Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista Fedex Virus -- Need help to remove

Started by helpxavier0123 , Jun 25 2011 12:55 PM

  • Please log in to reply

#1
helpxavier0123
Posted 25 June 2011 - 12:55 PM

helpxavier0123

    New Member

  • Member
  • Pip
  • 2 posts
Hello! The other day I ignorantly downloaded the attachment in an email from "FedEx" that I knew didn't look real. I proceeded to open the attachment and my computer began to slowly shut down. First my desktop went black, application started to shutdown, and my start menu and quick-launch bar was cleared.
I am unable to physically see or access my files. Is there anyway I could rid of this virus without losing my files?

I already ran the OTL application (below) if that helps any. Thanks!!


OTL logfile created on: 6/17/2011 4:13:59 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Owner\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.09% Memory free
8.09 Gb Paging File | 5.97 Gb Available in Paging File | 73.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 41.37 Gb Free Space | 14.37% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.30 Gb Free Space | 33.01% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 16:12:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/06/13 19:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/05/24 12:22:53 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/12 17:50:32 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/05/12 17:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/07/04 16:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/06/05 18:06:04 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/01/25 03:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 18:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/11 14:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/12/05 12:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/11/26 12:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2007/11/01 21:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 21:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\MSC\mcuimgr.exe
PRC - [2007/07/18 17:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/12 14:43:50 | 000,226,904 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 16:12:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
MOD - [2009/08/28 08:38:58 | 002,153,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2008/01/20 22:50:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2008/01/20 22:49:15 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2008/01/20 22:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 05:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shimeng.dll
MOD - [2006/11/02 05:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/17 17:46:12 | 000,993,696 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2008/12/23 01:55:34 | 002,479,864 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/08/25 06:31:36 | 000,251,904 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/08/25 06:31:22 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/11/07 11:35:40 | 000,702,792 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2007/07/24 14:01:38 | 000,153,408 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2007/05/09 13:53:36 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\ACFXAU64.exe -- (XAudioService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/12 17:50:32 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/25 03:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 18:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/11 14:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/12/05 12:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 12:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/07/18 17:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/06/18 16:09:42 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/06/18 15:42:40 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2010/01/25 20:57:54 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/11/14 00:05:36 | 000,036,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/10/27 02:37:30 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\JakNDis.sys -- (JakNDisMP)
DRV:64bit: - [2009/10/27 02:37:30 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\JakNDis.sys -- (JakNDis)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/12 23:20:40 | 000,140,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST) RMCAST (Pgm)
DRV:64bit: - [2008/12/23 02:54:58 | 000,548,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/27 02:25:30 | 000,315,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/10/27 02:25:30 | 000,168,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/09/03 07:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/09/03 07:58:16 | 008,029,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/25 07:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/08/25 06:31:46 | 000,458,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/06/16 05:25:20 | 000,019,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 05:25:14 | 000,036,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 05:25:12 | 000,120,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 05:25:10 | 000,092,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 22:46:56 | 000,032,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/02 14:51:42 | 000,049,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2007/11/22 08:44:08 | 000,293,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2007/11/22 08:44:08 | 000,101,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2007/11/22 08:43:40 | 000,040,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/07/13 08:21:36 | 000,173,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2007/05/09 13:53:26 | 000,035,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ACFDCP64.sys -- (dgcfltr)
DRV:64bit: - [2007/05/09 13:53:16 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ACFXAU64.sys -- (XAudio)
DRV:64bit: - [2007/04/26 17:46:14 | 000,121,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ACFVA64.sys -- (acfva)
DRV:64bit: - [2007/03/15 19:08:46 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ACFSDK64.sys -- (mdmxsdk)
DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/01/28 17:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 17:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2002/07/17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2090113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2090113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2090113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...GO&form=ZGAPHP/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/05/04 12:25:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/23 23:30:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/23 23:30:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/24 12:25:12 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/24 12:24:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/25 23:54:29 | 000,000,000 | ---D | M]

[2009/03/15 13:14:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/03/02 18:49:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/25 12:34:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions
[2010/06/14 15:19:50 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 10:50:50 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/21 18:59:08 | 000,000,000 | -H-D | M] (Flash and Video Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2009/06/13 10:10:21 | 000,000,000 | -H-D | M] (PitchDark) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2011/04/22 04:27:36 | 000,000,000 | -H-D | M] (Search Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\extensions\[email protected]
[2010/01/14 21:19:46 | 000,002,530 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\searchplugins\amazon-search-suggestions.xml
[2011/04/22 04:27:37 | 000,001,919 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\searchplugins\bing-zugo.xml
[2009/03/28 16:17:30 | 000,000,891 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\searchplugins\dictionarycom.xml
[2009/06/01 01:44:47 | 000,002,042 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\searchplugins\facebook.xml
[2009/10/26 23:12:17 | 000,005,770 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ryj2sx03.default\searchplugins\metro-lyrics.xml
[2011/06/14 23:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/14 23:24:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/05 12:58:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/29 21:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/18 00:15:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/18 20:31:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/03 10:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/03 10:49:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2011/05/24 12:25:12 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/01/01 04:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (DigitalPersona Fingerprint Software Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (P2P Energy Toolbar) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (P2P Energy Toolbar) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - C:\Program Files (x86)\P2P_Energy\tbP2P_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [dXXBTPbLqyCp] C:\ProgramData\dXXBTPbLqyCp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fcxzyql] C:\Users\Owner\AppData\Roaming\qhzwstyp.dll ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/17 14:25:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17390282-f5d4-11df-a5fc-ac24be8cda6f}\Shell - "" = AutoRun
O33 - MountPoints2\{17390282-f5d4-11df-a5fc-ac24be8cda6f}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{305bdbb5-4e29-11df-af21-a23f74349bde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4fbe1f21-b2b2-11de-a848-f6dfced6daf9}\Shell - "" = AutoRun
O33 - MountPoints2\{4fbe1f21-b2b2-11de-a848-f6dfced6daf9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6124dcf5-5797-11df-8e46-aaf6100199da}\Shell - "" = AutoRun
O33 - MountPoints2\{6124dcf5-5797-11df-8e46-aaf6100199da}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e6e2aef6-2d37-11de-86d2-002219dc5f84}\Shell - "" = AutoRun
O33 - MountPoints2\{e6e2aef6-2d37-11de-86d2-002219dc5f84}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 14:23:39 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2011/06/17 14:23:37 | 000,000,000 | -H-D | C] -- C:\sh4ldr
[2011/06/17 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/06/17 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/06/17 00:53:36 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/17 00:53:02 | 000,356,352 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\43376376.exe
[2011/06/17 00:35:30 | 000,444,416 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\dXXBTPbLqyCp.exe
[2011/06/15 00:55:33 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/06/14 23:38:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011/06/14 23:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/06/14 23:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2011/06/14 23:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/14 23:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/06/14 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/14 18:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/05 01:25:51 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2011/06/05 01:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011/06/05 01:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2011/06/02 01:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIcodec
[2011/05/31 23:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matroska Pack
[2011/05/29 03:53:17 | 000,000,000 | -H-D | C] -- C:\Users\Owner\0On My Mind - Single_TMT
[2011/05/27 16:14:36 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\Azureus
[2011/05/24 12:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/05/20 23:42:59 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2011/05/20 23:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\ParetoLogic
[2011/05/20 23:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\DriverCure
[2011/05/20 23:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 16:18:34 | 000,068,711 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/06/17 16:15:59 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{03F7D57F-290A-4854-8A36-6C27E059C181}.job
[2011/06/17 16:13:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 16:13:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 15:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 14:25:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/06/17 14:23:43 | 000,002,091 | -H-- | M] () -- C:\Users\Owner\Desktop\SpyHunter.lnk
[2011/06/17 14:16:24 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~43376376
[2011/06/17 14:16:24 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43376376r
[2011/06/17 14:14:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 14:13:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/17 14:13:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 01:09:29 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/17 01:06:33 | 000,006,080 | -H-- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/06/17 00:56:45 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43376376
[2011/06/17 00:53:38 | 000,000,593 | -H-- | M] () -- C:\Users\Owner\Desktop\Windows Vista Repair.lnk
[2011/06/16 22:22:43 | 000,059,904 | -H-- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 15:08:14 | 000,000,245 | -H-- | M] () -- C:\Users\Owner\Desktop\Document.rtf
[2011/06/16 09:55:20 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/16 09:55:20 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/16 09:55:20 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/16 00:44:03 | 000,027,486 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2011/06/15 00:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/14 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/06/02 22:58:35 | 000,010,240 | -H-- | M] () -- C:\Users\Owner\Documents\Thank you.wps
[2011/05/26 23:54:00 | 019,685,837 | -H-- | M] () -- C:\Users\Owner\0On_My_Mind_-_Single_TMT.rar
[2011/05/24 12:23:05 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011/05/21 00:33:08 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 14:25:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/06/17 14:23:42 | 000,002,091 | -H-- | C] () -- C:\Users\Owner\Desktop\SpyHunter.lnk
[2011/06/17 14:13:36 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/06/17 00:53:44 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43376376r
[2011/06/17 00:53:43 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~43376376
[2011/06/17 00:53:38 | 000,000,593 | -H-- | C] () -- C:\Users\Owner\Desktop\Windows Vista Repair.lnk
[2011/06/17 00:53:11 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43376376
[2011/06/16 15:08:13 | 000,000,245 | -H-- | C] () -- C:\Users\Owner\Desktop\Document.rtf
[2011/05/31 23:14:38 | 000,010,240 | -H-- | C] () -- C:\Users\Owner\Documents\Thank you.wps
[2011/05/26 23:52:58 | 019,685,837 | -H-- | C] () -- C:\Users\Owner\0On_My_Mind_-_Single_TMT.rar
[2011/05/20 23:42:59 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/05/20 23:42:51 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/08/23 21:46:26 | 000,047,104 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010/01/21 12:24:28 | 000,174,852 | RHS- | C] () -- C:\Users\Owner\AppData\Roaming\qhzwstyp.dll
[2009/07/30 21:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/04 04:15:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/20 04:09:05 | 000,017,043 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/03/05 16:39:20 | 000,006,080 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/02/28 22:48:44 | 000,000,022 | -H-- | C] () -- C:\Users\Owner\AppData\Local\kodakpcd.ini
[2009/02/24 02:28:44 | 000,000,732 | -H-- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/02/22 22:58:55 | 000,059,904 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/22 22:45:25 | 000,027,486 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2009/01/12 23:44:47 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/01/12 23:44:47 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/12 23:13:54 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/01/12 23:13:53 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/01/12 23:13:52 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/01/12 22:38:41 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/01/12 22:26:02 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/05/27 16:33:27 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Azureus
[2011/06/16 16:58:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\BitTorrent
[2009/03/01 00:43:15 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Datel
[2010/03/25 00:10:30 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DexterWire
[2009/02/22 22:35:40 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DigitalPersona
[2011/05/20 23:43:46 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
[2011/06/15 01:05:38 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2011/04/18 16:23:13 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
[2010/02/11 05:43:18 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Jaksta
[2011/04/18 01:47:29 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/03/28 20:32:38 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\LimeWireTurbo
[2011/06/05 01:26:15 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2009/04/17 20:22:31 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/05/27 01:16:12 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\MuWire
[2010/05/14 14:41:25 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\NVD
[2011/01/08 08:00:20 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2010/02/05 16:01:19 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2010/11/12 03:13:00 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PhotoScape
[2010/10/21 23:22:45 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\PrimoPDF
[2011/04/18 15:09:22 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2011/04/22 03:10:31 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2009/04/17 20:31:49 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Skinux
[2010/05/17 01:17:01 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2009/03/15 23:07:33 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony
[2009/02/22 22:45:28 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2010/05/14 14:37:44 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/06/15 00:59:59 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/02/01 02:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/06/14 18:00:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2011/05/21 00:33:08 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2011/06/17 01:09:29 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/17 16:15:59 | 000,000,446 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{03F7D57F-290A-4854-8A36-6C27E059C181}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/06/17 14:13:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/06/17 14:25:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/01/12 23:50:29 | 000,005,066 | RH-- | M] () -- C:\dell.sdr
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/06/17 14:13:24 | 270,508,031 | -HS- | M] () -- C:\pagefile.sys
[2010/08/23 21:46:31 | 000,004,878 | ---- | M] () -- C:\SetUp-Log-mpegable DS decoder.txt
[2009/01/12 22:39:05 | 000,000,174 | ---- | M] () -- C:\Setup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 11:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 23:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/20 23:59:18 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/15 14:29:37 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/06/17 00:56:45 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43376376
[2011/06/17 00:53:03 | 000,356,352 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\43376376.exe
[2011/06/17 00:35:30 | 000,444,416 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\dXXBTPbLqyCp.exe
[2011/06/17 14:16:24 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~43376376
[2011/06/17 14:16:24 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43376376r

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/08/30 03:20:33 | 000,000,136 | -HS- | M] () -- C:\Users\Owner\Cookies\desktop.ini
[2011/06/17 16:16:48 | 000,049,152 | -HS- | M] () -- C:\Users\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F7B65412
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP