Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mystery malware attack; makes almost all applications disappear, leave


  • This topic is locked This topic is locked

#1
ozarknature

ozarknature

    Member

  • Member
  • PipPip
  • 21 posts
Hello friends,

I was hit with a serious malware attack 2 days ago. I have a 64-bit HP Pavilion dv6 3010us laptop with 4 GB RAM. I am running Windows 7 Home Premium, SP 1, Build 7601. I was using McAfee Security-as-a-Service from Cox Business (my ISP). Not certain what I did to cause this infection but I was downloading and installing some drivers that appeared to be from a reputable source. I suspect strongly that I was complacent and careless and that one or more of those downloaded drivers was infected!

During this sequence I began noticing applications disappearing, one by one, from my hard drive. Within about 20 minutes nearly all were gone except the Windows operating system and Google Chrome browser (on which I'm writing this message now). Internet Explorer remained on the drive and I was able to open it but I could not get it to display any web pages. Java was gone, too.

I tried downloading several virus removal programs, including Microsoft Malware Removal Tool, McAfee, TrendMicro HouseCall, Hijack This, MalwareBytes AntiMalware, Emsisoft Anti-Malware, RootKit Buster, and Kaspersky Virus Removal Tool. The only programs of these that I could fully download and run were Hijack This, Avast AntiVirus, Kaspersky and Emsisoft, which said I was not infected. The others would either not load or were unable to download their definitions update files. I couldn't unzip the RootKit Buster installer because my machine would not allow me to install Hamster or WinZip.

I went to Avast's forum and posted a plea for help here:
http://forum.avast.c...c=83179.new#new

Pondus from Norway responded and referred me to Essexboy who directed me to Malwarebytes which I had already tried. Essexboy suggested I download and run OTL.exe which I did. He also said that if I had a particularly serious issue to post here in this forum. I am attaching the two OTL log files, OTL.txt and Extras.txt as Essexboy requested.

I am now hoping that someone who knows how to read these will be able to identify the problem(s) I have!

Your assistance is deeply appreciated.

OTL logfile created on: 8/16/2011 5:27:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Zinja\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 65.51% Memory free
7.49 Gb Paging File | 5.54 Gb Available in Paging File | 73.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.31 Gb Total Space | 40.41 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.97 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 89.17 Mb Free Space | 89.77% Space Free | Partition Type: FAT32

Computer Name: ZINJA-WARRIOR | User Name: Zinja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/08/16 17:12:47 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Zinja\Downloads\OTL.exe
PRC - [2011/08/14 16:31:54 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/08/01 14:44:08 | 026,441,568 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/05/18 12:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/03/31 14:38:17 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2010/10/15 14:44:10 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/03/05 23:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/05 12:02:23 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/21 21:39:57 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 23:36:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/25 10:19:28 | 000,047,432 | ---- | M] (Cox Business) [Auto | Running] -- C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe -- (Cox_Business_CBOBbackup)
SRV:64bit: - [2011/01/19 10:18:20 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/01/12 14:03:04 | 000,203,104 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/01/12 14:01:58 | 000,190,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/09/20 02:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/27 16:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [1999/12/31 19:00:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [1999/12/31 19:00:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/18 12:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2010/10/15 14:44:10 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 23:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/13 09:43:11 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 06:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 06:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 06:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 06:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 06:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/01 04:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/01 17:03:41 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2011/02/25 10:19:18 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Cox_Business_CBOB.sys -- (Cox_Business_CBOBFilter)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2011/01/19 10:18:20 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,472,624 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/01/19 10:18:20 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/01/19 10:18:20 | 000,074,904 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/12/17 20:40:30 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 03:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 02:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/13 17:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 21:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/03 19:05:30 | 000,328,232 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/01/28 13:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 15:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/10/02 11:46:00 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/02 11:46:00 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/02 11:46:00 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [1999/12/31 19:00:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [1999/12/31 19:00:00 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV - [2011/08/10 15:55:40 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...yE&cr=455734634


IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Foxtab Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.foxtab...E&cr=455734634"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Zinja\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zinja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Zinja\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins

[2011/06/26 05:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions
[2011/02/22 18:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/04/12 16:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/07 09:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/13 18:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions
[2011/06/09 22:30:05 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/07/15 22:24:20 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/15 20:33:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/16 13:24:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/06/16 22:53:45 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2011/07/08 23:41:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/04 03:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/25 23:38:38 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/06/29 19:46:14 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/07/31 15:23:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/08/13 18:34:16 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/08/02 00:33:56 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/20 01:18:41 | 000,000,000 | ---D | M] ("Google+Facebook") -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/10 05:50:49 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/06/10 19:18:40 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/06 13:05:38 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/10 06:34:53 | 000,000,000 | ---D | M] (SearchGBY) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/20 01:18:41 | 000,000,000 | ---D | M] (Rapportive) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/15 22:24:20 | 000,000,000 | ---D | M] (The Search Sidebar) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/05 15:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\chrome
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\components
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\defaults
[2011/02/22 16:31:17 | 000,001,919 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\bing-zugo.xml
[2011/02/22 11:31:59 | 000,001,651 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\erotic-search.xml
[2011/07/13 11:55:40 | 000,000,958 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\facebook.xml
[2011/08/14 09:41:25 | 000,005,423 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\Foxtab Web Search.xml
[2011/02/22 11:25:17 | 000,004,855 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\google-images.xml
[2011/08/10 07:26:44 | 000,001,633 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\googletranslate.xml
[2011/04/15 00:07:33 | 000,002,567 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\hulu.xml
[2011/02/22 11:33:05 | 000,001,504 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\imdb.xml
[2011/02/22 11:25:41 | 000,001,826 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\nasa-images.xml
[2011/02/22 11:33:58 | 000,001,050 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\siteadvisor.xml
[2011/03/17 19:58:53 | 000,002,306 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\wot-safe-search.xml
File not found (No name found) --
File not found (No name found) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{20CC25E2-48C9-45E1-9A1F-1CCC1882B81B}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{28197867-B1EF-4140-8E3B-55C45B9C8460}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{2E17E2B2-B8D4-4A67-8D7B-FAFA6CC9D1D0}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{47624DDA-B77E-4FEB-820A-E4F077D5D4CA}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{962E0D4D-6B89-4B73-AA72-DF03360DA12E}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{CD617372-6743-4EE4-BAC4-FBF60F35719E}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/06/14 21:25:02 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (VizController Class) - {0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
O3 - HKLM\..\Toolbar: (DiskView) - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O3 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe ARM] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HFALoader] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000..\Run: [DriverMax] File not found
O4 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000..\Run: [DriverMax_RESTART] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - File not found
O9 - Extra Button: - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra 'Tools' menuitem : - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\.DEFAULT\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72ae5efb-bfb9-11e0-8c7b-bfef05e91997}\Shell - "" = AutoRun
O33 - MountPoints2\{72ae5efb-bfb9-11e0-8c7b-bfef05e91997}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 03:35:12 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Malwarebytes
[2011/08/16 01:34:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/16 01:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 01:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/16 01:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/15 22:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/15 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Apps
[2011/08/15 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\QuickScan
[2011/08/14 15:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/14 15:42:24 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/14 15:42:24 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/14 15:42:20 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/14 15:42:19 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/14 15:42:18 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/14 15:42:13 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/14 15:42:12 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/14 15:41:38 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/14 15:41:36 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/14 15:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/14 15:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/14 15:26:16 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Microsoft Help
[2011/08/14 15:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/14 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Apple Computer
[2011/08/14 15:08:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\yahoo!
[2011/08/14 15:04:44 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Adobe
[2011/08/14 15:00:39 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\ATI
[2011/08/14 14:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/08/14 14:47:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 11:49:35 | 000,651,776 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/08/14 11:46:35 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/08/14 11:46:31 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/08/14 11:46:30 | 001,499,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/08/14 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/14 11:17:42 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\SlimWare Utilities Inc
[2011/08/14 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2011/08/14 09:42:32 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\My Drivers
[2011/08/14 09:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\DriverGenius
[2011/08/13 17:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/08/13 17:41:37 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\AMD
[2011/08/13 17:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/08/13 17:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/08/12 11:31:49 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\QTTabBar
[2011/08/11 00:14:37 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\PrimoPDF
[2011/08/10 15:55:40 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/08/10 03:02:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/08/08 20:23:14 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Super F4
[2011/08/05 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\U3
[2011/08/04 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Anti-Virus Specific Pgm
[2011/07/26 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Notes Folder
[2011/07/22 15:51:50 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/07/20 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/07/20 14:18:40 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\Anti-Malware
[2011/07/19 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Registry backup
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/16 17:37:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000UA.job
[2011/08/16 17:28:39 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/08/16 17:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 17:23:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/16 17:11:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000Core.job
[2011/08/16 17:04:36 | 000,783,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 17:04:36 | 000,663,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 17:04:36 | 000,122,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 17:01:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 10:04:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 01:34:35 | 000,001,110 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/16 01:34:35 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/08/15 22:34:31 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 22:34:31 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 22:24:37 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/14 16:16:00 | 000,000,036 | ---- | M] () -- C:\Users\Zinja\AppData\Local\housecall.guid.cache
[2011/08/14 15:42:25 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/14 15:42:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/14 15:37:15 | 000,002,935 | ---- | M] () -- C:\Users\Zinja\Desktop\HiJackThis.lnk
[2011/08/14 15:14:05 | 000,002,291 | ---- | M] () -- C:\Users\Zinja\Desktop\Google Chrome.lnk
[2011/08/14 15:12:46 | 000,017,408 | ---- | M] () -- C:\conf.dat
[2011/08/14 13:27:57 | 000,000,047 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2011/08/14 00:13:15 | 000,007,792 | ---- | M] () -- C:\Users\Zinja\Desktop\Driver Analysis for ZINJA-WARRIOR.html
[2011/08/14 00:03:17 | 000,005,404 | ---- | M] () -- C:\Windows\Cox_Business_CBOB.blk
[2011/08/14 00:03:17 | 000,000,992 | ---- | M] () -- C:\Windows\Cox_Business_CBOB.flt
[2011/08/13 19:23:30 | 000,777,742 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/13 17:47:30 | 000,002,063 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Driver Alert2.lnk
[2011/08/12 00:02:25 | 000,001,127 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2011/08/10 23:59:11 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2011/08/10 15:55:40 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/08/05 23:55:45 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem46.inf
[2011/08/05 19:11:05 | 038,695,279 | ---- | M] () -- C:\Users\Zinja\Desktop\Emerson LD195EMX Manual.PDF
[2011/08/05 13:34:21 | 000,150,682 | ---- | M] () -- C:\Users\Zinja\Desktop\Second HP Support Session.xps
[2011/08/05 13:01:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForZinja.job
[2011/08/04 00:33:44 | 000,000,997 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUtilities.lnk
[2011/08/02 18:59:59 | 000,002,237 | ---- | M] () -- C:\Users\Zinja\Desktop\calendar.ics
[2011/07/28 20:26:42 | 000,000,600 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\winscp.rnd
[2011/07/28 20:25:56 | 000,001,890 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSCP.lnk
[2011/07/25 21:40:49 | 000,063,124 | ---- | M] () -- C:\Users\Zinja\Desktop\David Orr hawaiian shirt torso shot.jpg
[2011/07/25 18:13:15 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/07/23 10:44:27 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/07/22 15:51:50 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/07/22 15:50:19 | 000,002,515 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/20 14:19:20 | 000,001,132 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/07/20 11:30:00 | 000,001,555 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/19 14:00:25 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/16 01:34:35 | 000,001,110 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/16 01:34:35 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 16:16:00 | 000,000,036 | ---- | C] () -- C:\Users\Zinja\AppData\Local\housecall.guid.cache
[2011/08/14 15:42:25 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/14 15:42:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/14 15:37:15 | 000,002,935 | ---- | C] () -- C:\Users\Zinja\Desktop\HiJackThis.lnk
[2011/08/14 15:14:05 | 000,002,291 | ---- | C] () -- C:\Users\Zinja\Desktop\Google Chrome.lnk
[2011/08/14 15:11:27 | 000,017,408 | ---- | C] () -- C:\conf.dat
[2011/08/14 12:17:08 | 000,099,389 | ---- | C] () -- C:\Users\Zinja\Desktop\Bighog1wiki.jpg
[2011/08/14 11:17:59 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/08/14 00:13:15 | 000,007,792 | ---- | C] () -- C:\Users\Zinja\Desktop\Driver Analysis for ZINJA-WARRIOR.html
[2011/08/13 17:47:30 | 000,002,063 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Driver Alert2.lnk
[2011/08/10 23:59:16 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2011/08/10 17:14:40 | 000,000,942 | ---- | C] () -- C:\Users\Zinja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3RVX.lnk
[2011/08/09 18:11:33 | 000,266,930 | ---- | C] () -- C:\Users\Zinja\Desktop\Bear%20Lake%20County%20Sheriff%20ID.jpg
[2011/08/08 08:46:39 | 000,069,197 | ---- | C] () -- C:\Users\Zinja\Desktop\6153FMXN6QL.jpg
[2011/08/05 23:56:06 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem46.inf
[2011/08/05 19:04:46 | 038,695,279 | ---- | C] () -- C:\Users\Zinja\Desktop\Emerson LD195EMX Manual.PDF
[2011/08/05 13:34:19 | 000,150,682 | ---- | C] () -- C:\Users\Zinja\Desktop\Second HP Support Session.xps
[2011/08/04 12:49:20 | 000,606,378 | ---- | C] () -- C:\Users\Zinja\Documents\change yahoo name.pdf
[2011/08/02 19:00:10 | 000,002,237 | ---- | C] () -- C:\Users\Zinja\Desktop\calendar.ics
[2011/07/25 21:40:46 | 000,063,124 | ---- | C] () -- C:\Users\Zinja\Desktop\David Orr hawaiian shirt torso shot.jpg
[2011/07/25 18:13:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/07/20 14:19:20 | 000,001,132 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/07/20 11:30:00 | 000,001,555 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/19 14:00:25 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 11:31:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/22 04:34:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/22 04:33:57 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/22 04:33:57 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/22 04:33:56 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/10 15:51:15 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2011/03/10 15:50:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/28 05:17:26 | 000,777,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 19:07:04 | 000,000,600 | ---- | C] () -- C:\Users\Zinja\AppData\Roaming\winscp.rnd
[2011/02/22 18:04:51 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 20:32:56 | 000,026,424 | ---- | C] () -- C:\Users\Zinja\AppData\Roaming\UserTile.png
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/21 03:37:09 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/21 03:37:09 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/04/25 15:17:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 23:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/14 15:05:02 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Dropbox
[2011/08/14 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\IObit
[2011/03/20 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\IrfanView
[2011/06/23 04:55:09 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Lunascape
[2011/06/12 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Made for IT
[2011/05/25 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Obvious Idea
[2011/02/22 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\ooVoo Details
[2011/02/23 16:33:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\OpenOffice.org
[2011/06/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Opera
[2011/03/01 13:10:23 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Philipp Winterberg
[2011/06/19 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\PhotoScape
[2011/08/11 00:14:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\PrimoPDF
[2011/08/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\QTTabBar
[2011/06/16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\qualys
[2011/08/15 14:22:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\QuickScan
[2011/04/04 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2011/03/28 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Stardock
[2011/04/11 00:11:39 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\TreeCardGames
[2011/04/15 13:18:10 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Trillian
[2011/05/08 17:17:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/10 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\WebcamMax
[2011/02/24 14:20:43 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Windows Live Writer
[2011/04/22 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Wireshark
[2011/02/21 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Xilisoft
[2011/06/18 06:01:56 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Yoono
[2011/03/28 23:03:52 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\YouSendIt
[2011/06/18 05:02:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\ZumoDrive
[2011/08/04 13:16:05 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/16 17:28:39 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >

David Orr
Fayetteville, Arkansas

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets get the show on the road


Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
    FF - prefs.js..browser.startup.homepage: "http://search.foxtab...E&cr=455734634"
    [2011/05/07 09:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2011/08/04 03:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    O2 - BHO: (VizController Class) - {0F9CECE1-0306-4BB0-8BEF-C9EA3841E38A} - File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - File not found
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
    O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
    O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - File not found
    O3 - HKLM\..\Toolbar: (DiskView) - {6A882320-BDD0-4ff4-BE3A-D8BAF82668E9} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
    O3 - HKU\S-1-5-21-1115849333-2882087070-3583721905-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - File not found
    O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - File not found
    O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you, Essexboy, for your detailed and easy-to-read instructions!

Here is the log for Rogue Killer, attached...

Additional logs to follow as performed.

Attached File  RKreport1.txt   1.18KB   74 downloads
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should have all your files back now I feel
  • 0

#5
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No, not only do I not have my files back but the system is not allowing me to run OTL.exe. When I try to start OTL I get an error message saying that "OTL.exe is not a valid Win32 application"... Then OTL.exe simply disappears! I have tried downloading additional copies twice but this happens each time.

What next?

:)

David Orr
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-run RogueKiller and select option 2

Once done retry OTL but use this copy

Download OTL to your Desktop
  • 0

#7
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Essexboy,

Here is log file from Rogue Killer as you requested, using option (2). See attached.

I downloaded and tried to run OTL.com as you instructed but I got the same result, an error msg saying it is not a valid Win32 application. This time, however, the app was NOT deleted from my desktop. So I tried downloading it a second time, only this time naming it OTL (1).com, and then it WORKED!

OTL (1) scan file to follow in next post...

:)

Attached File  RKreport4.txt   1.16KB   74 downloads
  • 0

#8
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Essexboy,

When I rebooted, OTL (1).com appeared onscreen before the machine had fully loaded my desktop, asking if I wanted to run it. I chose to do so, and the output was this:

Attached File  08172011_170822.log   12.92KB   63 downloads

Following that run, Windows finished loading my desktop and I ran a Quick Scan as you previously requested. Here is the output of that:

Attached File  08172011_170822.log   12.92KB   63 downloads

Next I will run aswMBR.exe as previously instructed and post the result of that in my next reply.
  • 0

#9
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Oops! I should have posted OTL.txt in the previous message:

Attached File  OTL.Txt   147.05KB   42 downloads

OTL logfile created on: 8/17/2011 5:17:25 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Zinja\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 66.26% Memory free
7.49 Gb Paging File | 5.91 Gb Available in Paging File | 78.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.31 Gb Total Space | 39.69 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.97 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 89.17 Mb Free Space | 89.77% Space Free | Partition Type: FAT32

Computer Name: ZINJA-WARRIOR | User Name: Zinja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/17 16:56:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Zinja\Desktop\OTL (1).com
PRC - [2011/08/14 16:31:54 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/05/18 12:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) -- C:\Program Files (x86)\Xobni\XobniService.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/03/31 14:38:17 | 000,126,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/10/15 14:44:10 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/03/05 23:12:48 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/05 12:02:23 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 23:36:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/25 10:19:28 | 000,047,432 | ---- | M] (Cox Business) [Auto | Running] -- C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe -- (Cox_Business_CBOBbackup)
SRV:64bit: - [2011/01/19 10:18:20 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/01/12 14:03:04 | 000,203,104 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/01/12 14:01:58 | 000,190,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/09/20 02:56:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/27 16:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [1999/12/31 19:00:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [1999/12/31 19:00:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/30 09:50:40 | 003,029,208 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/18 12:26:54 | 000,062,184 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files (x86)\Xobni\XobniService.exe -- (XobniService)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2011/01/25 01:06:12 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/10/15 14:44:10 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 23:12:48 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/13 09:43:11 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 06:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 06:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 06:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 06:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 06:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/07/01 04:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/01 17:03:41 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2011/02/25 10:19:18 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Cox_Business_CBOB.sys -- (Cox_Business_CBOBFilter)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2011/01/19 10:18:20 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,472,624 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/01/19 10:18:20 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/01/19 10:18:20 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/01/19 10:18:20 | 000,074,904 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/12/17 20:40:30 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/20 03:14:16 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/20 02:21:04 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/13 17:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/08 21:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/03 19:05:30 | 000,328,232 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/01/28 13:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 15:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2009/10/02 11:46:00 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/02 11:46:00 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/02 11:46:00 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 11:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [1999/12/31 19:00:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [1999/12/31 19:00:00 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV - [2011/08/10 15:55:40 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011/02/20 21:30:06 | 000,085,800 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2010/09/05 12:25:22 | 000,048,216 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab...yE&cr=455734634

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Foxtab Web Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Foxtab Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Zinja\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Zinja\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Zinja\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zinja\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files (x86)\WinZip Courier\FFExt [2011/08/17 00:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/14 15:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/16 23:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/26 05:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions
[2011/02/22 18:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/04/12 16:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/07 09:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/17 03:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions
[2011/06/09 22:30:05 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2011/07/15 22:24:20 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/15 20:33:02 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/07/16 13:24:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/06/16 22:53:45 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2011/07/08 23:41:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/04 03:45:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/25 23:38:38 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/06/29 19:46:14 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/07/31 15:23:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/08/02 00:33:56 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/20 01:18:41 | 000,000,000 | ---D | M] ("Google+Facebook") -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/10 05:50:49 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/06/10 19:18:40 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (GoogleSharing) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/06 13:05:38 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/10 06:34:53 | 000,000,000 | ---D | M] (SearchGBY) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/20 01:18:41 | 000,000,000 | ---D | M] (Rapportive) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/07/15 22:24:20 | 000,000,000 | ---D | M] (The Search Sidebar) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]
[2011/08/05 15:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\chrome
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\components
[2011/08/05 15:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\extensions\[email protected]\defaults
[2011/02/22 16:31:17 | 000,001,919 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\bing-zugo.xml
[2011/02/22 11:31:59 | 000,001,651 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\erotic-search.xml
[2011/07/13 11:55:40 | 000,000,958 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\facebook.xml
[2011/02/22 11:25:17 | 000,004,855 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\google-images.xml
[2011/08/10 07:26:44 | 000,001,633 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\googletranslate.xml
[2011/04/15 00:07:33 | 000,002,567 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\hulu.xml
[2011/02/22 11:33:05 | 000,001,504 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\imdb.xml
[2011/02/22 11:25:41 | 000,001,826 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\nasa-images.xml
[2011/02/22 11:33:58 | 000,001,050 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\siteadvisor.xml
[2011/03/17 19:58:53 | 000,002,306 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\searchplugins\wot-safe-search.xml
[2011/08/16 23:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{28197867-B1EF-4140-8E3B-55C45B9C8460}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{2E17E2B2-B8D4-4A67-8D7B-FAFA6CC9D1D0}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{962E0D4D-6B89-4B73-AA72-DF03360DA12E}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{CD617372-6743-4EE4-BAC4-FBF60F35719E}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]KANEN.NET.XPI
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\ZINJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6W4RQZWK.DEFAULT\EXTENSIONS\[email protected]
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 17:09:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - File not found
O9 - Extra Button: - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra 'Tools' menuitem : - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{72ae5efb-bfb9-11e0-8c7b-bfef05e91997}\Shell - "" = AutoRun
O33 - MountPoints2\{72ae5efb-bfb9-11e0-8c7b-bfef05e91997}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 17:08:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/17 16:56:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Zinja\Desktop\OTL (1).com
[2011/08/17 15:21:36 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Zinja\Desktop\aswMBR.exe
[2011/08/17 14:52:08 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\RK_Quarantine
[2011/08/17 10:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/08/17 10:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/08/17 10:22:57 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Adobe
[2011/08/17 10:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/08/17 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/08/17 00:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/17 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/17 00:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/17 00:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/08/17 00:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/17 00:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/17 00:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/08/17 00:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/08/17 00:09:40 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Diagnostics
[2011/08/17 00:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2011/08/17 00:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Courier
[2011/08/17 00:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Courier
[2011/08/17 00:03:54 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\WinZip
[2011/08/17 00:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/08/17 00:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/08/17 00:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/08/16 23:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/08/16 23:21:31 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Mozilla
[2011/08/16 23:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/16 03:35:12 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Malwarebytes
[2011/08/16 01:34:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/16 01:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 01:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/16 01:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/15 22:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/15 22:18:09 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Apps
[2011/08/15 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\QuickScan
[2011/08/14 15:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/14 15:42:24 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/08/14 15:42:24 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/08/14 15:42:20 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/08/14 15:42:19 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/08/14 15:42:18 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/08/14 15:42:13 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/08/14 15:42:12 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/08/14 15:41:38 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/14 15:41:36 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/08/14 15:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/14 15:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/14 15:37:15 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/14 15:26:16 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\Microsoft Help
[2011/08/14 15:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/08/14 15:10:26 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Apple Computer
[2011/08/14 15:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\yahoo!
[2011/08/14 15:04:44 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\Adobe
[2011/08/14 15:00:39 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\ATI
[2011/08/14 14:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/08/14 14:47:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/14 11:49:35 | 000,651,776 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/08/14 11:46:35 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/08/14 11:46:31 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/08/14 11:46:30 | 001,499,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/08/14 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/08/14 11:17:42 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\SlimWare Utilities Inc
[2011/08/14 11:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2011/08/14 09:42:32 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\My Drivers
[2011/08/14 09:02:21 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\DriverGenius
[2011/08/13 17:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/08/13 17:41:37 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Local\AMD
[2011/08/13 17:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/08/13 17:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/08/12 11:31:49 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\QTTabBar
[2011/08/11 00:14:37 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\PrimoPDF
[2011/08/10 15:55:40 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/08/10 03:02:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/08/08 20:23:14 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Super F4
[2011/08/05 20:21:54 | 000,000,000 | ---D | C] -- C:\Users\Zinja\AppData\Roaming\U3
[2011/08/04 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Anti-Virus Specific Pgm
[2011/07/26 19:53:59 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Notes Folder
[2011/07/22 15:51:50 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/07/20 14:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/07/20 14:18:40 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Documents\Anti-Malware
[2011/07/19 00:39:42 | 000,000,000 | ---D | C] -- C:\Users\Zinja\Desktop\Registry backup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 17:23:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/08/17 17:18:34 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 17:18:34 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 17:15:37 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/08/17 17:10:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 17:10:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 17:10:11 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 17:09:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/17 16:56:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Zinja\Desktop\OTL (1).com
[2011/08/17 16:44:41 | 000,000,512 | ---- | M] () -- C:\Users\Zinja\Desktop\MBR.dat
[2011/08/17 16:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000UA.job
[2011/08/17 16:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000Core.job
[2011/08/17 16:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 15:21:56 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Zinja\Desktop\aswMBR.exe
[2011/08/17 14:43:47 | 000,555,008 | ---- | M] () -- C:\Users\Zinja\Desktop\RogueKiller.exe
[2011/08/17 10:09:15 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/08/17 00:03:37 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/08/16 23:33:34 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/08/16 23:21:22 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/16 19:40:39 | 000,062,299 | ---- | M] () -- C:\Users\Zinja\Desktop\Indian-in-Bear-Fur-Costume.jpg
[2011/08/16 17:04:36 | 000,783,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 17:04:36 | 000,663,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 17:04:36 | 000,122,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 01:34:35 | 000,001,110 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/16 01:34:35 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/08/14 16:16:00 | 000,000,036 | ---- | M] () -- C:\Users\Zinja\AppData\Local\housecall.guid.cache
[2011/08/14 15:42:25 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/14 15:42:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/08/14 15:37:15 | 000,002,935 | ---- | M] () -- C:\Users\Zinja\Desktop\HiJackThis.lnk
[2011/08/14 15:14:05 | 000,002,291 | ---- | M] () -- C:\Users\Zinja\Desktop\Google Chrome.lnk
[2011/08/14 15:12:46 | 000,017,408 | ---- | M] () -- C:\conf.dat
[2011/08/14 13:27:57 | 000,000,047 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2011/08/14 00:13:15 | 000,007,792 | ---- | M] () -- C:\Users\Zinja\Desktop\Driver Analysis for ZINJA-WARRIOR.html
[2011/08/14 00:03:17 | 000,005,404 | ---- | M] () -- C:\Windows\Cox_Business_CBOB.blk
[2011/08/14 00:03:17 | 000,000,992 | ---- | M] () -- C:\Windows\Cox_Business_CBOB.flt
[2011/08/13 19:23:30 | 000,777,742 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/13 17:47:30 | 000,002,063 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Driver Alert2.lnk
[2011/08/12 00:02:25 | 000,001,127 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\System Explorer.lnk
[2011/08/10 23:59:11 | 000,000,326 | ---- | M] () -- C:\Windows\primopdf.ini
[2011/08/10 15:55:40 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/08/05 23:55:45 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem46.inf
[2011/08/05 19:11:05 | 038,695,279 | ---- | M] () -- C:\Users\Zinja\Desktop\Emerson LD195EMX Manual.PDF
[2011/08/05 13:34:21 | 000,150,682 | ---- | M] () -- C:\Users\Zinja\Desktop\Second HP Support Session.xps
[2011/08/05 13:01:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForZinja.job
[2011/08/04 00:33:44 | 000,000,997 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUtilities.lnk
[2011/08/02 18:59:59 | 000,002,237 | ---- | M] () -- C:\Users\Zinja\Desktop\calendar.ics
[2011/07/28 20:26:42 | 000,000,600 | ---- | M] () -- C:\Users\Zinja\AppData\Roaming\winscp.rnd
[2011/07/28 20:25:56 | 000,001,890 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSCP.lnk
[2011/07/25 21:40:49 | 000,063,124 | ---- | M] () -- C:\Users\Zinja\Desktop\David Orr hawaiian shirt torso shot.jpg
[2011/07/25 18:13:15 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/07/23 10:44:27 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/07/22 15:51:50 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2011/07/22 15:50:19 | 000,002,515 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/20 14:19:20 | 000,001,132 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/07/20 11:30:00 | 000,001,555 | ---- | M] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/19 14:00:25 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 16:44:41 | 000,000,512 | ---- | C] () -- C:\Users\Zinja\Desktop\MBR.dat
[2011/08/17 14:43:16 | 000,555,008 | ---- | C] () -- C:\Users\Zinja\Desktop\RogueKiller.exe
[2011/08/17 10:09:15 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/08/17 00:03:37 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/08/16 23:33:34 | 000,001,198 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011/08/16 23:21:21 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/16 23:21:21 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/16 19:40:07 | 000,062,299 | ---- | C] () -- C:\Users\Zinja\Desktop\Indian-in-Bear-Fur-Costume.jpg
[2011/08/16 01:34:35 | 000,001,110 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/16 01:34:35 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/08/14 16:16:00 | 000,000,036 | ---- | C] () -- C:\Users\Zinja\AppData\Local\housecall.guid.cache
[2011/08/14 15:42:25 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/14 15:42:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/08/14 15:37:15 | 000,002,935 | ---- | C] () -- C:\Users\Zinja\Desktop\HiJackThis.lnk
[2011/08/14 15:14:05 | 000,002,291 | ---- | C] () -- C:\Users\Zinja\Desktop\Google Chrome.lnk
[2011/08/14 15:11:27 | 000,017,408 | ---- | C] () -- C:\conf.dat
[2011/08/14 11:17:59 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/08/14 00:13:15 | 000,007,792 | ---- | C] () -- C:\Users\Zinja\Desktop\Driver Analysis for ZINJA-WARRIOR.html
[2011/08/13 17:47:30 | 000,002,063 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Pitstop Driver Alert2.lnk
[2011/08/10 23:59:16 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2011/08/05 23:56:06 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem46.inf
[2011/08/05 19:04:46 | 038,695,279 | ---- | C] () -- C:\Users\Zinja\Desktop\Emerson LD195EMX Manual.PDF
[2011/08/05 13:34:19 | 000,150,682 | ---- | C] () -- C:\Users\Zinja\Desktop\Second HP Support Session.xps
[2011/08/04 12:49:20 | 000,606,378 | ---- | C] () -- C:\Users\Zinja\Documents\change yahoo name.pdf
[2011/08/02 19:00:10 | 000,002,237 | ---- | C] () -- C:\Users\Zinja\Desktop\calendar.ics
[2011/07/25 21:40:46 | 000,063,124 | ---- | C] () -- C:\Users\Zinja\Desktop\David Orr hawaiian shirt torso shot.jpg
[2011/07/25 18:13:15 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/07/20 14:19:20 | 000,001,132 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/07/20 11:30:00 | 000,001,555 | ---- | C] () -- C:\Users\Zinja\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2011/07/19 14:00:25 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/07/07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/24 11:31:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/22 04:34:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/03/22 04:33:57 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/22 04:33:57 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/22 04:33:56 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/10 15:51:15 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\CAMTHWDM.sys
[2011/03/10 15:50:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/28 05:17:26 | 000,777,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 19:07:04 | 000,000,600 | ---- | C] () -- C:\Users\Zinja\AppData\Roaming\winscp.rnd
[2011/02/22 18:04:51 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 20:32:56 | 000,026,424 | ---- | C] () -- C:\Users\Zinja\AppData\Roaming\UserTile.png
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/21 03:37:09 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/21 03:37:09 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/04/25 15:17:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 23:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/14 15:05:02 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Dropbox
[2011/08/14 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\IObit
[2011/03/20 22:09:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\IrfanView
[2011/06/23 04:55:09 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Lunascape
[2011/06/12 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Made for IT
[2011/05/25 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Obvious Idea
[2011/02/22 17:59:51 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\ooVoo Details
[2011/02/23 16:33:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\OpenOffice.org
[2011/06/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Opera
[2011/03/01 13:10:23 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Philipp Winterberg
[2011/06/19 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\PhotoScape
[2011/08/11 00:14:37 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\PrimoPDF
[2011/08/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\QTTabBar
[2011/06/16 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\qualys
[2011/08/15 14:22:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\QuickScan
[2011/04/04 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1
[2011/03/28 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Stardock
[2011/04/11 00:11:39 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\TreeCardGames
[2011/04/15 13:18:10 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Trillian
[2011/05/08 17:17:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/10 15:51:31 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\WebcamMax
[2011/02/24 14:20:43 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Windows Live Writer
[2011/04/22 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Wireshark
[2011/02/21 18:15:34 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Xilisoft
[2011/06/18 06:01:56 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\Yoono
[2011/03/28 23:03:52 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\YouSendIt
[2011/06/18 05:02:25 | 000,000,000 | ---D | M] -- C:\Users\Zinja\AppData\Roaming\ZumoDrive
[2011/08/04 13:16:05 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/17 17:15:37 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



< End of report >
  • 0

#10
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, here is the scan file from aswMBR.exe.

Unfortunately my applications have not returned. Do you have any suggestions for further action?

Attached File  aswMBR (2).txt   1.71KB   48 downloads
  • 0

Advertisements


#11
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I am running a Deep Scan with Emsisoft Anti-Malware. It's taking an extremely long time so I think it will run all night before it's done. Within the first five minutes, though, it identified the following:

Trojan.Win32.Swisyn!IK (high risk)
and
Riskware.WebToolbar.Win32.Searchbar!IK (low risk)

I ran this program yesterday but it found nothing. Not sure why it's picking up something now but hopefully getting rid of this trojan and searchbar riskware will fix the problem. Once the scan is through I will post again, with any additional items found, if any.

What would you recommend I do once the scan is completed and the malware is quarantined?
  • 0

#12
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Finished the Emsisoft Deep Scan and found nothing in addition to the previously identified Trojan and Riskware.

Rebooted and there is still no sign of the missing applications.

Edited by ozarknature, 18 August 2011 - 08:47 AM.

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What application shortcuts are missing ?

Re-run RogueKiller again selecting option 6 once more then post the log

Then

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#14
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello Essexboy,

I am having difficulty disabling or uninstalling Avast Free 6.0 because I have lost my password to the program. I have submitted a support ticket to Avast for advice on how to override the password. As I don't know how long that will take I will proceed with the other instructions, and if I am unsuccessful I'll have to wait for Avast to advise me.

You asked how my computer is running. I was able to re-install WinZip, Flash Player, QuickTime and iTunes after uninstalling and/or recycling every folder I could find with files associated with those programs.

I am unable to access the folder "Application Data" as I get the following message: "C:\Users\Zinja\Application Data is not accessible. Access is denied." I do not remember encountering this before.

There are also some folders called "NetHood," Cookies, Local Settings, PrintHood, Send To, Templates giving me similar trouble:
"C:\Users\Zinja\Application Data is not accessible. Access is denied."
I don't remember seeing these folders before, either, but I may just be suffering from fading memory.

I am unable to re-install Adobe Reader. When I run the installer program I get the following msg: "This product is already installed. Error code 12010."

I am unable to re-install Java 6. When I try to uninstall it I get the following error msg: "Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor."

When I run the Java installer, I get the following error msg: "The installer cannot proceed with the current Internet Connection settings. Please visit the following web site for more information. http://java.com/en/download/help" [Retry] [Cancel]
  • 0

#15
ozarknature

ozarknature

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
You asked which application shortcuts are missing. I have all sorts of shortcuts but no applications! If you're wondering which orphan shortcuts I have, I could write a full page listing them. For example, all of Microsoft Office 2007, Skype, all games that came installed with Windows, Adobe Flash Player, Adobe Reader, Foxit Reader, CCleaner, Safari, Opera, Lunascape, Cyberlink Power to Go, Dropbox, all the HP Media applications suite, iTunes, and many more.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP