Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Tracur.Gen

Started by B. Val , Jun 16 2011 02:29 AM

  • This topic is locked This topic is locked

#1
B. Val
Posted 16 June 2011 - 02:29 AM

B. Val

    Member

  • Member
  • PipPip
  • 41 posts
I'm not sure how this malware got on my machine, I'm very careful with virusses and malware now.

It just all of a sudden started redirecting my Google results.

I'm running Microsoft Security Essentials and it's not detecting anything. But malwarebytes is detecting a Trojan.Tracur.Gen.

OTL logfile created on: 6/16/2011 3:15:44 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = E:\Desktop Junk ( 2 )
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 8.04 Gb Available Physical Memory | 67.05% Memory free
29.98 Gb Paging File | 25.59 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): c:\pagefile.sys 18432 24576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 257.89 Gb Free Space | 27.69% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 265.71 Gb Free Space | 14.26% Space Free | Partition Type: NTFS

Computer Name: Z600 | User Name: BIG-FELLA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 03:14:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Desktop Junk ( 2 )\OTL.exe
PRC - [2011/06/16 00:17:43 | 007,603,712 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Local\SENukeX\SENuke.exe
PRC - [2011/06/16 00:17:43 | 000,110,080 | ---- | M] (Microsoft) -- C:\Users\BIG-FELLA\AppData\Local\SENukeX\SENukeRecovery.exe
PRC - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWOW64\PresentationNative_v030032.exe
PRC - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/05/27 18:46:17 | 002,712,384 | ---- | M] (Softtouch Software Design) -- E:\2 TeraByte Folder\ScrapeBox - Application\scrapebox.exe
PRC - [2011/05/11 14:12:36 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2011/04/29 08:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 05:39:10 | 003,278,232 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/02/17 13:40:10 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/11/30 12:16:10 | 011,299,328 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AMTS.exe
PRC - [2010/11/30 12:16:08 | 005,429,760 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AMEM.exe
PRC - [2010/09/20 18:55:58 | 000,094,040 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\TscHelp.exe
PRC - [2010/09/20 18:55:34 | 006,775,128 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe
PRC - [2010/09/20 18:55:32 | 004,441,944 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamRecorder.exe
PRC - [2010/08/02 23:08:20 | 000,023,040 | ---- | M] (Brian Apps Products) -- C:\Program Files (x86)\Sizer\sizer.exe
PRC - [2010/05/25 09:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/13 20:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 20:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 20:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/08 15:17:00 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\IPFax\FaxMonitor.exe
PRC - [2007/10/25 11:47:06 | 000,353,976 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files (x86)\X1\X1Systray.exe
PRC - [2007/10/10 21:16:58 | 009,677,232 | ---- | M] (Adobe Systems®, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe


========== Modules (SafeList) ==========

MOD - [2011/06/16 03:14:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Desktop Junk ( 2 )\OTL.exe
MOD - [2011/06/15 23:15:52 | 000,173,056 | ---- | M] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
MOD - [2011/06/15 22:59:17 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/04/15 07:32:06 | 000,038,304 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\idmmkb.dll
MOD - [2010/11/12 12:41:08 | 000,406,528 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AM8TrgHk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/02 23:08:18 | 000,013,312 | ---- | M] (Brian Apps Products) -- C:\Program Files (x86)\Sizer\sizer.dll
MOD - [2009/07/20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 20:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) [Auto | Running] -- C:\Windows\SysWOW64\PresentationNative_v030032.exe -- (clr_optimization_v2.0.50727_3232)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/11 14:12:36 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/05/03 17:31:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/09 19:07:10 | 000,083,456 | ---- | M] () [Disabled | Stopped] -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]\svc.exe -- (Firefox Service)
SRV - [2011/02/11 20:52:17 | 003,975,088 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/01/14 09:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/30 12:16:10 | 011,299,328 | ---- | M] (Network Automation, Inc.) [Auto | Running] -- C:\Program Files (x86)\AutoMate 8\AMTS.exe -- (AutoMate8)
SRV - [2010/08/21 14:16:42 | 001,078,952 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/07/23 13:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/28 12:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/02/11 20:52:20 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/02/11 20:52:14 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/02/11 20:52:12 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/02/11 20:52:03 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/01/12 04:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2011/01/12 04:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/01/07 02:34:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/17 11:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/05 20:45:32 | 000,015,208 | ---- | M] (deepxw) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcpz-x64d.sys -- (TCPZ) TCP Half Open Limited Patcher ( TCP-Z)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 83 42 34 D8 D2 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 52 91 2F 00 E2 B8 4B 41 86 97 D6 75 92 89 60 0C [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.73.25.214:52931

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Search-Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.http: "173.208.100.233"
FF - prefs.js..network.proxy.http_port: 13574
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/01/07 03:51:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/21 23:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/24 14:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/24 14:03:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/02/17 13:40:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 08:00:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/10 00:43:35 | 000,000,000 | ---D | M]

[2011/01/18 12:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Extensions
[2011/01/18 12:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/13 11:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions
[2011/06/13 17:14:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{220927fe-0336-4313-afbb-584997d6e20d}
[2011/01/07 02:14:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/08 03:06:02 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/15 22:39:35 | 000,000,000 | ---D | M] (Make Address Bar Font Size Bigger) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/01/16 03:38:04 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/05/12 23:27:14 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/13 16:22:51 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/23 01:18:51 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/13 19:29:07 | 000,003,361 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\searchplugins\search-results.xml
[2011/03/24 16:06:47 | 000,002,193 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\searchplugins\whois-whois.xml
[2011/05/09 22:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/13 00:46:14 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/14 10:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 20:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/17 13:40:28 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
[2011/04/29 08:00:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2011/01/07 20:42:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/05 21:12:14 | 000,000,953 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 95.169.190.220 botmasternet.com
O1 - Hosts: 95.169.190.220 www.botmasternet.com
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (a85e4e23) - {B7AE28D3-883B-8B05-74FA-9A52D019E8AC} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
O2 - BHO: (a85e4e23) - {E5549D37-6EC1-C9D5-2651-3D9EBD8CC982} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FaxMonitor] C:\Program Files (x86)\IPFax\FaxMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SEnukeX] C:\Users\BIG-FELLA\AppData\Local\SENukeX\SENuke.exe ()
O4 - HKCU..\Run: [X1FileMonitor.exe] C:\Program Files (x86)\X1\X1FileMonitor.exe ()
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\BIG-FELLA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1 System Tray.lnk = C:\Program Files (x86)\X1\X1Systray.exe (X1 Technologies, Inc.)
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1.lnk = C:\Program Files (x86)\X1\X1.exe (X1 Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/06 22:17:34 | 018,866,176 | ---- | M] () - E:\Autospin[1].avi -- [ NTFS ]
O32 - AutoRun File - [2011/04/06 22:04:01 | 010,826,391 | ---- | M] () - E:\Autospin[1].swf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 23:15:52 | 000,173,056 | ---- | C] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
[2011/06/15 23:06:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/15 17:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2011/06/14 08:13:26 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\BIG-FELLA\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 11:29:09 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
[2011/06/13 11:29:08 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PresentationNative_v030032.exe
[2011/06/12 22:52:21 | 000,000,000 | ---D | C] -- C:\My eBooks
[2011/06/12 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Launchy
[2011/06/12 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
[2011/06/12 13:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchy
[2011/06/12 13:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickOutlookToDo
[2011/06/05 16:52:49 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\New folder (3)
[2011/06/03 19:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound
[2011/06/03 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\2
[2011/06/01 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\eBook Testing
[2011/06/01 06:53:52 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\ebook compile
[2011/06/01 06:52:30 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\brian_ebook1
[2011/05/31 18:49:13 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\keywords
[2011/05/28 11:45:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\zvprt50
[2011/05/28 11:45:45 | 000,022,528 | ---- | C] (ZAN) -- C:\Windows\SysNative\zvprtmon5.dll
[2011/05/28 11:45:45 | 000,016,384 | ---- | C] (ZAN) -- C:\Windows\SysNative\zvprtmonui5.dll
[2011/05/28 11:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\zvprt50
[2011/05/28 11:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IPFax
[2011/05/28 11:44:36 | 012,198,520 | ---- | C] (Acresso Software Inc.) -- C:\Users\BIG-FELLA\Desktop\IPFax14b1.exe
[2011/05/27 00:24:21 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Local\JonathanLeger.com
[2011/05/27 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\JonathanLeger.com
[2011/05/27 00:23:37 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
[2011/05/27 00:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
[2011/05/27 00:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TheBestSpinner3
[2011/05/26 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\1
[2011/05/25 11:24:44 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\dvdcss
[2011/05/24 19:38:08 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\lower third
[2011/05/23 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint
[2011/05/23 03:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/22 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Test Instruction
[2011/05/22 16:17:56 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\New folder (2)
[2011/05/22 10:17:40 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\AVI Backup
[2011/05/22 03:41:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/22 03:41:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/05/21 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\instantindexer
[2011/05/21 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\TVB
[2011/05/21 07:02:46 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Videos
[2011/05/18 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Broderbund
[2011/05/18 20:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund
[2011/05/18 20:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
[2011/05/18 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broderbund
[2011/05/18 13:09:40 | 000,029,184 | ---- | C] (Arcamis Pty. Ltd.) -- C:\Users\BIG-FELLA\Desktop\yelper.exe
[2011/05/18 12:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuclear Ping Scheduler
[2011/05/18 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuclear Ping Scheduler
[2011/05/18 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe Mini Bridge CS5
[2011/05/18 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\sales page images
[2011/05/17 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Credit Score
[2011/05/17 04:13:12 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\images
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BIG-FELLA\Desktop\*.tmp files -> C:\Users\BIG-FELLA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 03:16:08 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 03:16:08 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 02:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000UA.job
[2011/06/16 02:15:05 | 000,019,456 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 00:30:14 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000Core.job
[2011/06/16 00:22:09 | 000,002,689 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\KeywordSnatcher.exe - Shortcut.lnk
[2011/06/16 00:17:47 | 000,002,029 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\SENukeX.lnk
[2011/06/15 23:16:01 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/15 23:15:52 | 000,173,056 | ---- | M] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
[2011/06/15 23:15:52 | 000,000,135 | ---- | M] () -- C:\Windows\SysWow64\579012865
[2011/06/15 23:15:39 | 005,855,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 23:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/15 23:15:14 | 1060,544,510 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 23:07:17 | 000,799,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/15 23:07:17 | 000,664,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/15 23:07:17 | 000,122,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/15 07:02:53 | 000,002,034 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\SAS7_000.DAT
[2011/06/14 10:51:03 | 000,001,252 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/06/14 08:13:30 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\BIG-FELLA\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/14 07:28:19 | 000,000,019 | ---- | M] () -- C:\ProgramData\8ad1971
[2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PresentationNative_v030032.exe
[2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
[2011/06/13 02:41:54 | 000,000,504 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\youtube.html
[2011/06/12 13:46:47 | 000,000,987 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011/06/11 13:15:03 | 000,017,772 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Nemo.jpg
[2011/06/06 19:29:32 | 000,004,757 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\juicing for analysis.csv
[2011/06/06 13:18:36 | 000,246,198 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\_error.jpg
[2011/06/06 10:29:18 | 000,852,249 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\ebook-ads.jpg
[2011/06/05 19:52:25 | 013,682,804 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\valentine-homewood-rental.pdf
[2011/06/05 13:06:48 | 000,000,132 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/05 11:04:53 | 000,002,836 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\theblackbox.rar
[2011/06/04 11:31:16 | 000,928,070 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\link-pyramid-original.psd
[2011/06/03 19:06:29 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Sonicfire Pro 5.lnk
[2011/06/03 10:50:24 | 000,198,813 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\video.png
[2011/06/03 09:25:15 | 000,140,079 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\image-placeholder.jpg
[2011/06/01 08:29:35 | 000,293,026 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic2.pdf
[2011/06/01 08:27:56 | 015,138,552 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic1.pdf
[2011/06/01 06:36:51 | 001,494,891 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\brian_ebook1.zip
[2011/06/01 00:42:50 | 022,967,529 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.psd
[2011/06/01 00:39:31 | 020,579,119 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.pdf
[2011/06/01 00:11:04 | 000,052,353 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.jpg
[2011/05/31 18:51:44 | 000,004,786 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\breville juice fountain analysis.csv
[2011/05/31 18:48:59 | 000,048,328 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\keywords.zip
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 11:51:46 | 000,023,147 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\inbox.pdf
[2011/05/28 11:45:41 | 000,000,608 | -HS- | M] () -- C:\Windows\SysNative\winzvprt5.sys
[2011/05/28 11:45:41 | 000,000,160 | ---- | M] () -- C:\Windows\SysNative\zvprt5.ini
[2011/05/28 11:44:38 | 012,198,520 | ---- | M] (Acresso Software Inc.) -- C:\Users\BIG-FELLA\Desktop\IPFax14b1.exe
[2011/05/28 07:37:34 | 002,743,265 | ---- | M] () -- C:\Users\BIG-FELLA\.websiteauditor.properties
[2011/05/28 06:36:44 | 002,118,589 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\yelper.rar
[2011/05/26 16:59:49 | 000,236,243 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\C2CApp_Legal5.pdf
[2011/05/26 14:49:15 | 000,246,240 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/26 13:49:42 | 000,001,005 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/26 13:39:20 | 000,001,994 | -H-- | M] () -- C:\Users\BIG-FELLA\Documents\Default.rdp
[2011/05/24 23:20:30 | 000,008,573 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\test-intro.camproj
[2011/05/24 19:30:06 | 000,073,150 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\green screen.psd
[2011/05/23 11:41:58 | 007,266,635 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sqlitebrowser_200_b1_win.zip
[2011/05/23 11:29:20 | 000,268,920 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\main_header.png
[2011/05/23 10:17:31 | 000,043,988 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint.zip
[2011/05/23 10:15:01 | 000,062,407 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.pdf
[2011/05/23 10:14:45 | 000,045,049 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.mmap
[2011/05/23 09:20:24 | 000,444,417 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\21-premium-buttons-with-awesome-icons.zip
[2011/05/22 18:58:10 | 003,070,806 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1a.psd
[2011/05/22 18:55:02 | 000,439,073 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1.jpg
[2011/05/22 17:38:43 | 000,000,447 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Untitled-1.html
[2011/05/22 16:49:55 | 002,355,618 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1.psd
[2011/05/22 16:28:11 | 000,300,510 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\snagit-snippet.bmp
[2011/05/22 16:14:23 | 004,848,871 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Test-Video-Book.zip
[2011/05/22 16:07:17 | 001,262,805 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\emailebook.ebk
[2011/05/22 14:59:32 | 002,227,933 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku.psd
[2011/05/22 03:06:12 | 000,772,802 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/21 14:56:36 | 000,000,542 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\push-button.xml
[2011/05/21 13:20:36 | 000,031,135 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\instantindexer.zip
[2011/05/20 19:56:06 | 000,500,195 | ---- | M] () -- C:\Users\BIG-FELLA\.spyglass.properties
[2011/05/20 14:35:31 | 000,207,703 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\2011-04-24_bill.pdf
[2011/05/19 10:14:58 | 000,000,132 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/18 13:09:49 | 000,029,184 | ---- | M] (Arcamis Pty. Ltd.) -- C:\Users\BIG-FELLA\Desktop\yelper.exe
[2011/05/18 12:48:33 | 000,001,456 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/18 12:29:33 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\Nuclear Ping Scheduler.lnk
[2011/05/18 12:19:49 | 010,999,766 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.psd
[2011/05/18 12:14:49 | 002,111,238 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\5-18-2011 12-13-14 PM.bmp
[2011/05/18 10:53:09 | 004,107,431 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.zip
[2011/05/17 14:46:55 | 005,444,608 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\q.avi
[2011/05/17 04:22:45 | 000,004,168 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\affiliate.php
[2011/05/17 04:00:29 | 000,006,542 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\page_fullwidth.php
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\BIG-FELLA\Desktop\*.tmp files -> C:\Users\BIG-FELLA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 17:13:26 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/06/13 16:29:55 | 000,000,019 | ---- | C] () -- C:\ProgramData\8ad1971
[2011/06/13 11:29:08 | 000,000,135 | ---- | C] () -- C:\Windows\SysWow64\579012865
[2011/06/13 02:41:54 | 000,000,504 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\youtube.html
[2011/06/12 13:43:52 | 000,000,987 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011/06/11 14:16:39 | 000,002,689 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\KeywordSnatcher.exe - Shortcut.lnk
[2011/06/11 13:15:03 | 000,017,772 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Nemo.jpg
[2011/06/06 19:29:32 | 000,004,757 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\juicing for analysis.csv
[2011/06/06 13:18:23 | 000,246,198 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\_error.jpg
[2011/06/06 10:20:32 | 000,852,249 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\ebook-ads.jpg
[2011/06/05 19:52:23 | 013,682,804 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\valentine-homewood-rental.pdf
[2011/06/05 11:04:53 | 000,002,836 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\theblackbox.rar
[2011/06/04 11:31:14 | 000,928,070 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\link-pyramid-original.psd
[2011/06/03 19:06:29 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Sonicfire Pro 5.lnk
[2011/06/03 10:50:17 | 000,198,813 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\video.png
[2011/06/03 09:25:04 | 000,140,079 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\image-placeholder.jpg
[2011/06/01 08:29:35 | 000,293,026 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic2.pdf
[2011/06/01 08:27:51 | 015,138,552 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic1.pdf
[2011/06/01 06:36:16 | 001,494,891 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\brian_ebook1.zip
[2011/06/01 00:42:48 | 022,967,529 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.psd
[2011/06/01 00:39:20 | 020,579,119 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.pdf
[2011/06/01 00:11:02 | 000,052,353 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.jpg
[2011/05/31 18:51:44 | 000,004,786 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\breville juice fountain analysis.csv
[2011/05/31 18:48:58 | 000,048,328 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\keywords.zip
[2011/05/30 11:42:10 | 000,859,541 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\TCP-Z-Patch.zip
[2011/05/28 11:51:46 | 000,023,147 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\inbox.pdf
[2011/05/28 11:45:41 | 000,000,608 | -HS- | C] () -- C:\Windows\SysNative\winzvprt5.sys
[2011/05/28 11:45:41 | 000,000,160 | ---- | C] () -- C:\Windows\SysNative\zvprt5.ini
[2011/05/28 06:36:16 | 002,118,589 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\yelper.rar
[2011/05/26 16:59:48 | 000,236,243 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\C2CApp_Legal5.pdf
[2011/05/24 23:20:29 | 000,008,573 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\test-intro.camproj
[2011/05/24 19:30:05 | 000,073,150 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\green screen.psd
[2011/05/23 11:41:56 | 007,266,635 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sqlitebrowser_200_b1_win.zip
[2011/05/23 11:29:12 | 000,268,920 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\main_header.png
[2011/05/23 10:17:31 | 000,043,988 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint.zip
[2011/05/23 10:14:56 | 000,062,407 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.pdf
[2011/05/23 10:14:45 | 000,045,049 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.mmap
[2011/05/23 09:20:23 | 000,444,417 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\21-premium-buttons-with-awesome-icons.zip
[2011/05/22 18:58:09 | 003,070,806 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1a.psd
[2011/05/22 18:55:01 | 000,439,073 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1.jpg
[2011/05/22 17:38:43 | 000,000,447 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Untitled-1.html
[2011/05/22 16:47:48 | 002,355,618 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1.psd
[2011/05/22 16:20:20 | 000,300,510 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\snagit-snippet.bmp
[2011/05/22 16:07:15 | 001,262,805 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\emailebook.ebk
[2011/05/22 14:58:44 | 002,227,933 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku.psd
[2011/05/21 14:56:35 | 000,000,542 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\push-button.xml
[2011/05/21 13:20:35 | 000,031,135 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\instantindexer.zip
[2011/05/20 14:29:58 | 000,207,703 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\2011-04-24_bill.pdf
[2011/05/18 12:29:33 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\Nuclear Ping Scheduler.lnk
[2011/05/18 12:19:45 | 010,999,766 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.psd
[2011/05/18 12:13:14 | 002,111,238 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\5-18-2011 12-13-14 PM.bmp
[2011/05/18 10:51:45 | 004,107,431 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.zip
[2011/05/17 14:46:39 | 005,444,608 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\q.avi
[2011/05/17 04:22:45 | 000,004,168 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\affiliate.php
[2011/05/17 04:00:29 | 000,006,542 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\page_fullwidth.php
[2011/05/11 14:04:54 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/11 10:14:17 | 000,001,456 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/09 19:43:10 | 000,000,175 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\TheBestSpinner_Export.dat
[2011/03/30 00:45:56 | 000,540,216 | ---- | C] () -- C:\Windows\SysWow64\amasrb32.dll
[2011/02/19 19:41:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/02/17 22:53:08 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/09 12:06:10 | 000,000,132 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/02/02 03:22:36 | 000,000,024 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Final Draft Tagger Preferences
[2011/01/28 17:47:38 | 000,025,004 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\QuickPreferences.xml
[2011/01/28 17:03:03 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/01/24 10:40:16 | 000,000,132 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/19 18:56:13 | 000,019,456 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 01:40:00 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/08 00:04:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/01/07 23:42:06 | 000,246,240 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/07 12:44:00 | 000,002,034 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\SAS7_000.DAT
[2011/01/07 02:48:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/07 02:23:15 | 000,772,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/08 11:47:54 | 002,143,112 | ---- | C] () -- C:\Windows\SysWow64\ambpa32.exe

========== LOP Check ==========

[2011/01/15 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\59108B17-78CB-4CA0-9273-8F2034A12930
[2011/01/08 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Acronis
[2011/01/20 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Babylon
[2011/05/18 20:47:12 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Broderbund
[2011/04/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/08 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ConceptDraw Project 6
[2011/01/07 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DAEMON Tools Lite
[2011/06/14 09:26:17 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DMCache
[2011/01/07 23:31:01 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/06/15 23:17:20 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Dropbox
[2011/06/13 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\eBookPro6
[2011/03/18 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\EurekaLog
[2011/01/15 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Extrapolator
[2011/06/13 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\FileZilla
[2011/01/28 17:03:17 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Final Draft
[2011/01/07 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\GlobalSCAPE
[2011/05/11 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\HandBrake
[2011/04/23 01:02:59 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\IDM
[2011/04/07 15:32:43 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ImTOO
[2011/01/24 09:30:01 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ImTOO Software Studio
[2011/05/27 00:24:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\JonathanLeger.com
[2011/06/12 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Launchy
[2011/01/07 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Leadertech
[2011/01/24 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Local
[2011/01/07 03:03:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/09 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\NCH Swift Sound
[2011/05/11 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Netscape
[2011/03/22 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Niche
[2011/01/07 15:29:21 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Notepad++
[2011/01/07 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Nuance
[2011/02/14 10:31:44 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\OpenOffice.org
[2011/01/08 00:04:32 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\PACE Anti-Piracy
[2011/01/19 13:02:16 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Photodex
[2011/06/12 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ScrapeBoard
[2011/03/22 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Sincell
[2011/01/08 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/28 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\StoryBoard Quick
[2011/05/18 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\TeamViewer
[2011/02/01 07:19:53 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Thinstall
[2011/02/11 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Toon Boom Animation
[2011/01/07 03:35:57 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ubot
[2011/05/17 01:18:35 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Windows Live Writer
[2011/03/13 11:06:41 | 000,000,000 | -HSD | M] -- C:\Users\BIG-FELLA\AppData\Roaming\wyUpdate AU
[2011/03/24 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Xilisoft
[2011/05/11 13:58:41 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 906 bytes -> C:\ProgramData\Microsoft:eDonaRieGv2masdDaZy7
@Alternate Data Stream - 905 bytes -> C:\Users\BIG-FELLA\AppData\Local\4Lqk3QFWjQE:Q3HAw0YZDviX3Rrv7Y2anxDwt
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 1145 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ZdImm42dTvdHOoTrG3RdIL4dc8K
@Alternate Data Stream - 1119 bytes -> C:\ProgramData\Microsoft:t4XyDzPIRSStKOodd
@Alternate Data Stream - 1091 bytes -> C:\ProgramData\Microsoft:0fMRyQxzzmKFcCHzKHFzgVDNd
@Alternate Data Stream - 1006 bytes -> C:\ProgramData\Microsoft:zM25r3uAmoa3qDJ1VvHYqMe

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 16 June 2011 - 11:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - on completion of this run could you check for redirects

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 76.73.25.214:52931
    FF - prefs.js..browser.search.defaultengine: "Search-Results"
    FF - prefs.js..browser.search.defaultenginename: "Search-Results"
    FF - prefs.js..browser.search.order.1: "Search-Results"
    FF - prefs.js..browser.search.selectedEngine: "Search-Results"
    FF - prefs.js..network.proxy.http: "173.208.100.233"
    FF - prefs.js..network.proxy.http_port: 13574
    FF - prefs.js..network.proxy.type: 0
    [2011/06/13 17:14:53 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{220927fe-0336-4313-afbb-584997d6e20d}
    O2 - BHO: (a85e4e23) - {B7AE28D3-883B-8B05-74FA-9A52D019E8AC} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
    O2 - BHO: (a85e4e23) - {E5549D37-6EC1-C9D5-2651-3D9EBD8CC982} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
    [2011/06/15 23:15:52 | 000,173,056 | ---- | C] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
    [2011/06/14 07:28:19 | 000,000,019 | ---- | M] () -- C:\ProgramData\8ad1971
    @Alternate Data Stream - 906 bytes -> C:\ProgramData\Microsoft:eDonaRieGv2masdDaZy7
    @Alternate Data Stream - 905 bytes -> C:\Users\BIG-FELLA\AppData\Local\4Lqk3QFWjQE:Q3HAw0YZDviX3Rrv7Y2anxDwt
    @Alternate Data Stream - 1145 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ZdImm42dTvdHOoTrG3RdIL4dc8K
    @Alternate Data Stream - 1119 bytes -> C:\ProgramData\Microsoft:t4XyDzPIRSStKOodd
    @Alternate Data Stream - 1091 bytes -> C:\ProgramData\Microsoft:0fMRyQxzzmKFcCHzKHFzgVDNd
    @Alternate Data Stream - 1006 bytes -> C:\ProgramData\Microsoft:zM25r3uAmoa3qDJ1VvHYqMe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download aswMBR.exe ( 567KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
B. Val
Posted 16 June 2011 - 01:09 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here you go thanks for your help


OTL logfile created on: 6/16/2011 2:03:03 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = E:\Desktop Junk ( 2 )
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.98 Gb Total Physical Memory | 9.46 Gb Available Physical Memory | 78.95% Memory free
29.98 Gb Paging File | 27.40 Gb Available in Paging File | 91.39% Paging File free
Paging file location(s): c:\pagefile.sys 18432 24576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 252.81 Gb Free Space | 27.14% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 296.34 Gb Free Space | 15.91% Space Free | Partition Type: NTFS

Computer Name: Z600 | User Name: BIG-FELLA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 03:14:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Desktop Junk ( 2 )\OTL.exe
PRC - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWOW64\PresentationNative_v030032.exe
PRC - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\BIG-FELLA\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/11 14:12:36 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2011/03/03 05:39:10 | 003,278,232 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/02/17 13:40:10 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/12/17 20:16:02 | 001,519,616 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2010/11/30 12:16:10 | 011,299,328 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AMTS.exe
PRC - [2010/11/30 12:16:08 | 005,429,760 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AMEM.exe
PRC - [2010/11/10 19:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/05/25 09:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/08 15:17:00 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\IPFax\FaxMonitor.exe
PRC - [2007/10/25 11:47:08 | 004,766,392 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files (x86)\X1\X1.exe
PRC - [2007/10/25 11:47:06 | 000,353,976 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files (x86)\X1\X1Systray.exe
PRC - [2007/10/25 11:47:04 | 002,092,728 | ---- | M] (X1 Technologies, Inc.) -- C:\Program Files (x86)\X1\X1Service.exe
PRC - [2007/10/25 11:47:04 | 000,369,336 | ---- | M] () -- C:\Program Files (x86)\X1\X1FileMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011/06/16 13:57:38 | 000,173,056 | ---- | M] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
MOD - [2011/06/16 03:14:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\Desktop Junk ( 2 )\OTL.exe
MOD - [2011/06/15 22:59:17 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011/04/15 07:32:06 | 000,038,304 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\idmmkb.dll
MOD - [2010/11/12 12:41:08 | 000,406,528 | ---- | M] (Network Automation, Inc.) -- C:\Program Files (x86)\AutoMate 8\AM8TrgHk.dll
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) [Auto | Running] -- C:\Windows\SysWOW64\PresentationNative_v030032.exe -- (clr_optimization_v2.0.50727_3232)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/11 14:12:36 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/05/03 17:31:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/09 19:07:10 | 000,083,456 | ---- | M] () [Disabled | Stopped] -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]\svc.exe -- (Firefox Service)
SRV - [2011/02/11 20:52:17 | 003,975,088 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/01/14 09:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [Disabled | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/30 12:16:10 | 011,299,328 | ---- | M] (Network Automation, Inc.) [Auto | Running] -- C:\Program Files (x86)\AutoMate 8\AMTS.exe -- (AutoMate8)
SRV - [2010/08/21 14:16:42 | 001,078,952 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/07/23 13:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/28 12:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/02/11 20:52:20 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/02/11 20:52:14 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/02/11 20:52:12 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/02/11 20:52:03 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/01/12 04:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2011/01/12 04:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/01/07 02:34:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 11:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/17 11:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/05 20:45:32 | 000,015,208 | ---- | M] (deepxw) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcpz-x64d.sys -- (TCPZ) TCP Half Open Limited Patcher ( TCP-Z)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 83 42 34 D8 D2 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 52 91 2F 00 E2 B8 4B 41 86 97 D6 75 92 89 60 0C [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:7.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/01/07 03:51:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/01/21 23:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/24 14:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/24 14:03:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/02/17 13:40:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/29 08:00:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/10 00:43:35 | 000,000,000 | ---D | M]

[2011/01/18 12:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Extensions
[2011/01/18 12:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/06/16 13:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions
[2011/01/07 02:14:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/08 03:06:02 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/15 22:39:35 | 000,000,000 | ---D | M] (Make Address Bar Font Size Bigger) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/01/16 03:38:04 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/05/12 23:27:14 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/13 16:22:51 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/23 01:18:51 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]
[2011/03/13 19:29:07 | 000,003,361 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\searchplugins\search-results.xml
[2011/03/24 16:06:47 | 000,002,193 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\searchplugins\whois-whois.xml
[2011/05/09 22:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/13 00:46:14 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/02/14 10:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 20:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/17 13:40:28 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES (X86)\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
File not found (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{220927FE-0336-4313-AFBB-584997D6E20D}
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\BIG-FELLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\157E1NB7.DEFAULT\EXTENSIONS\[email protected]
[2011/04/29 08:00:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/03/27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
[2011/01/07 20:42:07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/16 13:55:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (a85e4e23) - {811CD097-AAE6-1371-BBCB-7517C3B4F13D} - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [FaxMonitor] C:\Program Files (x86)\IPFax\FaxMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SEnukeX] C:\Users\BIG-FELLA\AppData\Local\SENukeX\SENuke.exe ()
O4 - HKCU..\Run: [X1FileMonitor.exe] C:\Program Files (x86)\X1\X1FileMonitor.exe ()
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\BIG-FELLA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1 System Tray.lnk = C:\Program Files (x86)\X1\X1Systray.exe (X1 Technologies, Inc.)
O4 - Startup: C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1.lnk = C:\Program Files (x86)\X1\X1.exe (X1 Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8:64bit: - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O8 - Extra context menu item: RoboForm Options - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra 'Tools' menuitem : RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html ()
O9 - Extra Button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra 'Tools' menuitem : RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll (Malwarebytes Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/06 22:17:34 | 018,866,176 | ---- | M] () - E:\Autospin[1].avi -- [ NTFS ]
O32 - AutoRun File - [2011/04/06 22:04:01 | 010,826,391 | ---- | M] () - E:\Autospin[1].swf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 13:57:38 | 000,173,056 | ---- | C] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
[2011/06/15 23:06:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/15 17:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2011/06/14 08:13:26 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\BIG-FELLA\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 11:29:09 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
[2011/06/13 11:29:08 | 000,788,992 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PresentationNative_v030032.exe
[2011/06/12 22:52:21 | 000,000,000 | ---D | C] -- C:\My eBooks
[2011/06/12 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Launchy
[2011/06/12 13:43:52 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
[2011/06/12 13:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launchy
[2011/06/12 13:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickOutlookToDo
[2011/06/05 16:52:49 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\New folder (3)
[2011/06/03 19:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound
[2011/06/03 10:20:07 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\2
[2011/06/01 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\eBook Testing
[2011/06/01 06:53:52 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\ebook compile
[2011/06/01 06:52:30 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\brian_ebook1
[2011/05/31 18:49:13 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\keywords
[2011/05/28 11:45:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\zvprt50
[2011/05/28 11:45:45 | 000,022,528 | ---- | C] (ZAN) -- C:\Windows\SysNative\zvprtmon5.dll
[2011/05/28 11:45:45 | 000,016,384 | ---- | C] (ZAN) -- C:\Windows\SysNative\zvprtmonui5.dll
[2011/05/28 11:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\zvprt50
[2011/05/28 11:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IPFax
[2011/05/28 11:44:36 | 012,198,520 | ---- | C] (Acresso Software Inc.) -- C:\Users\BIG-FELLA\Desktop\IPFax14b1.exe
[2011/05/27 00:24:21 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Local\JonathanLeger.com
[2011/05/27 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\JonathanLeger.com
[2011/05/27 00:23:37 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
[2011/05/27 00:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBestSpinner3
[2011/05/27 00:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TheBestSpinner3
[2011/05/26 14:38:01 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\1
[2011/05/25 11:24:44 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\dvdcss
[2011/05/24 19:38:08 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\lower third
[2011/05/23 10:18:40 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint
[2011/05/23 03:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/22 16:17:59 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Test Instruction
[2011/05/22 16:17:56 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\New folder (2)
[2011/05/22 10:17:40 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\AVI Backup
[2011/05/22 03:41:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/05/22 03:41:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/05/21 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\instantindexer
[2011/05/21 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\TVB
[2011/05/21 07:02:46 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Videos
[2011/05/18 20:47:12 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Broderbund
[2011/05/18 20:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Broderbund
[2011/05/18 20:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund
[2011/05/18 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Broderbund
[2011/05/18 13:09:40 | 000,029,184 | ---- | C] (Arcamis Pty. Ltd.) -- C:\Users\BIG-FELLA\Desktop\yelper.exe
[2011/05/18 12:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuclear Ping Scheduler
[2011/05/18 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuclear Ping Scheduler
[2011/05/18 10:29:20 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe Mini Bridge CS5
[2011/05/18 10:19:17 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\sales page images
[2011/05/17 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\BIG-FELLA\Desktop\Credit Score
[1 C:\Users\BIG-FELLA\Desktop\*.tmp files -> C:\Users\BIG-FELLA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 13:57:38 | 000,173,056 | ---- | M] (Malwarebytes Corporation) -- C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll
[2011/06/16 13:57:38 | 000,000,135 | ---- | M] () -- C:\Windows\SysWow64\579012865
[2011/06/16 13:57:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/16 13:57:28 | 1060,544,510 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 13:56:28 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 13:56:27 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 13:55:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/16 13:20:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000UA.job
[2011/06/16 12:12:18 | 000,019,456 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 08:52:23 | 000,001,252 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/06/16 08:44:18 | 000,002,029 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\SENukeX.lnk
[2011/06/16 08:39:33 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/06/16 00:30:14 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000Core.job
[2011/06/16 00:22:09 | 000,002,689 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\KeywordSnatcher.exe - Shortcut.lnk
[2011/06/15 23:15:39 | 005,855,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 23:07:17 | 000,799,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/15 23:07:17 | 000,664,638 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/15 23:07:17 | 000,122,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/15 07:02:53 | 000,002,034 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\SAS7_000.DAT
[2011/06/14 08:13:30 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\BIG-FELLA\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PresentationNative_v030032.exe
[2011/06/13 11:29:08 | 000,788,992 | ---- | M] (Dmitry Streblechenko) -- C:\ProgramData\icm3232.exe
[2011/06/13 02:41:54 | 000,000,504 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\youtube.html
[2011/06/12 13:46:47 | 000,000,987 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011/06/11 13:15:03 | 000,017,772 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Nemo.jpg
[2011/06/06 19:29:32 | 000,004,757 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\juicing for analysis.csv
[2011/06/06 13:18:36 | 000,246,198 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\_error.jpg
[2011/06/06 10:29:18 | 000,852,249 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\ebook-ads.jpg
[2011/06/05 19:52:25 | 013,682,804 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\valentine-homewood-rental.pdf
[2011/06/05 13:06:48 | 000,000,132 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/05 11:04:53 | 000,002,836 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\theblackbox.rar
[2011/06/04 11:31:16 | 000,928,070 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\link-pyramid-original.psd
[2011/06/03 19:06:29 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Sonicfire Pro 5.lnk
[2011/06/03 10:50:24 | 000,198,813 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\video.png
[2011/06/03 09:25:15 | 000,140,079 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\image-placeholder.jpg
[2011/06/01 08:29:35 | 000,293,026 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic2.pdf
[2011/06/01 08:27:56 | 015,138,552 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic1.pdf
[2011/06/01 06:36:51 | 001,494,891 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\brian_ebook1.zip
[2011/06/01 00:42:50 | 022,967,529 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.psd
[2011/06/01 00:39:31 | 020,579,119 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.pdf
[2011/06/01 00:11:04 | 000,052,353 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\picnic.jpg
[2011/05/31 18:51:44 | 000,004,786 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\breville juice fountain analysis.csv
[2011/05/31 18:48:59 | 000,048,328 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\keywords.zip
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/28 11:51:46 | 000,023,147 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\inbox.pdf
[2011/05/28 11:45:41 | 000,000,608 | -HS- | M] () -- C:\Windows\SysNative\winzvprt5.sys
[2011/05/28 11:45:41 | 000,000,160 | ---- | M] () -- C:\Windows\SysNative\zvprt5.ini
[2011/05/28 11:44:38 | 012,198,520 | ---- | M] (Acresso Software Inc.) -- C:\Users\BIG-FELLA\Desktop\IPFax14b1.exe
[2011/05/28 07:37:34 | 002,743,265 | ---- | M] () -- C:\Users\BIG-FELLA\.websiteauditor.properties
[2011/05/28 06:36:44 | 002,118,589 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\yelper.rar
[2011/05/26 16:59:49 | 000,236,243 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\C2CApp_Legal5.pdf
[2011/05/26 14:49:15 | 000,246,240 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/26 13:49:42 | 000,001,005 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/26 13:39:20 | 000,001,994 | -H-- | M] () -- C:\Users\BIG-FELLA\Documents\Default.rdp
[2011/05/24 23:20:30 | 000,008,573 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\test-intro.camproj
[2011/05/24 19:30:06 | 000,073,150 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\green screen.psd
[2011/05/23 11:41:58 | 007,266,635 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sqlitebrowser_200_b1_win.zip
[2011/05/23 11:29:20 | 000,268,920 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\main_header.png
[2011/05/23 10:17:31 | 000,043,988 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint.zip
[2011/05/23 10:15:01 | 000,062,407 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.pdf
[2011/05/23 10:14:45 | 000,045,049 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.mmap
[2011/05/23 09:20:24 | 000,444,417 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\21-premium-buttons-with-awesome-icons.zip
[2011/05/22 18:58:10 | 003,070,806 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1a.psd
[2011/05/22 18:55:02 | 000,439,073 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1.jpg
[2011/05/22 17:38:43 | 000,000,447 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Untitled-1.html
[2011/05/22 16:49:55 | 002,355,618 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku1.psd
[2011/05/22 16:28:11 | 000,300,510 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\snagit-snippet.bmp
[2011/05/22 16:14:23 | 004,848,871 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\Test-Video-Book.zip
[2011/05/22 16:07:17 | 001,262,805 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\emailebook.ebk
[2011/05/22 14:59:32 | 002,227,933 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\thanku.psd
[2011/05/22 03:06:12 | 000,772,802 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/21 14:56:36 | 000,000,542 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\push-button.xml
[2011/05/21 13:20:36 | 000,031,135 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\instantindexer.zip
[2011/05/20 19:56:06 | 000,500,195 | ---- | M] () -- C:\Users\BIG-FELLA\.spyglass.properties
[2011/05/20 14:35:31 | 000,207,703 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\2011-04-24_bill.pdf
[2011/05/19 10:14:58 | 000,000,132 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/18 13:09:49 | 000,029,184 | ---- | M] (Arcamis Pty. Ltd.) -- C:\Users\BIG-FELLA\Desktop\yelper.exe
[2011/05/18 12:48:33 | 000,001,456 | ---- | M] () -- C:\Users\BIG-FELLA\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/18 12:29:33 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\Nuclear Ping Scheduler.lnk
[2011/05/18 12:19:49 | 010,999,766 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.psd
[2011/05/18 12:14:49 | 002,111,238 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\5-18-2011 12-13-14 PM.bmp
[2011/05/18 10:53:09 | 004,107,431 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.zip
[2011/05/17 14:46:55 | 005,444,608 | ---- | M] () -- C:\Users\BIG-FELLA\Desktop\q.avi
[1 C:\Users\BIG-FELLA\Desktop\*.tmp files -> C:\Users\BIG-FELLA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 17:13:26 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/06/13 11:29:08 | 000,000,135 | ---- | C] () -- C:\Windows\SysWow64\579012865
[2011/06/13 02:41:54 | 000,000,504 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\youtube.html
[2011/06/12 13:43:52 | 000,000,987 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2011/06/11 14:16:39 | 000,002,689 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\KeywordSnatcher.exe - Shortcut.lnk
[2011/06/11 13:15:03 | 000,017,772 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Nemo.jpg
[2011/06/06 19:29:32 | 000,004,757 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\juicing for analysis.csv
[2011/06/06 13:18:23 | 000,246,198 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\_error.jpg
[2011/06/06 10:20:32 | 000,852,249 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\ebook-ads.jpg
[2011/06/05 19:52:23 | 013,682,804 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\valentine-homewood-rental.pdf
[2011/06/05 11:04:53 | 000,002,836 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\theblackbox.rar
[2011/06/04 11:31:14 | 000,928,070 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\link-pyramid-original.psd
[2011/06/03 19:06:29 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Sonicfire Pro 5.lnk
[2011/06/03 10:50:17 | 000,198,813 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\video.png
[2011/06/03 09:25:04 | 000,140,079 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\image-placeholder.jpg
[2011/06/01 08:29:35 | 000,293,026 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic2.pdf
[2011/06/01 08:27:51 | 015,138,552 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic1.pdf
[2011/06/01 06:36:16 | 001,494,891 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\brian_ebook1.zip
[2011/06/01 00:42:48 | 022,967,529 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.psd
[2011/06/01 00:39:20 | 020,579,119 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.pdf
[2011/06/01 00:11:02 | 000,052,353 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\picnic.jpg
[2011/05/31 18:51:44 | 000,004,786 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\breville juice fountain analysis.csv
[2011/05/31 18:48:58 | 000,048,328 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\keywords.zip
[2011/05/30 11:42:10 | 000,859,541 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\TCP-Z-Patch.zip
[2011/05/28 11:51:46 | 000,023,147 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\inbox.pdf
[2011/05/28 11:45:41 | 000,000,608 | -HS- | C] () -- C:\Windows\SysNative\winzvprt5.sys
[2011/05/28 11:45:41 | 000,000,160 | ---- | C] () -- C:\Windows\SysNative\zvprt5.ini
[2011/05/28 06:36:16 | 002,118,589 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\yelper.rar
[2011/05/26 16:59:48 | 000,236,243 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\C2CApp_Legal5.pdf
[2011/05/24 23:20:29 | 000,008,573 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\test-intro.camproj
[2011/05/24 19:30:05 | 000,073,150 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\green screen.psd
[2011/05/23 11:41:56 | 007,266,635 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sqlitebrowser_200_b1_win.zip
[2011/05/23 11:29:12 | 000,268,920 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\main_header.png
[2011/05/23 10:17:31 | 000,043,988 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\PushButtonBacklinksBlueprint.zip
[2011/05/23 10:14:56 | 000,062,407 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.pdf
[2011/05/23 10:14:45 | 000,045,049 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Push Button Backlinks Blueprint.mmap
[2011/05/23 09:20:23 | 000,444,417 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\21-premium-buttons-with-awesome-icons.zip
[2011/05/22 18:58:09 | 003,070,806 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1a.psd
[2011/05/22 18:55:01 | 000,439,073 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1.jpg
[2011/05/22 17:38:43 | 000,000,447 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\Untitled-1.html
[2011/05/22 16:47:48 | 002,355,618 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku1.psd
[2011/05/22 16:20:20 | 000,300,510 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\snagit-snippet.bmp
[2011/05/22 16:07:15 | 001,262,805 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\emailebook.ebk
[2011/05/22 14:58:44 | 002,227,933 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\thanku.psd
[2011/05/21 14:56:35 | 000,000,542 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\push-button.xml
[2011/05/21 13:20:35 | 000,031,135 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\instantindexer.zip
[2011/05/20 14:29:58 | 000,207,703 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\2011-04-24_bill.pdf
[2011/05/18 12:29:33 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\Nuclear Ping Scheduler.lnk
[2011/05/18 12:19:45 | 010,999,766 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.psd
[2011/05/18 12:13:14 | 002,111,238 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\5-18-2011 12-13-14 PM.bmp
[2011/05/18 10:51:45 | 004,107,431 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\sales_HTML.zip
[2011/05/17 14:46:39 | 005,444,608 | ---- | C] () -- C:\Users\BIG-FELLA\Desktop\q.avi
[2011/05/11 14:04:54 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/05/11 10:14:17 | 000,001,456 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/09 19:43:10 | 000,000,175 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\TheBestSpinner_Export.dat
[2011/03/30 00:45:56 | 000,540,216 | ---- | C] () -- C:\Windows\SysWow64\amasrb32.dll
[2011/02/19 19:41:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/02/17 22:53:08 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/09 12:06:10 | 000,000,132 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/02/02 03:22:36 | 000,000,024 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Final Draft Tagger Preferences
[2011/01/28 17:47:38 | 000,025,004 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\QuickPreferences.xml
[2011/01/28 17:03:03 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/01/24 10:40:16 | 000,000,132 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/19 18:56:13 | 000,019,456 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 01:40:00 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/08 00:04:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/01/07 23:42:06 | 000,246,240 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/07 12:44:00 | 000,002,034 | ---- | C] () -- C:\Users\BIG-FELLA\AppData\Roaming\SAS7_000.DAT
[2011/01/07 02:48:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/07 02:23:15 | 000,772,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/08 11:47:54 | 002,143,112 | ---- | C] () -- C:\Windows\SysWow64\ambpa32.exe

========== LOP Check ==========

[2011/01/15 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\59108B17-78CB-4CA0-9273-8F2034A12930
[2011/01/08 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Acronis
[2011/01/20 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Babylon
[2011/05/18 20:47:12 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Broderbund
[2011/04/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/08 15:00:37 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ConceptDraw Project 6
[2011/01/07 02:36:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DAEMON Tools Lite
[2011/06/16 08:56:17 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DMCache
[2011/01/07 23:31:01 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\DomainSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/06/16 13:58:36 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Dropbox
[2011/06/13 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\eBookPro6
[2011/03/18 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\EurekaLog
[2011/01/15 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Extrapolator
[2011/06/13 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\FileZilla
[2011/01/28 17:03:17 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Final Draft
[2011/01/07 20:12:58 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\GlobalSCAPE
[2011/05/11 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\HandBrake
[2011/04/23 01:02:59 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\IDM
[2011/04/07 15:32:43 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ImTOO
[2011/01/24 09:30:01 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ImTOO Software Studio
[2011/05/27 00:24:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\JonathanLeger.com
[2011/06/12 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Launchy
[2011/01/07 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Leadertech
[2011/01/24 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Local
[2011/01/07 03:03:40 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/01/09 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\NCH Swift Sound
[2011/05/11 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Netscape
[2011/03/22 09:43:31 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Niche
[2011/01/07 15:29:21 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Notepad++
[2011/01/07 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Nuance
[2011/02/14 10:31:44 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\OpenOffice.org
[2011/01/08 00:04:32 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\PACE Anti-Piracy
[2011/01/19 13:02:16 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Photodex
[2011/06/12 15:56:09 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ScrapeBoard
[2011/03/22 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Sincell
[2011/01/08 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/01/28 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\StoryBoard Quick
[2011/05/18 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\TeamViewer
[2011/02/01 07:19:53 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Thinstall
[2011/02/11 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Toon Boom Animation
[2011/01/07 03:35:57 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\ubot
[2011/05/17 01:18:35 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Windows Live Writer
[2011/03/13 11:06:41 | 000,000,000 | -HSD | M] -- C:\Users\BIG-FELLA\AppData\Roaming\wyUpdate AU
[2011/03/24 15:59:02 | 000,000,000 | ---D | M] -- C:\Users\BIG-FELLA\AppData\Roaming\Xilisoft
[2011/05/11 13:58:41 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >







aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-16 14:06:56
-----------------------------
14:06:56.524 OS Version: Windows x64 6.1.7600
14:06:56.524 Number of processors: 4 586 0x2C02
14:06:56.525 ComputerName: Z600 UserName:
14:07:00.220 Initialize success
14:07:07.846 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:07:07.849 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
14:07:07.852 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:07:07.855 Disk 1 Vendor: ST320006 CC13 Size: 1907729MB BusType: 8
14:07:07.871 Disk 0 MBR read successfully
14:07:07.875 Disk 0 MBR scan
14:07:07.878 Disk 0 Windows 7 default MBR code
14:07:07.882 Service scanning
14:07:09.048 Disk 0 trace - called modules:
14:07:09.086 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
14:07:09.092 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800b42a060]
14:07:09.097 3 CLASSPNP.SYS[fffff88001a3b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ad21050]
14:07:09.103 Scan finished successfully
14:07:46.326 Disk 0 MBR has been saved successfully to "C:\Users\BIG-FELLA\Desktop\1\MBR.dat"
14:07:46.331 The log file has been saved successfully to "C:\Users\BIG-FELLA\Desktop\1\aswMBR.txt"
  • 0

#4
Essexboy
Posted 16 June 2011 - 01:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you do a few searches now in IE and Firefox. Letting me know if you are still getting redirected
  • 0

#5
B. Val
Posted 16 June 2011 - 01:30 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ok let me see...

I know I just ran Malwarebytes and is still showing 5 infected files. But let me check out the searches now.
  • 0

#6
Essexboy
Posted 16 June 2011 - 01:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log please
  • 0

#7
B. Val
Posted 16 June 2011 - 01:38 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ok my search appears to be running without any problems here's the MB log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6863

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/16/2011 2:36:59 PM
mbam-log-2011-06-16 (14-30-16).txt

Scan type: Quick scan
Objects scanned: 176417
Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{811CD097-AAE6-1371-BBCB-7517C3B4F13D} (Trojan.Tracur.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{811CD097-AAE6-1371-BBCB-7517C3B4F13D} (Trojan.Tracur.Gen) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-localregistry-l1-1-032.dll) Good: () -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken.
  • 0

#8
Essexboy
Posted 16 June 2011 - 01:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye the search redirect was a different problem to those files - OTL failed to delete them so I will need to use a stronger tool

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
B. Val
Posted 16 June 2011 - 01:45 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ok doing it now thanks
  • 0

#10
B. Val
Posted 16 June 2011 - 02:08 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix 11-06-16.01 - BIG-FELLA 06/16/2011 14:51:55.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12271.7875 [GMT -5:00]
Running from: c:\users\BIG-FELLA\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\feed.txt
c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll
c:\programdata\icm3232.exe
c:\users\BIG-FELLA\AppData\Roaming\EurekaLog
c:\users\BIG-FELLA\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\BIG-FELLA\AppData\Roaming\EurekaLog\scrapebox\BugReport__20110318214544.zip
c:\users\BIG-FELLA\AppData\Roaming\Local
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\BIG-FELLA\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\BIG-FELLA\AppData\Roaming\ubot
c:\users\BIG-FELLA\g2mdlhlpx.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 10:56 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBB92440-471C-4AF3-B369-65DD6B98F074}\mpengine.dll
2011-06-15 22:13 . 2011-06-15 22:13 -------- d-----w- c:\program files (x86)\Market Samurai
2011-06-15 14:38 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 14:38 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 14:38 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 14:37 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 14:37 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 14:37 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 14:37 . 2011-05-28 03:06 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 14:37 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 14:37 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 14:37 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 14:37 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 14:37 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 14:36 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 14:36 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-13 16:29 . 2011-06-13 16:29 788992 ----a-w- c:\windows\SysWow64\PresentationNative_v030032.exe
2011-06-13 03:52 . 2011-06-13 20:14 -------- d-----w- C:\My eBooks
2011-06-12 18:43 . 2011-06-12 18:46 -------- d-----w- c:\users\BIG-FELLA\AppData\Roaming\Launchy
2011-06-12 18:43 . 2011-06-12 18:46 -------- d-----w- c:\program files (x86)\Launchy
2011-06-12 18:32 . 2011-06-12 18:32 -------- d-----w- c:\program files (x86)\QuickOutlookToDo
2011-05-28 16:45 . 2009-04-07 13:03 16384 ------w- c:\windows\system32\zvprtmonui5.dll
2011-05-28 16:45 . 2009-04-07 13:03 22528 ------w- c:\windows\system32\zvprtmon5.dll
2011-05-28 16:45 . 2011-05-28 16:45 -------- d-----w- c:\program files\zvprt50
2011-05-28 16:45 . 2011-05-28 16:45 608 --sha-w- c:\windows\system32\winzvprt5.sys
2011-05-28 16:45 . 2011-05-28 16:46 -------- d-----w- c:\program files (x86)\IPFax
2011-05-27 05:24 . 2011-05-27 05:24 -------- d-----w- c:\users\BIG-FELLA\AppData\Local\JonathanLeger.com
2011-05-27 05:24 . 2011-05-27 05:24 -------- d-----w- c:\users\BIG-FELLA\AppData\Roaming\JonathanLeger.com
2011-05-27 05:23 . 2011-05-27 05:23 -------- d-----w- c:\program files (x86)\TheBestSpinner3
2011-05-25 16:24 . 2011-05-25 16:24 -------- d-----w- c:\users\BIG-FELLA\AppData\Roaming\dvdcss
2011-05-23 08:00 . 2011-05-23 08:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-05-22 08:41 . 2011-05-22 08:41 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-22 08:41 . 2011-05-22 08:41 -------- d-----w- c:\windows\system32\Wat
2011-05-22 08:22 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-05-22 08:22 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-05-22 08:18 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-22 08:18 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-05-22 08:00 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-05-21 10:43 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-21 10:42 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-05-21 10:38 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-21 10:38 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-21 10:38 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-21 10:38 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-20 09:20 . 2011-01-07 07:27 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A17DCFD-BA06-4221-A471-09D50F1039DF}\gapaengine.dll
2011-05-19 01:47 . 2011-05-19 01:47 -------- d-----w- c:\users\BIG-FELLA\AppData\Roaming\Broderbund
2011-05-19 01:47 . 2011-05-19 01:47 -------- d-----w- c:\programdata\Broderbund
2011-05-19 01:46 . 2011-05-19 01:46 -------- d-----w- c:\program files (x86)\Broderbund
2011-05-18 17:29 . 2011-05-18 17:29 -------- d-----w- c:\program files (x86)\Nuclear Ping Scheduler
2011-05-18 15:29 . 2011-05-18 15:29 -------- d-----w- c:\users\BIG-FELLA\AppData\Roaming\Adobe Mini Bridge CS5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 14:11 . 2011-01-16 19:40 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 14:11 . 2011-01-16 19:40 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 19:58 . 2011-01-08 06:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-26 19:58 . 2011-02-16 19:34 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-05-26 19:58 . 2011-02-16 19:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-26 19:58 . 2011-01-08 06:40 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-17 04:18 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-09 22:00 . 2011-01-08 10:38 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-13 07:47 . 2011-01-08 06:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 07:47 . 2011-01-08 06:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-12 04:13 . 2011-04-12 04:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-12 04:13 . 2011-04-12 04:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-12 04:13 . 2011-04-12 04:13 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-12 04:13 . 2011-04-12 04:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-12 04:13 . 2011-04-12 04:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-12 04:13 . 2011-04-12 04:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-12 04:13 . 2011-04-12 04:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-12 04:13 . 2011-04-12 04:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-12 04:13 . 2011-04-12 04:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-12 04:13 . 2011-04-12 04:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-12 04:13 . 2011-04-12 04:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-12 04:13 . 2011-04-12 04:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-12 04:13 . 2011-04-12 04:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-12 04:13 . 2011-04-12 04:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-12 04:13 . 2011-04-12 04:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-12 04:13 . 2011-04-12 04:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-12 04:13 . 2011-04-12 04:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-12 04:13 . 2011-04-12 04:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-12 04:13 . 2011-04-12 04:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-12 04:13 . 2011-04-12 04:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-12 04:13 . 2011-04-12 04:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-12 04:13 . 2011-04-12 04:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-12 04:13 . 2011-04-12 04:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-12 04:13 . 2011-04-12 04:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-12 04:13 . 2011-04-12 04:13 448512 ----a-w- c:\windows\system32\html.iec
2011-04-12 04:13 . 2011-04-12 04:13 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-12 04:13 . 2011-04-12 04:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-12 04:13 . 2011-04-12 04:13 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-12 04:13 . 2011-04-12 04:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-12 04:13 . 2011-04-12 04:13 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-12 04:13 . 2011-04-12 04:13 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-12 04:13 . 2011-04-12 04:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-12 04:13 . 2011-04-12 04:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-12 04:13 . 2011-04-12 04:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-12 04:13 . 2011-04-12 04:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-12 04:13 . 2011-04-12 04:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-12 04:13 . 2011-04-12 04:13 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-12 04:13 . 2011-04-12 04:13 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-12 04:13 . 2011-04-12 04:13 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-04-12 04:13 . 2011-04-12 04:13 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-04-12 04:13 . 2011-04-12 04:13 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-04-12 04:13 . 2011-04-12 04:13 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-12 04:13 . 2011-04-12 04:13 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-12 04:13 . 2011-04-12 04:13 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-12 04:13 . 2011-04-12 04:13 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-04-12 04:13 . 2011-04-12 04:13 144384 ----a-w- c:\windows\system32\cdd.dll
2011-04-12 04:13 . 2011-04-12 04:13 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-04-12 04:13 . 2011-04-12 04:13 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-04-12 04:13 . 2011-04-12 04:13 4068864 ----a-w- c:\windows\system32\mf.dll
2011-04-12 04:13 . 2011-04-12 04:13 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-04-12 04:13 . 2011-04-12 04:13 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-12 04:13 . 2011-04-12 04:13 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-04-12 04:13 . 2011-04-12 04:13 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-04-12 04:13 . 2011-04-12 04:13 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-12 04:13 . 2011-04-12 04:13 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-04-12 04:13 . 2011-04-12 04:13 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-04-12 04:13 . 2011-04-12 04:13 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-04-12 04:13 . 2011-04-12 04:13 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-04-12 04:13 . 2011-04-12 04:13 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-04-12 04:13 . 2011-04-12 04:13 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-04-12 04:13 . 2011-04-12 04:13 206848 ----a-w- c:\windows\system32\mfps.dll
2011-04-12 04:13 . 2011-04-12 04:13 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-12 04:13 . 2011-04-12 04:13 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-03-28 17:46 . 2011-04-21 17:30 146568 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"X1FileMonitor.exe"="c:\program files (x86)\X1\X1FileMonitor.exe" [2007-10-25 369336]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-02-17 107000]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]
"SEnukeX"="c:\users\BIG-FELLA\AppData\Local\SENukeX\senuke.exe" [2011-06-16 7605760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"FaxMonitor"="c:\program files (x86)\IPFax\FaxMonitor.exe" [2009-06-08 49152]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\BIG-FELLA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2011-6-12 380928]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
X1 System Tray.lnk - c:\program files (x86)\X1\X1Systray.exe [2007-10-25 353976]
X1.lnk - c:\program files (x86)\X1\X1.exe [2007-10-25 4766392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-7 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Tcpz-x64;Tcpz-x64;c:\users\BIG-FE~1\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-02-12 3975088]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R4 Firefox Service;Firefox Service;c:\users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\extensions\[email protected]\svc.exe [2011-03-10 83456]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-14 2250616]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AutoMate8;AutoMate 8;c:\program files (x86)\AutoMate 8\AMTS.exe [2010-11-30 11299328]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 TCPZ;TCP Half Open Limited Patcher ( TCP-Z);c:\windows\system32\DRIVERS\tcpz-x64d.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000Core.job
- c:\users\BIG-FELLA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 07:05]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1578988565-738332488-1354322868-1000UA.job
- c:\users\BIG-FELLA\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-07 07:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\BIG-FELLA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-24 8081952]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm Options - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComOptions.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BIG-FELLA\AppData\Roaming\Mozilla\Firefox\Profiles\157e1nb7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1BE626EE-9912-8832-1301-F97E9976BEFB} - c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Allscoop RSS Submit Pro 1.0 - c:\windows\system32\ss2uinst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1578988565-738332488-1354322868-1000_Classes\Wow6432Node\CLSID\{0185f01b-1b5f-4114-9a4a-ffe23bda8717}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a6
"Therad"=dword:0000001a
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1578988565-738332488-1354322868-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):89,26,2b,53,89,c3,12,2c,81,9b,87,7b,7a,2e,46,06,b8,94,01,6b,75,
1c,c6,99,3b,84,c2,a9,94,e9,1c,94,07,fe,a2,9d,32,2d,82,9b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1578988565-738332488-1354322868-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ab,a6,66,7a,14,a2,ca,0f,ad,39,e4,b6,d7,9d,8d,2b,3c,04,59,18,03,
e2,11,c9,78,94,e1,70,5e,5c,e4,07,ac,ae,e7,e1,cd,13,3c,ee,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1578988565-738332488-1354322868-1000_Classes\Wow6432Node\CLSID\{bc4f04fc-914a-4d12-b8c0-beea2204d18f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000024
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,24,2f,9b,db,fc,ac,0c,e4,c7,09,38,33,0a,e0,1a,04,91,bf,75,10,b9,30,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:02,28,95,80,36,2b,5e,af,84,3c,45,11,7f,29,b5,bd,ba,63,8a,9a,64,
2a,89,97,ff,38,74,40,72,f3,ce,9d,ae,3f,e5,95,ea,98,c9,a6,40,9b,86,eb,70,d2,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:02,28,95,80,36,2b,5e,af,84,3c,45,11,7f,29,b5,bd,ba,63,8a,9a,64,
2a,89,97,ff,38,74,40,72,f3,ce,9d,ae,3f,e5,95,ea,98,c9,a6,40,9b,86,eb,70,d2,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\presentationnative_v030032.exe
c:\programdata\icm3232.exe
c:\program files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
c:\program files (x86)\AutoMate 8\AMEM.exe
c:\program files (x86)\X1\X1Service.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2011-06-16 15:06:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 20:06
.
Pre-Run: 270,874,419,200 bytes free
Post-Run: 270,545,321,984 bytes free
.
- - End Of File - - 29B2D74D75AD7C7DD3458B9AF7664344
  • 0

Advertisements

#11
Essexboy
Posted 16 June 2011 - 02:16 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok it appears that combofix got it that time around :)

What are your current problems ? And is MBAM still reporting the infection
  • 0

#12
B. Val
Posted 16 June 2011 - 02:22 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
It's appears everything is good to go...! Thanks Essex.

I ran a quick scan on MalwareBytes and it was clean :)

I'm running a full scan now but it should be cool.

...and my search results are not being redirected. I really appreciate it.
  • 0

#13
Essexboy
Posted 16 June 2011 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.

    Posted Image

  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#14
B. Val
Posted 16 June 2011 - 08:36 PM

B. Val

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Well unfortunately it came back :-(

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6873

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/16/2011 9:34:04 PM
mbam-log-2011-06-16 (21-33-45).txt

Scan type: Quick scan
Objects scanned: 180194
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1BE626EE-9912-8832-1301-F97E9976BEFB} (Trojan.Tracur.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BE626EE-9912-8832-1301-F97E9976BEFB} (Trojan.Tracur.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BE626EE-9912-8832-1301-F97E9976BEFB} (Trojan.Tracur.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BE626EE-9912-8832-1301-F97E9976BEFB} (Trojan.Tracur.Gen) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-localregistry-l1-1-032.dll (Trojan.Tracur.Gen) -> No action taken.
  • 0

#15
Essexboy
Posted 17 June 2011 - 09:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is more than one way to skin a cat

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP