Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ping.exe process keeps running

Started by nadtribble , Aug 23 2011 10:56 PM

  • This topic is locked This topic is locked

#16
nadtribble
Posted 01 September 2011 - 06:30 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Do you recognize these two folders?

c:\users\easyhome\AppData\Roaming\Vaco
c:\users\easyhome\AppData\Roaming\Diik

I don't recognize them at all
  • 0

Advertisements

#17
nadtribble
Posted 01 September 2011 - 06:37 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here's the Malware log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7633

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01/09/2011 6:33:57 PM
mbam-log-2011-09-01 (18-33-57).txt

Scan type: Quick scan
Objects scanned: 208512
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#18
SweetTech
Posted 01 September 2011 - 06:43 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.

I'll remove these 2 folders;

c:\users\easyhome\AppData\Roaming\Vaco
c:\users\easyhome\AppData\Roaming\Diik

later than.
  • 0

#19
nadtribble
Posted 01 September 2011 - 07:56 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here's the esset scan

C:\Users\easyhome\Downloads\cnet_OutpostSecuritySuiteInstall64_exe.exe a variant of Win32/InstallCore.C application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm HTML/Iframe.B.Gen virus
  • 0

#20
nadtribble
Posted 01 September 2011 - 07:58 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here's the security check

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Reader 9.1 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
  • 0

#21
nadtribble
Posted 02 September 2011 - 07:06 AM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Okay.

I'll remove these 2 folders;

c:\users\easyhome\AppData\Roaming\Vaco
c:\users\easyhome\AppData\Roaming\Diik

later than.

just wondering what these files were. This computer is leased and not sure if easyhome had rootkits installed for there own protection.
  • 0

#22
SweetTech
Posted 02 September 2011 - 03:34 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

just wondering what these files were. This computer is leased and not sure if easyhome had rootkits installed for there own protection.

These two items actually seme to be 2 empty folders, so I'm going to remove them. Malware has been known to drop randomly named folders to the computer.

These threat(s) below will be removed very shortly:

C:\Users\easyhome\Downloads\cnet_OutpostSecuritySuiteInstall64_exe.exe a variant of Win32/InstallCore.C application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm HTML/Iframe.B.Gen virus


____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:OTL

:Reg

:Files
C:\Users\easyhome\Downloads\cnet_OutpostSecuritySuiteInstall64_exe.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm
c:\users\easyhome\AppData\Roaming\Vaco
c:\users\easyhome\AppData\Roaming\Diik
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#23
nadtribble
Posted 02 September 2011 - 09:25 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here's the OTL log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\easyhome\Downloads\cnet_OutpostSecuritySuiteInstall64_exe.exe moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[2].htm not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0QFC2LC\afr[3].htm not found.
c:\users\easyhome\AppData\Roaming\Vaco folder moved successfully.
c:\users\easyhome\AppData\Roaming\Diik folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\easyhome\Desktop\cmd.bat deleted successfully.
C:\Users\easyhome\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: Administrator.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: easyhome
->Temp folder emptied: 1653455 bytes
->Temporary Internet Files folder emptied: 128404595 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 141401329 bytes
->Google Chrome cache emptied: 294240325 bytes
->Flash cache emptied: 22590 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 1729895 bytes

Total Files Cleaned = 541.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.000

User: All Users

User: Default

User: Default User

User: easyhome
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 09022011_211721

Files\Folders moved on Reboot...
C:\Users\easyhome\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#24
nadtribble
Posted 02 September 2011 - 09:32 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
here's the second OTL log

OTL logfile created on: 9/2/2011 9:24:31 PM - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\easyhome\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 61.46% Memory free
7.50 Gb Paging File | 5.93 Gb Available in Paging File | 79.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 752.92 Gb Free Space | 82.57% Space Free | Partition Type: NTFS

Computer Name: EASYHOME-PC | User Name: easyhome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 01:50:36 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/09/27 19:49:38 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe
PRC - [2010/09/21 17:22:20 | 000,309,104 | ---- | M] (Pelmorex Media Inc.) -- C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2010/09/09 17:58:12 | 000,155,752 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
PRC - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/07/07 06:35:48 | 000,438,376 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe
PRC - [2009/07/07 06:32:42 | 001,346,048 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/02 08:12:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/30 01:50:34 | 000,400,440 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\ppgooglenaclpluginchrome.dll
MOD - [2011/08/30 01:50:33 | 004,118,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\pdf.dll
MOD - [2011/08/30 01:49:01 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\avutil-50.dll
MOD - [2011/08/30 01:49:00 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\avformat-52.dll
MOD - [2011/08/30 01:48:58 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\avcodec-52.dll
MOD - [2011/08/27 18:19:42 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/27 07:57:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/27 07:56:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/27 07:56:56 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/27 07:56:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/03/29 16:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/09 23:51:28 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/09 23:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/11/04 19:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 19:58:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 19:53:23 | 005,279,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/11/04 19:53:22 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2009/07/13 22:35:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009/07/13 22:35:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009/07/13 22:35:42 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2009/07/13 18:46:14 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/07/07 06:36:08 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Gateway\Gateway TouchPortal\LanguageDll\TouchPortalLauncher-en.dll
MOD - [2009/07/07 06:32:48 | 000,181,248 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2003/02/02 20:06:02 | 000,153,088 | ---- | M] () -- C:\Windows\SysWOW64\UNRAR3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/08/09 09:01:25 | 008,205,576 | RH-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\servicescache.exe -- (systemCheck)
SRV:64bit: - [2011/08/09 08:59:24 | 000,199,944 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\CNGKeyLock.exe.vir -- (CNGKeyLock)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 17:50:38 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/08/10 21:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 21:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/13 21:54:04 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/04/03 21:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 18:46:26 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/09 18:18:10 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/09/09 18:18:08 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 20:53:42 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 19:59:34 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:59:32 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 06:17:22 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 18:37:34 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/06/10 18:35:34 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 18:34:32 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 18:34:22 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2009/07/13 21:17:56 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.shaw.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.shaw.ca/start/enCA/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/09/09 17:41:43 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/31 22:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/02/28 22:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Extensions
[2011/08/21 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions
[2011/08/09 22:05:37 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/15 14:18:18 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/26 21:08:53 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011/08/09 22:05:44 | 000,000,000 | ---D | M] ("CyberSearch") -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:35 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:38 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\[email protected]
[2011/02/26 21:08:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\easyhome\AppData\Roaming\mozilla\Firefox\Profiles\jb57vp1e.default\extensions\vshare@toolbar
[2011/01/09 13:45:28 | 000,000,863 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\conduit.xml
[2010/05/01 21:03:17 | 000,000,266 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\Search.xml
[2011/01/30 19:01:03 | 000,001,583 | ---- | M] () -- C:\Users\easyhome\AppData\Roaming\Mozilla\Firefox\Profiles\jb57vp1e.default\searchplugins\web-search.xml
[2011/08/10 21:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\EASYHOME\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JB57VP1E.DEFAULT\EXTENSIONS\[email protected]
[2011/08/31 22:33:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/02 21:17:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Gateway\Gateway TouchPortal\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PRO\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TouchMovieService] C:\Program Files (x86)\Gateway\Gateway TouchPortal\Touch Movie\TouchMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TouchPortalV3Launcher] C:\Program Files (x86)\Gateway\Gateway TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [WeatherEye] C:\Users\easyhome\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/09/02 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/02 17:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/02 17:16:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/02 17:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/02 12:20:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{71D294E6-5235-4D56-B6CA-F91A235C28D9}
[2011/09/02 11:51:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BF105937-1E80-46BB-9A5C-BCCDB9E9A1A8}
[2011/09/01 21:27:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/01 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{79DE2477-ECEA-4C36-B1E0-5CC0AE49D1AD}
[2011/09/01 18:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/01 17:16:20 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A708E642-3A65-4613-8CFA-34C5F730C7A7}
[2011/09/01 10:52:20 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{713BD41F-32C1-4CF5-A10A-8FE2C2E1F440}
[2011/08/31 21:35:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/31 20:43:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/31 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A1A69B7F-151F-4213-A203-A1B7524CE7DE}
[2011/08/31 11:56:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{74E3598E-B769-4E23-8FA5-CA1A9582FC91}
[2011/08/31 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0CEB9DA2-64B8-47D0-B5F4-F2CAAD43E767}
[2011/08/30 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4C06E627-8293-4811-A91E-716C345BAD4C}
[2011/08/30 21:28:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ADB13DEC-93E1-440A-8D4A-ACBC696F98D0}
[2011/08/30 19:42:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/30 19:42:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/30 19:42:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/30 19:41:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/30 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{48C8F0DE-69FD-4537-B565-2FD9982B1643}
[2011/08/30 18:13:16 | 004,191,827 | R--- | C] (Swearware) -- C:\Users\easyhome\Desktop\ComboFix.exe
[2011/08/30 14:43:40 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D4A63D5B-85BB-4B37-867F-7D91CDF6B331}
[2011/08/30 13:45:40 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{339CE403-7637-4C1C-8078-F1EFCFA096EF}
[2011/08/30 13:34:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\WildTangent
[2011/08/30 09:23:23 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5A4A1120-5357-44AA-8FD5-056FAB217CAB}
[2011/08/29 20:25:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/29 09:34:58 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{47C52008-1388-41AB-A1C5-0E326DE45B31}
[2011/08/28 23:41:56 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9CFC3B24-18DF-45FF-AFBB-39FA16A3A04B}
[2011/08/28 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{07364372-D378-4954-8361-E4DF6C463583}
[2011/08/28 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3A3B594A-2E86-4998-A6D6-178939E29A60}
[2011/08/28 14:33:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6A3FAF93-D8E8-4DB4-8B32-EDFC9045FEB3}
[2011/08/28 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DB69AE59-3C4F-4B4D-B38B-9EDA32ACDFC0}
[2011/08/26 16:32:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/08/26 12:54:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{46DD3D35-DA14-4562-8909-F941CFA3DC89}
[2011/08/25 21:17:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B621414F-193E-480E-9482-363A865AA5AA}
[2011/08/25 20:36:11 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/25 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/25 20:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/25 20:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/25 00:37:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DEC430C5-5B1F-40A0-B376-2BBC9EB4E255}
[2011/08/24 23:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/24 22:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/24 22:19:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/24 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6318D4E8-5F0F-40CC-A5CD-AE0582008DAD}
[2011/08/24 08:23:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7C8E76A4-2585-4283-8E3B-1258C774A34E}
[2011/08/24 07:25:07 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{703DDEC9-2723-44D5-BCD1-BA2A39D3B0F0}
[2011/08/23 23:06:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/23 23:05:00 | 000,110,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90402989.sys
[2011/08/23 23:00:30 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\easyhome\Desktop\TDSSKiller.exe
[2011/08/23 22:48:20 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:22:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1CA94C84-3EFD-4113-A89A-3198BDA4B398}
[2011/08/23 22:13:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E3AFF1B-7E6C-4681-8211-95415B772CF4}
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2011/08/23 20:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2011/08/23 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08C4EF53-AA28-4073-A848-782FCBC9F9F7}
[2011/08/23 10:28:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E03D3F18-3040-497E-948B-7AD28EF0BAB3}
[2011/08/23 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FBB328C8-C249-4201-ABE5-ABE48AEA42EA}
[2011/08/23 07:03:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2410255F-2A6D-412F-AC25-856DDDEC8CFB}
[2011/08/22 21:44:18 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9CD262F0-2104-4668-8FA2-6A3698BE1F13}
[2011/08/22 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FA99406C-A357-4BBB-9359-8E897D8135D8}
[2011/08/22 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/08/22 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2011/08/22 19:21:32 | 000,000,000 | ---D | C] -- C:\registrycleaner
[2011/08/22 18:51:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{06858AF1-73DE-4A8D-8FFB-D8FE520F6346}
[2011/08/22 18:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/08/22 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/08/22 13:49:55 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{12F54B3F-0E09-4142-BEB3-A95E89E74589}
[2011/08/22 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1411B689-2F1F-42D4-948B-8DDE132CADD9}
[2011/08/22 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0438D4F5-6968-436F-A28D-E5FB1121231E}
[2011/08/22 09:58:53 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A6F895E7-6139-44A8-A5E0-642BC04B68C7}
[2011/08/21 20:12:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2CC1BED-A7BB-4864-851A-199452082BAF}
[2011/08/21 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C2E04CE0-739A-4681-A595-187D623BD434}
[2011/08/21 09:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/08/21 09:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E4A7B2C4-84CF-477F-B5DD-8C5A7E3AA22A}
[2011/08/21 09:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/08/20 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D3E22284-198D-4B03-8BCF-F44901651186}
[2011/08/19 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3A18C3CF-AEEA-4EBB-B158-D33D95AD9074}
[2011/08/19 10:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E5D08D6B-69E4-48FC-9F58-B5AE4D732598}
[2011/08/19 00:11:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5C25F32A-B0C3-44EF-9612-D375111F10BF}
[2011/08/18 23:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8F0BE1F2-F403-48C9-B0F2-E3F918D77AB2}
[2011/08/18 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2BA6D897-AB9F-4706-9AD0-4B08B5DDFB41}
[2011/08/18 20:11:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1F947CD7-02BC-4F10-8A5A-F7196CF3C566}
[2011/08/18 19:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2011/08/18 19:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2011/08/18 19:51:53 | 000,000,000 | ---D | C] -- C:\drivergenius
[2011/08/18 18:39:05 | 000,000,000 | ---D | C] -- C:\processexp
[2011/08/18 15:50:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{47828F8B-3CAC-4ABE-BB4F-6B850910F6A9}
[2011/08/18 14:29:37 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/08/18 14:28:56 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/08/18 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/08/18 13:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/18 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{160F230B-14E7-427E-810C-8E7628B00BB4}
[2011/08/18 09:52:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{FEB63173-CF85-453C-92AB-DEAAFEBF70D5}
[2011/08/18 09:46:29 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ED010BA6-B399-44B6-98F8-6728B31EE194}
[2011/08/17 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CB33CF7F-5C42-4EF2-B372-5FBEE35C8BB5}
[2011/08/17 12:30:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AF489237-016F-497A-80E8-C4B56CD7DB58}
[2011/08/17 10:47:08 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9DBB5A25-1D34-4490-A932-8D2D0855978F}
[2011/08/16 22:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/16 21:53:36 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011/08/16 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/08/16 13:24:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1569294B-4EE1-44FD-AEDC-A24E381F044E}
[2011/08/16 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B14B8F06-5434-4CAC-993C-98E9297D3159}
[2011/08/16 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AD8CB99B-08B6-4C84-BFDC-1D3994043588}
[2011/08/15 22:18:06 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{671AC9D7-DD96-4A61-AF48-FE7ADD32007A}
[2011/08/15 20:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/15 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/15 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{ECC06D14-8C21-4DE6-89DB-E54CD3AECA53}
[2011/08/15 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E02F83DE-1FFB-43E3-A789-F64EAE63B465}
[2011/08/15 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D278C048-409C-4BE5-B09E-26FDA51C6560}
[2011/08/15 08:43:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B46BE585-BB86-4ACA-ACAC-85C2CCC3AAE9}
[2011/08/15 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{C6932D6F-BCE6-4CBE-AE31-ECBFDC69FFDF}
[2011/08/14 21:54:15 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7CC90DB4-527D-486E-958E-7012AC937282}
[2011/08/14 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{65DCCDA8-7493-4803-80B8-8C80FD7EB8F1}
[2011/08/14 21:35:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{568CEDFA-6E00-4D10-AC59-6D23B6B2E87B}
[2011/08/14 18:13:37 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9EFD0270-D812-4ED2-88F3-114EAABDCC53}
[2011/08/14 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{28B47389-D678-4058-8F54-8C853D88D6D9}
[2011/08/14 12:56:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1BFCAD49-B182-498D-B4B3-223711596CAF}
[2011/08/14 01:21:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4E9E4855-F3D8-4A15-84A5-C4589A8C9A13}
[2011/08/12 21:13:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{5CA4307B-C757-4203-BFBF-FBB74FD4B821}
[2011/08/12 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{812640BC-D72A-483C-83FF-9E82EA5DB0E3}
[2011/08/12 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{B8396A0C-E930-4ECF-B734-FBAD6136C360}
[2011/08/12 11:03:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2A42E3CA-0AE8-474D-94DC-BFE8F068A8B9}
[2011/08/12 08:59:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9F00EF5D-EA3F-4BF3-A567-6792E8D5E6A8}
[2011/08/12 07:56:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{51583D6E-FFC6-4CC3-A1A6-FF29F203256B}
[2011/08/12 06:57:27 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{29DD3B1B-250E-489F-BD26-552169900B2A}
[2011/08/11 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/11 07:31:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{46A6F414-E9A7-47B6-9D1D-8A7E57FDC756}
[2011/08/10 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
[2011/08/10 21:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2011/08/10 21:41:46 | 000,000,000 | ---D | C] -- C:\bjblitxcrack
[2011/08/10 21:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2011/08/10 21:03:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{128F13D0-3842-47B1-9B89-5B21197523E5}
[2011/08/10 19:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/10 19:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/08/10 19:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/08/10 19:42:53 | 000,000,000 | ---D | C] -- C:\trojanremover
[2011/08/10 19:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ConeXware
[2011/08/10 19:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PatchBeam
[2011/08/10 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver
[2011/08/10 19:40:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerArchiver
[2011/08/10 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{7FF28835-FF6F-4DB9-9F5D-7BB64D1ECC22}
[2011/08/10 14:52:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{502F35FB-46CC-42FD-930A-2ECD26AAE7F6}
[2011/08/10 00:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/10 00:26:51 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3F11519D-B896-4A02-86B8-F90226FE3F13}
[2011/08/10 00:10:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BA8FF579-3346-474F-A4C4-1EA01F7EF93A}
[2011/08/09 22:27:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\Conduit
[2011/08/09 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/08/09 22:27:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\uTorrent
[2011/08/09 22:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/09 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/09 22:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/09 20:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/08/09 20:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
[2011/08/09 18:39:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/09 18:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/09 18:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/09 18:39:44 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/09 18:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/09 18:30:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/09 09:01:32 | 008,007,680 | R--- | C] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 001,369,088 | RH-- | C] (Igor Pavlov) -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | C] (Markovtsev Vadim) -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | C] (ICSharpCode.net) -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | C] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 09:01:26 | 014,039,304 | RHS- | C] (DesignerWare, LLC) -- C:\Windows\SysNative\BackupSys.exe
[2011/08/09 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E36CF281-1FA8-4472-913F-78A6273FCB97}
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/08/09 06:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/08/09 05:05:46 | 000,000,000 | ---D | C] -- C:\book
[2011/08/09 04:04:35 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{69B3D09B-92EF-4753-BAFD-89EB9BA1182B}
[2011/08/09 03:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/08/09 03:52:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0EA25A2A-C61D-49A1-B9D1-9DF6BAE8FBD8}
[2011/08/09 03:39:26 | 008,007,680 | ---- | C] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:22:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/08 19:39:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0E4A281B-2BD6-45BB-9C19-C94FFE192F75}
[2011/08/08 19:25:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A47FAC2-29AD-4BE7-8A0A-7BE1C41208BC}
[2011/08/08 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{AE5E8579-B81F-4BA8-BE4B-8CB298AF60F5}
[2011/08/08 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0A72364B-BB87-467B-8818-9D37614F6BC6}
[2011/08/08 18:01:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{68118980-E043-4B09-BD76-9042E1C5CD70}
[2011/08/08 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{38EAFFCD-198B-4E96-B9AE-B1FEF08EAC44}
[2011/08/08 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFF90156-A729-4D31-AC76-63A4D1998C84}
[2011/08/08 08:13:00 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A0A8FD55-1CE2-4F93-B76C-40B60BA685E8}
[2011/08/07 18:10:45 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{05F241D3-7BAD-4F73-A748-E1DD4809C448}
[2011/08/07 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{346C1192-5F4F-41C3-B1C9-48AB60FFD952}
[2011/08/07 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{A884CBD8-E104-4206-BBC1-DD41E9107521}
[2011/08/07 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{0FA4B5A9-BCA4-4E62-890A-06EF128DD735}
[2011/08/06 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2C0B8277-62FD-4C06-AAB0-562374BDB1EB}
[2011/08/06 16:10:57 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82D6673D-4ED2-4ABA-A5A6-F98243DE63DF}
[2011/08/06 11:24:43 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{BFE1533C-0B76-4BA0-BB6E-E5688271AD81}
[2011/08/06 11:24:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{886995DD-5CB7-42BE-AF8D-91B5539BE0BE}
[2011/08/06 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{40A6733D-F3A0-400B-A5E2-F2E678329A69}
[2011/08/06 09:57:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{CEC9925C-D75B-4B36-B88B-D96EE8CE9837}
[2011/08/05 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{1AD5572E-D6C5-4640-AEFE-D16CAF6C43FE}
[2011/08/05 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{9D581322-1AC2-48DD-8D52-9D4E0BCA6553}
[2011/08/05 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{19AFA376-B360-4340-8CBC-7517CBBC5664}
[2011/08/05 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{3BF716BC-8F99-4D99-89E9-665CDA70492A}
[2011/08/05 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{6E072E50-4440-4E65-89CE-581E33BAD446}
[2011/08/05 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{E037766F-F316-459E-B714-D11382469A88}
[2011/08/05 21:16:58 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{EA859097-F242-465C-986F-A1D88B4E1E84}
[2011/08/05 20:48:59 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{F68E30F0-E21C-494A-A5A5-674528C3B484}
[2011/08/05 20:12:46 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{038DA731-209D-4808-A4B7-C56613943B44}
[2011/08/05 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{93D84BD2-9282-49CD-B7F0-8B6B9C7CE118}
[2011/08/05 20:09:44 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{75F84332-8CFA-440B-93B7-E058F3C5C7E0}
[2011/08/05 17:19:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{41C643B7-2A6D-4D89-BECA-2012F39B9A3B}
[2011/08/05 17:19:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{D03DD6A2-0FFE-4D8C-915B-D9A8763FA473}
[2011/08/05 14:16:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8281DF27-A431-4923-9B4A-C2E86720FC62}
[2011/08/05 13:49:24 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{003E81D6-66BF-42B8-A65C-94465BDB08E9}
[2011/08/05 13:49:12 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4B894D5E-D7F1-4496-82D3-77683CB1B184}
[2011/08/05 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{4EA2046D-3D3F-4B3F-98BC-B15645CDCA5E}
[2011/08/05 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{89F94A6E-77F8-450F-AA4F-59CBDAE078AD}
[2011/08/05 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{DB6C586A-2FEE-4CB9-B981-C43181EBFF4B}
[2011/08/05 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{2E5137B3-3FE8-472B-9E77-02526A97CF9A}
[2011/08/05 09:17:49 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{82BAABC5-69AC-440D-B709-F2FC201E231D}
[2011/08/04 15:46:52 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{08BA59A4-6BB8-41A2-89C3-ACD137BE0787}
[2011/08/03 23:01:13 | 000,000,000 | ---D | C] -- C:\Users\easyhome\AppData\Local\{8735469D-5A4F-4640-9E5D-D27B10514B35}
[2011/03/25 12:39:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\easyhome\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/09/02 21:27:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 21:27:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 21:26:22 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/02 21:26:22 | 000,621,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/02 21:26:22 | 000,108,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/02 21:20:40 | 000,082,797 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2011/09/02 21:20:40 | 000,000,116 | R--- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/09/02 21:20:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/02 21:20:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/02 21:20:07 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/02 21:17:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/02 21:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/02 17:20:51 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/01 19:43:52 | 000,879,028 | ---- | M] () -- C:\Users\easyhome\Desktop\SecurityCheck.exe
[2011/08/31 22:46:17 | 000,000,755 | -HS- | M] () -- C:\Windows\SysNative\settings.ini
[2011/08/31 20:32:31 | 004,191,827 | R--- | M] (Swearware) -- C:\Users\easyhome\Desktop\ComboFix.exe
[2011/08/30 20:11:15 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/27 03:19:53 | 000,289,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/25 20:35:46 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/25 09:23:02 | 523,410,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/24 23:36:52 | 000,007,605 | ---- | M] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/23 23:05:00 | 000,110,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\90402989.sys
[2011/08/23 22:48:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\easyhome\Desktop\OTL.exe
[2011/08/23 22:42:14 | 001,390,139 | ---- | M] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/22 19:23:57 | 003,828,341 | ---- | M] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\easyhome\Desktop\TDSSKiller.exe
[2011/08/18 19:57:01 | 000,001,725 | ---- | M] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | M] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/18 13:26:35 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/08/18 13:26:21 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/15 20:17:52 | 000,001,269 | ---- | M] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:06:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/10 21:42:36 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/08/10 21:18:25 | 000,001,046 | ---- | M] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:40:40 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 18:39:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 09:01:32 | 008,007,680 | R--- | M] ( ) -- C:\Windows\SysNative\Microsoft.mshtml.dll
[2011/08/09 09:01:32 | 001,369,088 | RH-- | M] (Igor Pavlov) -- C:\Windows\SysNative\7z.dll
[2011/08/09 09:01:32 | 000,256,000 | RH-- | M] (Markovtsev Vadim) -- C:\Windows\SysNative\SevenZipSharp.dll
[2011/08/09 09:01:32 | 000,200,704 | R--- | M] (ICSharpCode.net) -- C:\Windows\SysNative\ICSharpCode.SharpZipLib.dll
[2011/08/09 09:01:32 | 000,126,976 | R--- | M] ( ) -- C:\Windows\SysNative\Interop.SHDocVw.dll
[2011/08/09 09:01:30 | 000,003,535 | RHS- | M] () -- C:\Windows\SysNative\{master}(1)avg.enu
[2011/08/09 09:01:30 | 000,001,786 | RHS- | M] () -- C:\Windows\SysNative\masterlock.enu
[2011/08/09 09:01:26 | 000,069,762 | ---- | M] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 09:01:26 | 000,004,697 | RHS- | M] () -- C:\Windows\SysNative\{master}(0)nrt.enu
[2011/08/09 09:01:26 | 000,003,618 | RHS- | M] () -- C:\Windows\SysNative\{master}(99)misc.enu
[2011/08/09 09:01:26 | 000,003,445 | RHS- | M] () -- C:\Windows\SysNative\{master}(9)com.enu
[2011/08/09 09:01:26 | 000,003,439 | RHS- | M] () -- C:\Windows\SysNative\{master}(2)cas.enu
[2011/08/09 09:01:26 | 000,003,427 | RHS- | M] () -- C:\Windows\SysNative\{master}(8)pro.enu
[2011/08/09 09:01:26 | 000,003,391 | RHS- | M] () -- C:\Windows\SysNative\{master}(3)pan.enu
[2011/08/09 09:01:26 | 000,003,354 | RHS- | M] () -- C:\Windows\SysNative\{master}(zz)Template.enu
[2011/08/09 09:01:26 | 000,003,347 | RHS- | M] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | M] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 03:39:27 | 008,007,680 | ---- | M] ( ) -- C:\Windows\SysWow64\Microsoft.mshtml.dll
[2011/08/09 03:39:24 | 000,126,976 | ---- | M] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll
[2011/08/09 03:18:02 | 001,056,768 | ---- | M] () -- C:\Windows\SysWow64\defltbase.sdb

========== Files Created - No Company Name ==========

[2011/09/02 17:20:51 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/02 17:20:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/01 19:43:52 | 000,879,028 | ---- | C] () -- C:\Users\easyhome\Desktop\SecurityCheck.exe
[2011/08/31 22:46:14 | 000,000,755 | -HS- | C] () -- C:\Windows\SysNative\settings.ini
[2011/08/30 19:42:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/30 19:42:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/30 19:42:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/30 19:42:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/30 19:42:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/25 20:35:46 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 22:42:09 | 001,390,139 | ---- | C] () -- C:\Users\easyhome\Desktop\tdsskiller.zip
[2011/08/22 22:01:04 | 000,007,605 | ---- | C] () -- C:\Users\easyhome\AppData\Local\resmon.resmoncfg
[2011/08/22 19:23:57 | 003,828,341 | ---- | C] () -- C:\Users\easyhome\Documents\backup.cab
[2011/08/18 19:57:01 | 000,001,725 | ---- | C] () -- C:\Users\easyhome\Desktop\DriverGenius - Shortcut.lnk
[2011/08/18 19:11:00 | 000,422,382 | ---- | C] () -- C:\Users\easyhome\Desktop\Untitled.jpg
[2011/08/18 14:31:01 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/08/18 14:28:19 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/08/18 14:27:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/08/18 14:27:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/08/18 14:27:33 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/08/15 20:17:52 | 000,001,269 | ---- | C] () -- C:\Users\easyhome\Desktop\Spybot - Search & Destroy.lnk
[2011/08/15 19:18:32 | 000,001,454 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/15 19:06:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/15 19:06:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/10 21:18:25 | 000,001,046 | ---- | C] () -- C:\Users\easyhome\Desktop\KMPlayer.lnk
[2011/08/10 19:44:55 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011/08/10 19:44:43 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/08/10 19:44:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/08/10 19:44:43 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/08/10 19:44:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/08/10 19:40:40 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\PowerArchiver.lnk
[2011/08/09 22:27:41 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/08/09 22:13:48 | 000,002,351 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/09 22:13:26 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/09 22:13:24 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/09 22:04:56 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/09 22:04:56 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/09 09:01:26 | 000,405,504 | RHS- | C] () -- C:\Windows\SysNative\vshadow.exe
[2011/08/09 09:01:26 | 000,364,032 | RHS- | C] () -- C:\Windows\SysNative\vshadowamd64.exe
[2011/08/09 09:01:26 | 000,352,256 | RHS- | C] () -- C:\Windows\SysNative\vshadowXP.exe
[2011/08/09 09:01:26 | 000,003,347 | RHS- | C] () -- C:\Windows\SysNative\{master}(1a)avgi.enu
[2011/08/09 09:01:26 | 000,000,116 | R--- | C] () -- C:\Windows\SysNative\masteraclbini.enu
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\suspendoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\spynetkeepon
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\restorerunoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\rebootoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\overridenomonitor
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\nukeoff
[2011/08/09 09:01:26 | 000,000,064 | ---- | C] () -- C:\Windows\firewalloff
[2011/08/09 09:01:26 | 000,000,038 | RHS- | C] () -- C:\Windows\SysNative\masteracl.enu
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuspendOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SpyNetKeepOn
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RestoreRunOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\RebootOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OverrideNoMonitor
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\NukeOff
[2011/08/09 09:01:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\FireWallOff
[2011/08/09 05:05:47 | 000,069,762 | ---- | C] () -- C:\Windows\SysWow64\masteraclini.enu
[2011/08/09 03:57:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/08/09 03:57:22 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/09 03:22:40 | 523,410,657 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/09 03:18:00 | 001,056,768 | ---- | C] () -- C:\Windows\SysWow64\defltbase.sdb
[2011/08/09 03:16:28 | 3019,296,768 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/08 10:34:15 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2011/03/25 12:39:21 | 000,007,859 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.cat
[2011/03/25 12:39:21 | 000,001,167 | ---- | C] () -- C:\Users\easyhome\AppData\Roaming\pcouffin.inf
[2009/07/14 03:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:35:50 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 00:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 22:10:28 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:03:58 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/07 06:32:48 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/07/07 06:32:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/07/07 06:32:48 | 000,001,411 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2009/07/07 06:32:48 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2009/06/10 19:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/22 19:23:17 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\CleanMyPC Software
[2011/06/01 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby
[2011/06/01 18:06:04 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Coby Media Manager
[2011/03/31 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\DAEMON Tools Lite
[2011/08/22 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\GetRightToGo
[2011/03/31 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\LucasArts
[2011/02/12 05:23:43 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\MyJournals
[2011/04/02 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OEM
[2011/02/27 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\OpenOffice.org
[2011/03/07 22:13:49 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Packard Bell
[2011/08/18 17:06:12 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\PowerCinema
[2011/05/22 19:54:09 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Replay Media Catcher 4
[2011/08/10 19:44:32 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Simply Super Software
[2011/06/13 06:46:58 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Smilebox
[2011/08/16 15:54:35 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchBrowser
[2011/09/02 18:58:18 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchGadget
[2011/02/09 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\TouchPortalV3
[2011/08/30 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\uTorrent
[2011/07/19 21:48:47 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Vso
[2011/02/12 05:23:44 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\WebClip
[2011/08/30 13:34:54 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\WildTangent
[2011/02/19 09:57:56 | 000,000,000 | ---D | M] -- C:\Users\easyhome\AppData\Roaming\Windows Live Writer
[2011/08/22 09:29:22 | 000,017,360 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/08/31 22:33:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/08/31 22:33:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/08/31 22:33:54 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/08/31 22:33:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/08/31 22:33:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/08/31 22:33:56 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/08/30 01:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/08/30 01:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/08/30 01:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/08/30 01:50:36 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/15 19:06:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/15 19:06:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/15 19:06:11 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/15 19:06:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/08/15 19:06:12 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/05/04 18:39:18 | 000,001,755 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\.ChromotingConfig.json
[2011/09/02 21:24:40 | 000,000,005 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2011/08/10 07:24:22 | 000,494,542 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\en-GB-1-2.bdic
[2011/08/09 22:15:02 | 000,000,000 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\First Run
[2011/09/02 21:24:38 | 000,010,883 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Local State
[2011/09/02 21:23:01 | 005,436,336 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/09/02 21:23:02 | 001,794,765 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/09/02 21:23:00 | 000,214,472 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2011/08/23 20:39:45 | 000,000,055 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Service State
[2011/09/02 21:10:06 | 006,918,144 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/09/02 21:10:06 | 000,243,256 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/09/02 18:29:14 | 000,024,561 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/09/02 18:29:14 | 000,024,561 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/09/02 21:23:30 | 000,987,136 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/09/02 21:24:38 | 000,637,908 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/09/02 21:24:38 | 000,141,573 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/02/19 21:01:42 | 000,006,144 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/09/02 21:22:40 | 005,165,056 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/09/02 21:24:39 | 176,795,648 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History
[2011/06/29 19:19:28 | 052,822,016 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/07/30 22:07:17 | 054,202,368 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-04
[2011/08/29 17:43:52 | 069,861,376 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/09/02 21:10:07 | 072,192,000 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-06
[2011/09/02 21:24:40 | 054,579,200 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-07
[2011/09/02 21:02:06 | 027,807,744 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-08
[2011/09/02 21:24:40 | 003,649,536 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-09
[2011/09/02 21:24:38 | 000,000,000 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2011/09/02 21:17:19 | 000,166,641 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/09/02 19:34:32 | 000,119,093 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/09/02 21:10:08 | 000,028,672 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/09/02 21:10:08 | 000,004,624 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2011/09/02 21:24:40 | 000,089,608 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/09/02 19:19:28 | 000,009,216 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2011/02/28 21:31:53 | 000,000,000 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Thumbnails
[2011/09/02 19:30:15 | 000,278,528 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/05/30 17:32:32 | 000,000,008 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2011/09/02 21:24:40 | 000,524,192 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/09/02 21:21:53 | 000,157,696 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/09/02 21:24:40 | 000,045,056 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2011/09/02 21:24:40 | 000,270,336 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2011/09/02 21:24:40 | 001,056,768 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2011/09/02 21:24:40 | 004,202,496 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2011/09/02 21:21:56 | 000,024,633 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2011/09/02 21:21:56 | 000,024,690 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2011/09/02 21:21:56 | 000,040,662 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2011/09/02 21:21:56 | 000,051,892 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2011/09/02 21:21:57 | 000,030,892 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2011/09/02 21:21:57 | 000,033,699 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2011/09/02 21:21:57 | 000,018,190 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2011/09/02 21:21:58 | 000,029,478 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2011/09/02 21:21:58 | 000,037,342 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2011/09/02 21:21:59 | 000,029,746 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2011/09/02 21:21:59 | 000,042,850 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2011/09/02 21:21:59 | 000,031,942 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2011/09/02 21:22:00 | 000,026,009 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2011/09/02 21:22:02 | 000,028,108 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2011/09/02 21:22:02 | 000,018,957 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2011/09/02 21:22:02 | 000,019,216 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2011/09/02 21:22:02 | 000,022,393 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2011/09/02 21:22:03 | 000,081,642 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2011/09/02 21:22:03 | 000,047,845 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2011/09/02 21:22:03 | 000,021,697 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2011/09/02 21:22:03 | 000,022,021 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2011/09/02 21:22:04 | 000,496,713 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2011/09/02 21:22:04 | 000,049,755 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2011/09/02 21:22:30 | 000,032,358 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2011/09/02 21:21:53 | 000,524,656 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/03/29 19:48:13 | 000,009,216 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/03/02 23:13:29 | 000,004,096 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\databases\http_twitter.com_0\6
[2011/03/03 22:48:58 | 000,004,096 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.beautyoftheweb.com_0\7
[2011/03/21 18:21:08 | 000,004,096 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.westjet.com_0\8
[2011/03/29 19:48:14 | 000,004,096 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\databases\https_bookings.westjet.com_0\9
[10 C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/08/16 06:49:50 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
[2011/07/14 19:08:51 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hehijbfgiekmjfkfjpbkbammjbdenadd_0.localstorage
[2011/08/06 13:25:41 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_noocneohefmdhonidldnlhaainpiomkp_0.localstorage
[2011/08/10 07:24:20 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_0-130.channel.facebook.com_0.localstorage
[2011/08/16 21:20:16 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_bonus.trialpay.com_0.localstorage
[2011/03/22 19:39:51 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cim.meebo.com_0.localstorage
[2011/03/06 19:51:03 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_content2.kitnmedia.com_0.localstorage
[2011/03/21 21:44:57 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_h.online-metrix.net_0.localstorage
[2011/04/21 21:38:48 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.logmein.com_0.localstorage
[2011/09/02 21:17:18 | 000,005,120 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_secure.shared.live.com_0.localstorage
[2011/08/10 07:05:59 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage
[2011/04/28 19:22:06 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.meebo.com_0.localstorage
[2011/03/05 19:13:54 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage
[2011/05/14 20:01:34 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_answers.ask.com_0.localstorage
[2011/08/10 07:07:30 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage
[2011/06/13 21:18:04 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bingo-www.buffalo-ggn.net_0.localstorage
[2011/06/09 07:38:36 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_canada411.yellowpages.ca_0.localstorage
[2011/08/10 07:05:59 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage
[2011/08/11 07:40:41 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdn.applifier.com_0.localstorage
[2011/08/26 20:48:49 | 000,537,600 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cdn.apture.com_0.localstorage
[2011/03/24 20:19:55 | 000,999,424 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cim.meebo.com_0.localstorage
[2011/06/14 07:20:11 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dd.sl.playfirst.com_0.localstorage
[2011/06/09 22:39:57 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dd.wooga.com_0.localstorage
[2011/06/10 15:37:50 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deal.iwin.com_0.localstorage
[2011/06/03 21:00:16 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_developers.facebook.com_0.localstorage
[2011/04/22 13:00:23 | 000,006,144 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamerant.com_0.localstorage
[2011/06/13 23:40:59 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_labs.popcap.com_0.localstorage
[2011/06/03 20:14:18 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_law7355.posterous.com_0.localstorage
[2011/06/10 14:20:51 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_live.socialludia.com_0.localstorage
[2011/09/02 18:29:27 | 000,006,144 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mediacdn.disqus.com_0.localstorage
[2011/06/10 13:07:10 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ml-live.socialludia.com_0.localstorage
[2011/06/01 17:45:20 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_my.shaw.ca_0.localstorage
[2011/06/01 21:44:49 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ontarioswestcoast.posterous.com_0.localstorage
[2011/06/09 21:49:10 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pacmanorigin.channel.or.jp_0.localstorage
[2011/07/03 09:18:47 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pools.sportsbutter.com_0.localstorage
[2011/06/12 20:10:36 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_rewards.zynga.com_0.localstorage
[2011/08/11 19:32:21 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_runescape.wikia.com_0.localstorage
[2011/04/23 12:51:09 | 000,004,096 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.yahoo.com_0.localstorage
[2011/08/10 07:06:01 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_socialgrowthtechnologies.com_0.localstorage
[2011/03/05 19:25:14 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_taranfx.disqus.com_0.localstorage
[2011/05/07 09:28:04 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_top7.com_0.localstorage
[2011/09/02 19:18:29 | 000,023,552 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_twitter.com_0.localstorage
[2011/06/03 20:13:36 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_video.adultswim.com_0.localstorage
[2011/06/02 07:05:05 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_wiki.answers.com_0.localstorage
[2011/08/27 09:38:14 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage
[2011/06/15 15:51:10 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bing.com_0.localstorage
[2011/06/13 20:31:06 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.friendquestions.com_0.localstorage
[2011/06/08 18:57:04 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gamespot.com_0.localstorage
[2011/08/10 07:23:55 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.ca_0.localstorage
[2011/05/16 21:15:18 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.independent.co.uk_0.localstorage
[2011/06/02 07:08:03 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.makeuseof.com_0.localstorage
[2011/07/14 18:36:05 | 001,144,832 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.meebo.com_0.localstorage
[2011/06/12 12:55:12 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mesmo.tv_0.localstorage
[2011/06/02 07:09:16 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.mydigitallife.info_0.localstorage
[2011/06/01 18:41:11 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.nhl.com_0.localstorage
[2011/06/12 20:22:26 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.runescape.com_0.localstorage
[2011/06/13 07:18:05 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saskatoonminorfootball.com_0.localstorage
[2011/06/07 19:33:57 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tmz.com_0.localstorage
[2011/07/31 18:48:55 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.tout.com_0.localstorage
[2011/04/22 16:50:36 | 000,006,144 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.twitlonger.com_0.localstorage
[2011/04/23 19:55:37 | 000,070,656 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ustream.tv_0.localstorage
[2011/06/13 23:49:52 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.veetle.com_0.localstorage
[2011/09/02 18:28:57 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.veoh.com_0.localstorage
[2011/04/09 12:00:24 | 000,229,376 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.walkscore.com_0.localstorage
[2011/06/06 20:29:03 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whosay.com_0.localstorage
[2011/09/02 18:24:08 | 000,019,456 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wwe.com_0.localstorage
[2011/08/28 13:25:41 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2011/06/06 07:41:19 | 000,003,072 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.zellers.com_0.localstorage
[2011/07/31 19:00:19 | 000,045,056 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2011/07/31 19:00:19 | 000,270,336 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2011/03/03 22:51:32 | 001,056,768 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2011/06/27 23:24:45 | 004,202,496 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2011/03/03 22:49:00 | 000,043,061 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2011/04/21 22:02:32 | 001,031,938 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2011/04/21 22:02:32 | 000,612,918 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2011/04/21 22:02:32 | 001,045,078 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2011/04/21 22:02:32 | 000,501,957 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2011/04/21 22:02:32 | 000,507,797 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2011/04/21 22:02:32 | 001,034,857 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2011/04/27 19:48:04 | 000,325,230 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2011/06/03 20:14:20 | 000,525,187 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2011/06/03 20:14:25 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2011/06/03 20:14:27 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2011/06/03 20:14:30 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2011/06/03 20:14:32 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2011/06/03 20:14:34 | 000,565,998 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2011/06/03 20:50:58 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2011/06/03 20:51:01 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2011/06/03 20:51:02 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2011/06/03 20:51:04 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2011/06/03 20:51:05 | 000,915,714 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2011/06/14 22:10:45 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2011/06/14 22:10:47 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000015
[2011/06/14 22:10:48 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000016
[2011/06/14 22:10:48 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000017
[2011/06/14 22:10:51 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000018
[2011/06/14 22:10:51 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000019
[2011/06/14 22:10:52 | 000,536,702 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001a
[2011/06/14 22:10:52 | 000,603,862 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001b
[2011/06/14 22:10:52 | 000,225,721 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001c
[2011/06/14 22:10:52 | 000,057,821 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001d
[2011/06/14 22:10:52 | 000,557,142 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001e
[2011/06/14 22:10:52 | 000,379,021 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00001f
[2011/06/27 23:12:56 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000020
[2011/06/27 23:13:10 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000021
[2011/06/27 23:13:10 | 000,120,956 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000022
[2011/07/31 18:48:58 | 001,048,576 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000023
[2011/07/31 18:48:58 | 000,031,561 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000024
[2011/07/31 18:49:00 | 001,035,890 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000025
[2011/07/31 18:49:00 | 000,029,950 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000026
[2011/03/03 22:48:55 | 000,524,656 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2011/02/19 15:05:46 | 000,017,408 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2011/02/19 15:05:46 | 000,019,456 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2011/02/19 15:05:39 | 000,000,000 | ---- | M] () -- C:\Users\easyhome\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
  • 0

#25
nadtribble
Posted 02 September 2011 - 09:42 PM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
What outstanding issues (if any) are you still experiencing with your computer?
[/quote]
Not sure If I am having anymore real issues. So hopefully you fixed it. The initial problems I had with the ping.exe still running. And it also got caught in a start-up repair. loop. got resolved when TDSSkiller initially removed the virus. I did change our bank password from a different comp. only used it once during this fiasco(after TDSSkiller scan). and no problems
thankyou for your help. hopefully the new scans are the last ones...lol
thanx again
nadtribble
  • 0

Advertisements

#26
SweetTech
Posted 03 September 2011 - 08:21 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
[ClearAllRestorePoints]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#27
nadtribble
Posted 03 September 2011 - 09:56 AM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
will do the clean-up later, but in the mean time. Do you know if there is a java-pluggin update for google chrome. New one works for IE but not chrome.
  • 0

#28
SweetTech
Posted 03 September 2011 - 09:59 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I believe in Chrome the plug-ins update automatically whenever a new update is available for them.
  • 0

#29
nadtribble
Posted 05 September 2011 - 10:47 AM

nadtribble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Sorry its a long weekend here, and been busy with family. Will try to do the clean-up tonight. But just have one more problem. When I put the computer into sleep mode, if it stays that way for more than a couple of hours, it freezes when I try to wake it up. Just get a black screen. Don't think its a malware problem. but if you know a solution or can direct me to the right topic
thanx
nad
  • 0

#30
SweetTech
Posted 05 September 2011 - 10:50 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I would post about that issue with Sleep Mode in the Windows 7 forum.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP