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2010/08/14 04:43:34 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2010/08/14 04:43:22 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2010/08/14 04:42:54 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2010/08/14 04:42:48 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2010/08/14 04:42:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2010/08/14 04:42:06 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2010/08/14 04:41:54 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010/08/14 04:40:02 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2010/08/14 04:39:58 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/08/11 17:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/11 17:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\System32\ac3filter_intl.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,287,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,626,040 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,107,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/20 08:04:42 | 000,045,568 | ---- | C] () -- C:\Windows\System32\spdifer_config.exe
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/03/04 00:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\System32\OptimFROG.dll
[2005/01/06 12:18:40 | 000,310,656 | ---- | C] () -- C:\Windows\System32\drivers\mrv8ka51.sys

========== LOP Check ==========

[2011/03/28 04:24:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Memeo
[2011/05/30 07:35:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\onOne Software
[2011/03/28 04:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Seagate
[2011/05/30 08:00:51 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Alien Skin
[2011/05/08 18:31:39 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Athentech
[2011/05/16 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Auslogics
[2011/04/23 08:32:16 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/01 18:15:57 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\dBpoweramp
[2011/06/08 05:42:52 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Dropbox
[2011/04/20 15:04:08 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Filter Forge 2
[2011/04/21 05:50:03 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\jAlbum
[2011/05/17 13:55:27 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Laconic Software
[2011/01/12 16:07:14 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Leadertech
[2011/05/14 04:11:12 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Mael
[2011/04/21 05:50:06 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Memeo
[2011/02/02 08:55:28 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Notepad++
[2011/05/31 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\onOne Software
[2011/04/21 07:27:53 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Publish Providers
[2011/04/26 02:01:19 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Research In Motion
[2011/04/03 12:45:38 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Samsung
[2011/01/12 16:25:56 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Seagate
[2011/01/23 00:09:12 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Simple Star
[2011/04/21 05:57:32 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Smith Micro
[2011/04/30 14:49:27 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Sony
[2011/02/23 04:54:29 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Steinberg
[2011/04/21 05:57:32 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\TagScanner
[2011/06/06 13:23:29 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\uTorrent
[2011/01/30 11:37:32 | 000,000,000 | ---D | M] -- C:\Users\AMUN-RE\AppData\Roaming\Vso
[2011/05/30 07:38:36 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\onOne Software
[2011/05/30 07:38:36 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\onOne Software
[2011/04/21 04:00:55 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Custom Scans ==========

< [Unregister Dlls] >

< [Win32 Services - Safe List] >

< YY -> (XJMHNDO) XJMHNDO [On_Demand | Stopped] -> C:\Windows\Temp\XJMHNDO.exe >

< [Custom Items] >

< :Files >

< c:\users\amun-re\appdata\roaming\mozilla\firefox\profiles\jatfysgo.default\extensions\[email protected]\svc.exe >

< :end >

< [Empty Temp Folders] >

< [EmptyFlash] >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

OTL Extras logfile created on: 6/9/2011 2:08:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\AMUN-RE\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.33% Memory free
5.00 Gb Paging File | 3.63 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): c:\pagefile.sys 2048 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.89 Gb Total Space | 6.75 Gb Free Space | 6.83% Space Free | Partition Type: NTFS
Drive D: | 90.93 Gb Total Space | 40.18 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 976.63 Gb Free Space | 52.42% Space Free | Partition Type: NTFS

Computer Name: SIA | User Name: AMUN-RE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = jsfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02BEB9A6-6695-F451-A98A-E08B048B5687}" = ATI Problem Report Wizard
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1C284C44-B8E0-2ED3-8154-52133AAFF538}" = HydraVision
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E0CBE-4B1A-466D-91CB-E17E1BCC1A27}" = jAlbum
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23DF8A1C-046E-1018-444E-D86525EB264E}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Rocketfish USB 3.0 PCI Express Card Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{589D0376-CF0C-3096-40E4-D2A15FE7987B}" = WMV9/VC-1 Video Playback
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 5.5.2
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = Catalyst Control Center
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6E5A0256-C1BB-4A4E-99CE-B87CC4383744}" = HP Photosmart Plus B210 series Basic Device Software
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A81D3EB9-20E6-A6E3-2537-26964CE91417}" = AMD Drag and Drop Transcoding
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"{FFE07FA8-37BD-02CB-DEBF-0B64B57C20F8}" = ATI AVIVO Codecs
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.5.0
"abrMate_is1" = abrMate version 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AKAI professional VST Collection v1.0" = AKAI professional VST Collection v1.0
"Alien Skin Blow Up 2" = Alien Skin Blow Up 2
"Alien Skin Bokeh 2" = Alien Skin Bokeh 2
"Alien Skin Exposure 3" = Alien Skin Exposure 3
"Alien Skin Eye Candy 6" = Alien Skin Eye Candy 6
"Alien Skin Image Doctor 2" = Alien Skin Image Doctor 2
"Alien Skin Snap Art 2" = Alien Skin Snap Art 2
"Alien Skin Xenofex 2" = Alien Skin Xenofex 2
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cool Edit Pro v1.2a" = Cool Edit Pro v1.2a
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DreamStation DXi" = DreamStation DXi
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVD43_is1" = DVD43 v4.6.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Server" = FileZilla Server (remove only)
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Rocketfish USB 3.0 PCI Express Card Driver
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mercury 1" = Mercury 1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Native Instruments Absynth 1.3" = Native Instruments Absynth 1.3
"Native Instruments Battery v1.0" = Native Instruments Battery v1.0
"Novation Bass-Station VSTi v1.10" = Novation Bass-Station VSTi v1.10
"Perfectly Clear Plugin" = Perfectly Clear Plugin 1.5.7
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.92
"Rob Papen and LinPlug Albino v1.0" = Rob Papen and LinPlug Albino v1.0
"Roxio PhotoShow" = Roxio PhotoShow
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01
"SynthEdit" = SynthEdit
"Tag&Rename_is1" = Tag&Rename 3.5.7
"TagScanner_is1" = TagScanner 5.1.597
"Topaz InFocus" = Topaz InFocus
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz Clean 3" = Topaz Clean 3
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz Detail 2" = Topaz Detail 2
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz Simplify 3" = Topaz Simplify 3
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"uTorrent" = µTorrent
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.0.0
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#10
Essexboy

Posted 09 June 2011 - 02:53 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you now update and run Malwarebytes, posting the resultant log...

Also what are your current problems

#11
cradl

Posted 09 June 2011 - 03:01 PM

Member

Topic Starter
Member
279 posts

Ok will do, Quick run or all of C drive? Still seeing a flicker in the screen once and awhile. Running a little faster as far as opening up still a little jerky (screen and mouse wise). I don't use IE at least maybe once in a bluemoon. I saw were some file were not associated with things in the logs, that's why .txt opens in word...Would like you to look at HJT file also when done or if OTL is better, I was use to using that things still look funny. A week or two back I was milling around in file associations (open with) I noticed a [bleep] of alot of unlinked files like AI, Illustrator, but also alot of others, not sure how...what happened.

#12
Essexboy

Posted 09 June 2011 - 03:29 PM

GeekU Moderator

Retired Staff
69,964 posts

Just a quick scan on the main drive will do

After that we will look at the other problems

#13
cradl

Posted 09 June 2011 - 03:44 PM

Member

Topic Starter
Member
279 posts

nothing found...but like I said Super Anti, MB, and Microsoft, didnt find anything also before...I always was able to depend on Mbam...
Ok now what

#14
Essexboy

Posted 10 June 2011 - 02:12 AM

GeekU Moderator

Retired Staff
69,964 posts

There will be a lot of unattached associations as they are built in, in case you ever install the programme

So what are the main problems now ?

#15
cradl

Posted 10 June 2011 - 02:25 AM

Member

Topic Starter
Member
279 posts

Seems better. Most of what I'm seeing for file associations I have the program installed. Like. Txt opens with word, illustrator has no association if I go through and look there are like 50. OK what was it, were did it do, or how it got in? Dr is still slower than normal like even a week ago. Also processes or something is eating mem... idol 3-5% but system is winding?