Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Php injections traced to my IP

Started by m6arate , Aug 26 2011 06:52 PM

  • Please log in to reply

#1
m6arate
Posted 26 August 2011 - 06:52 PM

m6arate

    New Member

  • Member
  • Pip
  • 1 posts
I have had problems with a base_64 encoded php injection of an iframe into every root index.php file on my externally hosted server. When the files are corrected, the injection returns after a few hours. The access logs show the changes coming from my IP address. I changed my password (which for this is always a secure combination), but unfortunately the injection came back. I changed the password from a different machine and fixed the files there, and after nearly 12 hours the injection has not returned. I would like to clean up my primary computer as I believe some sort of local malware is the probable cause. Any help would be appreciated!


OTL.txt:






OTL logfile created on: 8/26/2011 8:34:57 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\mike\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.93 Gb Total Physical Memory | 8.40 Gb Available Physical Memory | 70.36% Memory free
23.86 Gb Paging File | 20.31 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 173.44 Gb Total Space | 35.38 Gb Free Space | 20.40% Space Free | Partition Type: NTFS
Drive D: | 101.75 Gb Total Space | 37.98 Gb Free Space | 37.32% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 2.29 Gb Free Space | 23.41% Space Free | Partition Type: NTFS

Computer Name: MIKE-THINK | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/26 17:24:56 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Downloads\OTL.exe
PRC - [2011/08/17 05:49:18 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/07/21 16:20:08 | 000,161,336 | ---- | M] (Google) -- C:\Users\mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/16 11:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/07/09 18:23:42 | 000,783,119 | ---- | M] () -- C:\Program Files (x86)\DnsJumper\DnsJumper.exe
PRC - [2010/03/11 12:29:52 | 001,636,872 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/25 17:13:58 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/01/25 16:28:08 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2009/12/09 03:49:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/24 00:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/17 05:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/17 01:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/11/16 05:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/11/11 04:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 00:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/10/01 03:14:32 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/03/05 03:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/31 01:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/10/31 01:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
PRC - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\TpKmpSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 05:49:17 | 000,400,440 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\ppgooglenaclpluginchrome.dll
MOD - [2011/08/17 05:49:15 | 004,118,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\pdf.dll
MOD - [2011/08/17 05:47:49 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avutil-50.dll
MOD - [2011/08/17 05:47:48 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avformat-52.dll
MOD - [2011/08/17 05:47:47 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\avcodec-52.dll
MOD - [2011/08/17 03:49:17 | 006,338,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.215\gcswf32.dll
MOD - [2010/07/09 18:23:42 | 000,783,119 | ---- | M] () -- C:\Program Files (x86)\DnsJumper\DnsJumper.exe
MOD - [2006/09/19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/03/16 11:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/09/16 11:00:00 | 005,018,624 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010/04/30 06:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/11/18 01:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009/11/17 05:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/11/16 05:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2009/11/09 00:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/09/29 20:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 19:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 19:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 12:29:52 | 001,636,872 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Axiom\AudioDevMon.exe -- (AxiomAudioDevMon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/03/03 03:20:00 | 000,164,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/03/03 03:20:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/02/25 17:13:58 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/25 16:28:08 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 03:49:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/31 01:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 01:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/06/29 22:57:50 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/04 16:24:06 | 000,050,232 | ---- | M] (Focusrite Audio Engineering Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusbaudio.sys -- (FFUsbAudio)
DRV:64bit: - [2011/01/11 12:13:26 | 000,197,424 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra.sys -- (MAUSBFASTTRACKULTRA)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/07/12 04:55:39 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/05/25 17:27:11 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/05/07 15:52:20 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV:64bit: - [2010/04/25 00:07:05 | 000,038,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2010/04/23 00:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/11 12:29:48 | 000,137,736 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioAxiom.sys -- (AXIOM)
DRV:64bit: - [2010/03/03 03:20:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/03/03 03:20:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/01/28 06:55:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/21 00:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/01/14 23:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/12/17 18:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/12/15 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/12/09 20:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/11/20 19:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 19:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/18 01:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/10/27 11:54:40 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009/10/26 01:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/09/29 20:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/28 19:46:00 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/09/24 07:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 15:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM)
DRV:64bit: - [2009/07/13 20:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 22:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/30 00:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/30 00:01:16 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/29 23:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/03/13 17:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/12 05:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/06/02 17:00:10 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2007/03/27 18:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV:64bit: - [2006/06/18 09:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/08/30 18:04:52 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 14:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dev.bluetyped...om/pathfinder/#
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mike\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mike\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011/08/24 09:37:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 8.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 20:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/14 13:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/16 15:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011/05/25 09:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/29 01:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

[2011/05/25 14:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2010/05/24 17:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/25 09:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/06/08 15:22:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/12 23:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\7zd67ik6.default\extensions
[2011/05/25 09:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Sunbird\Profiles\bppdxggq.default\extensions
[2011/07/14 13:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/30 23:19:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/20 21:22:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\MIKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ZD67IK6.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/23 09:59:37 | 000,000,482 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:32:46 | 000,000,049 | -HS- | M] () - L:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5f88c7f9-aa40-11df-aa2d-78dd08b5270f}\Shell - "" = AutoRun
O33 - MountPoints2\{5f88c7f9-aa40-11df-aa2d-78dd08b5270f}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{acfe27b5-c151-11e0-b148-78dd08b5270f}\Shell - "" = AutoRun
O33 - MountPoints2\{acfe27b5-c151-11e0-b148-78dd08b5270f}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e759babf-7510-11df-9603-78dd08b5270f}\Shell - "" = AutoRun
O33 - MountPoints2\{e759babf-7510-11df-9603-78dd08b5270f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/22 11:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wavosaur
[2011/08/20 10:43:10 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2011/08/15 13:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\DXport
[2011/08/15 12:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/08/15 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/08/14 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\NCH Swift Sound
[2011/08/13 10:16:34 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\cbutt
[2011/08/08 04:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2011/08/08 04:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2011/08/08 04:07:13 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Downloaded Installations
[2011/08/07 23:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/08/07 23:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/08/04 22:53:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/08/04 22:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/07/31 10:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roger Linn Design
[2011/07/31 08:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/31 08:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/31 08:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/31 08:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/30 19:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/07/30 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Microsoft Games
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/26 20:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-743522960-726550485-1181579533-1003UA.job
[2011/08/26 20:19:08 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/26 20:19:08 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/26 20:19:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/26 14:14:23 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 14:14:23 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/26 11:13:42 | 000,806,180 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/26 11:13:42 | 000,680,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/26 11:13:42 | 000,128,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/26 11:10:40 | 000,870,128 | ---- | M] () -- C:\Users\mike\AppData\Roaming\mcs.rma
[2011/08/26 11:10:40 | 000,000,004 | ---- | M] () -- C:\Users\mike\AppData\Roaming\A9B158
[2011/08/26 10:01:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/08/26 05:38:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-743522960-726550485-1181579533-1003Core.job
[2011/08/23 18:51:57 | 000,011,406 | ---- | M] () -- C:\Users\mike\Documents\Main.kdbx
[2011/08/23 18:48:02 | 000,344,967 | ---- | M] () -- C:\Users\mike\Desktop\vehicle inspection.jpg
[2011/08/22 16:28:55 | 000,002,141 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/08/22 16:19:36 | 000,002,890 | ---- | M] () -- C:\Users\mike\Documents\cc_20110822_161934.reg
[2011/08/22 02:15:22 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/20 17:31:10 | 000,532,237 | ---- | M] () -- C:\Users\mike\Desktop\revision 1.jpg
[2011/08/20 17:03:13 | 000,041,204 | ---- | M] () -- C:\Users\mike\Desktop\pf.jpg
[2011/08/20 10:56:50 | 034,663,698 | ---- | M] () -- C:\Users\mike\Desktop\beat_37_no_vox_kept_woo_no_compression.wav
[2011/08/20 10:52:56 | 034,663,698 | ---- | M] () -- C:\Users\mike\Desktop\beat_37_no_vox_kept_woo.wav
[2011/08/20 10:43:10 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2011/08/19 15:51:26 | 000,011,752 | ---- | M] () -- C:\Users\mike\Documents\cc_20110819_155124.reg
[2011/08/19 15:41:36 | 005,154,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/19 14:32:54 | 000,000,132 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/18 21:21:30 | 000,084,235 | ---- | M] () -- C:\Users\mike\Desktop\bill.jpg
[2011/08/17 16:34:23 | 000,001,456 | ---- | M] () -- C:\Users\mike\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/15 16:49:23 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2011/08/15 16:49:23 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/08/15 16:49:23 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2011/08/15 16:49:23 | 000,000,073 | ---- | M] () -- C:\Windows\SysWow64\ssprs.dll
[2011/08/15 12:12:56 | 000,000,375 | ---- | M] () -- C:\Users\mike\Desktop\AoC1.0 1920x1080.bat
[2011/08/15 12:12:25 | 000,003,089 | ---- | M] () -- C:\Users\mike\Desktop\AoE2Wide.lnk
[2011/08/15 12:08:59 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2011/08/15 12:06:21 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2011/08/13 11:08:00 | 000,000,600 | ---- | M] () -- C:\Users\mike\AppData\Roaming\winscp.rnd
[2011/08/13 10:10:31 | 030,164,399 | ---- | M] () -- C:\Users\mike\Desktop\big.jpg
[2011/08/11 19:06:21 | 000,162,808 | ---- | M] () -- C:\Users\mike\Documents\cc_20110811_190617.reg
[2011/08/11 19:02:43 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/10 22:14:33 | 000,001,573 | ---- | M] () -- C:\Users\mike\.recently-used.xbel
[2011/08/10 20:45:15 | 006,846,191 | ---- | M] () -- C:\Users\mike\Desktop\DSC_0504.jpg
[2011/08/07 03:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/04 22:54:32 | 000,822,950 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/04 07:25:55 | 000,776,181 | ---- | M] () -- C:\Users\mike\Desktop\Untitled-1.jpg
[2011/08/03 15:55:11 | 000,126,547 | ---- | M] () -- C:\Users\mike\Desktop\mki.png
[2011/08/03 13:49:48 | 000,002,063 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/31 09:13:27 | 000,002,515 | ---- | M] () -- C:\Users\mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/07/31 09:13:27 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/07/31 08:52:03 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/28 19:23:05 | 000,649,538 | ---- | M] () -- C:\Users\mike\Desktop\Screenshot.png
[2011/07/28 17:55:07 | 000,007,609 | ---- | M] () -- C:\Users\mike\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 18:48:01 | 000,344,967 | ---- | C] () -- C:\Users\mike\Desktop\vehicle inspection.jpg
[2011/08/22 16:19:35 | 000,002,890 | ---- | C] () -- C:\Users\mike\Documents\cc_20110822_161934.reg
[2011/08/20 17:31:10 | 000,532,237 | ---- | C] () -- C:\Users\mike\Desktop\revision 1.jpg
[2011/08/20 17:03:12 | 000,041,204 | ---- | C] () -- C:\Users\mike\Desktop\pf.jpg
[2011/08/20 10:54:48 | 034,663,698 | ---- | C] () -- C:\Users\mike\Desktop\beat_37_no_vox_kept_woo_no_compression.wav
[2011/08/20 10:50:49 | 034,663,698 | ---- | C] () -- C:\Users\mike\Desktop\beat_37_no_vox_kept_woo.wav
[2011/08/19 15:51:25 | 000,011,752 | ---- | C] () -- C:\Users\mike\Documents\cc_20110819_155124.reg
[2011/08/18 21:21:29 | 000,084,235 | ---- | C] () -- C:\Users\mike\Desktop\bill.jpg
[2011/08/15 12:12:56 | 000,000,375 | ---- | C] () -- C:\Users\mike\Desktop\AoC1.0 1920x1080.bat
[2011/08/15 12:11:31 | 000,003,089 | ---- | C] () -- C:\Users\mike\Desktop\AoE2Wide.lnk
[2011/08/15 12:11:31 | 000,003,049 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoE2Wide.lnk
[2011/08/15 12:08:59 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\The Conquerors.lnk
[2011/08/15 12:06:21 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2011/08/13 10:10:22 | 030,164,399 | ---- | C] () -- C:\Users\mike\Desktop\big.jpg
[2011/08/11 19:06:18 | 000,162,808 | ---- | C] () -- C:\Users\mike\Documents\cc_20110811_190617.reg
[2011/08/10 22:14:33 | 000,001,573 | ---- | C] () -- C:\Users\mike\.recently-used.xbel
[2011/08/10 20:45:11 | 006,846,191 | ---- | C] () -- C:\Users\mike\Desktop\DSC_0504.jpg
[2011/08/04 07:25:53 | 000,776,181 | ---- | C] () -- C:\Users\mike\Desktop\Untitled-1.jpg
[2011/08/03 15:55:09 | 000,126,547 | ---- | C] () -- C:\Users\mike\Desktop\mki.png
[2011/07/31 09:13:27 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/07/31 08:52:03 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/07/28 19:23:11 | 000,649,538 | ---- | C] () -- C:\Users\mike\Desktop\Screenshot.png
[2011/06/12 22:21:54 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011/06/12 22:21:54 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011/06/12 22:21:54 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011/06/12 22:21:54 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/06/12 22:21:54 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2011/06/01 10:55:33 | 000,000,128 | ---- | C] () -- C:\Windows\EQUALIZER.INI
[2011/03/11 08:34:11 | 000,002,141 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/01/05 21:09:16 | 000,000,600 | ---- | C] () -- C:\Users\mike\AppData\Roaming\winscp.rnd
[2010/12/24 22:20:50 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\TpKmpSvc.exe
[2010/12/19 11:16:55 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/11/18 20:13:01 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2010/11/18 20:12:26 | 001,362,460 | ---- | C] () -- C:\Windows\SysWow64\ExpansionHD_Firmware.bin
[2010/10/22 17:55:53 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/08/17 16:54:45 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/08/05 13:00:53 | 000,001,456 | ---- | C] () -- C:\Users\mike\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/05 12:52:48 | 000,000,132 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/01 09:23:32 | 000,226,608 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/07/24 18:30:11 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010/07/21 19:53:22 | 000,302,592 | ---- | C] () -- C:\Windows\SysWow64\Adrfilechk.dll
[2010/07/09 23:35:44 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 20:23:09 | 000,000,132 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/17 11:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\SysWow64\Melodyne editor.dll
[2010/06/11 09:36:44 | 000,870,128 | ---- | C] () -- C:\Users\mike\AppData\Roaming\mcs.rma
[2010/06/11 09:36:44 | 000,000,004 | ---- | C] () -- C:\Users\mike\AppData\Roaming\A9B158
[2010/06/06 22:30:20 | 000,005,632 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 22:29:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/06 22:29:45 | 000,000,088 | RHS- | C] () -- C:\ProgramData\576F603315.sys
[2010/05/24 17:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/05/21 15:45:57 | 000,007,609 | ---- | C] () -- C:\Users\mike\AppData\Local\Resmon.ResmonCfg
[2010/05/20 21:02:56 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/05/20 20:20:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/04/25 00:49:39 | 000,822,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/14 15:35:57 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2004/02/20 16:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2010/08/13 00:08:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\.purple
[2011/03/02 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\.visualvm
[2011/05/10 07:26:17 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Ableton
[2010/10/15 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\AstroGrep
[2011/05/11 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\AVG10
[2010/07/03 09:58:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\BonkEnc
[2010/05/29 12:26:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\BOXEE
[2010/05/20 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Canneverbe Limited
[2011/01/30 21:36:06 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Celemony Software GmbH
[2010/07/08 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/07 07:43:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CrashPlan
[2011/02/16 20:23:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Emerge Desktop
[2011/01/05 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FileZilla
[2010/08/17 11:57:53 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\fltk.org
[2011/08/26 13:42:50 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\foobar2000
[2010/06/07 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FreeFileSync
[2011/01/26 16:46:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\FrostWire
[2010/05/23 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Gmail Notifier Plus
[2011/08/10 22:15:57 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\gtk-2.0
[2010/08/23 13:21:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HandBrake
[2010/10/27 19:26:57 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HDRsoft
[2011/07/04 08:32:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Image-Line
[2011/06/18 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\inkscape
[2011/08/26 01:07:36 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\KeePass
[2010/05/20 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Lenovo
[2010/11/24 16:02:16 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\MusE
[2011/08/14 15:25:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NCH Swift Sound
[2010/05/26 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NetMedia Providers
[2010/12/02 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Nik Software
[2010/07/02 13:02:15 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Notepad++
[2010/05/23 09:44:18 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\NVD
[2010/10/22 18:10:03 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OffiSync
[2010/05/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\OpenOffice.org
[2010/09/04 23:16:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Opera
[2010/11/18 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PACE Anti-Piracy
[2010/10/14 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Propellerhead Software
[2010/09/06 17:40:17 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Publish Providers
[2010/08/15 02:23:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\REAPER
[2011/01/30 21:35:13 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Renoise
[2010/06/29 13:39:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\rockbox.org
[2010/06/29 15:24:23 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SeriousBit
[2011/05/31 20:30:07 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Smaart
[2010/08/15 20:19:52 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SoftGrid Client
[2011/06/21 01:37:21 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Soluto
[2010/06/08 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Songbird2
[2010/06/18 08:46:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Sony
[2010/10/12 15:09:14 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Sony Creative Software
[2011/08/24 15:58:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Spotify
[2010/07/16 09:53:33 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/03 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SumatraPDF
[2010/05/26 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SynthMaker
[2010/11/04 09:37:31 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Thunderbird
[2010/08/22 13:23:30 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010/05/23 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TP
[2010/10/05 10:33:33 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/06 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Ulead Systems
[2010/12/21 22:30:46 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\USBSafelyRemove
[2011/08/26 09:01:02 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\uTorrent
[2010/08/15 17:45:38 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Windows Live Writer
[2010/08/23 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\WinFF
[2010/06/28 23:42:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Youtube Downloader HD
[2011/08/07 03:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/04 21:12:08 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/26 10:01:49 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1370 bytes -> C:\ProgramData\Microsoft:m88HuuWa4SLMw0hg8TB6VCEL
@Alternate Data Stream - 1287 bytes -> C:\ProgramData\Microsoft:hbuXtkXfeMRS9d3br0wA2zZ
@Alternate Data Stream - 1171 bytes -> C:\ProgramData\Microsoft:FQgRkqZtrvypyGca6goyb39

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP