Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Moan Messy Aware - and maybe more possible infections

Started by ralloux , Dec 26 2011 08:41 PM

  • Please log in to reply

#1
ralloux
Posted 26 December 2011 - 08:41 PM

ralloux

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I have been having this for quite a while and I also suspect that there could be a keylogger installed in my computer since some sites I run (and login from here as well) have been hacked.
Every time I reboot after a while or after a few hours I get a message like a windows crash routine that says:

Moan Messy Aware
Moan Messy Aware has encountered a problem and needs to close. We are sorry for the inconvenience.
..blah blah..
Please tell Microsoft about this problem ..etc. Send This Report..

I have searched around the internet and found only very little info regarding this and (at the time i did the check) reporting the routine as safe. Today I checked again and they report it as threat. But apart from that no reference info anywhere else.
http://systemexplore...f0.tmp.exe.html

It seems that every time I go through a reboot the dat...tmp.exe file changes name.
Today I had a very slow system so I checked the Task Manager and there was the process DATD96.tmp.exe using about 45.000 mem usage.
I closed all applications and it was still running. The moment I launched a HijackThis run, it gave me again the usual problem message. Maybe this was just a coincidence because all the other times it has happened it could happen even if when I was away from the computer for a while.

The only other reference I also found today was from another guy in devianart where he had uploaded a screenshot of the message as well:
http://666soki.devia...messy-217106732

A few other references are in some russian forums I cannot understand of course..
I do not know if this is my only problem though... but I would appreciate your overall help here.

Here is the OTL log. It also created an Extras.txt file I don't know if I should be posting this as well. Please advise.

OTL logfile created on: 27/12/2011 4:06:26 πμ - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\My Downloads\Utilities & Programs\WEB Utilities\SECURITY
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000408 | Country: Greece | Language: ELL | Date Format: d/M/yyyy

1,99 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,23% Memory free
3,10 Gb Paging File | 1,80 Gb Available in Paging File | 58,04% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 5,48 Gb Free Space | 14,71% Space Free | Partition Type: NTFS
Drive D: | 29,35 Gb Total Space | 6,89 Gb Free Space | 23,46% Space Free | Partition Type: NTFS
Drive I: | 465,73 Gb Total Space | 86,94 Gb Free Space | 18,67% Space Free | Partition Type: NTFS

Computer Name: VAIOW | User Name: Maya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/27 04:01:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\My Downloads\Utilities & Programs\WEB Utilities\SECURITY\OTL.exe
PRC - [2011/12/26 02:22:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/02 11:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/11/30 20:00:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/08/24 11:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/13 18:54:34 | 000,380,928 | ---- | M] (SANYO Electric Co., Ltd.) -- C:\Program Files\SANYO\XactiScreenCapture\SetClip.exe
PRC - [2006/10/22 22:29:48 | 000,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
PRC - [2006/10/11 11:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/08/15 18:55:17 | 001,120,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/08/10 16:17:16 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/08/08 17:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 17:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 13:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 11:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 13:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 10:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/06/20 17:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/03/31 13:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/01/31 15:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/11/28 15:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 15:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/07/25 09:02:22 | 000,032,768 | R--- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2004/11/17 13:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 02:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 15:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2002/03/14 17:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/26 02:22:31 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/13 16:57:50 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko9\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2011/12/12 13:55:26 | 000,407,040 | ---- | M] () -- C:\Program Files\WEB Utilities\4Shared Desktop\CMenu32.dll
MOD - [2011/12/10 05:15:55 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/08 22:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\WEB Utilities\Filezilla\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/04 16:54:16 | 000,930,304 | ---- | M] () -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/03 04:05:36 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/06/08 13:53:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\mdhcp32.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\DESKTOP Utilities\WinRar\RarExt.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/05/10 23:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007/04/16 09:27:49 | 000,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2007/04/16 09:27:48 | 000,524,288 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2007/04/16 09:27:48 | 000,386,048 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll
MOD - [2007/04/15 20:56:10 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
MOD - [2007/01/20 12:11:38 | 000,146,432 | ---- | M] () -- C:\Program Files\DESKTOP Utilities\7-Zip\7-zip.dll
MOD - [2006/08/31 19:46:32 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/07/02 22:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 22:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 17:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2005/10/03 15:35:28 | 000,802,816 | ---- | M] () -- C:\Program Files\Panda Software\Panda Internet Security 2007\PLATCTRL.BPL
MOD - [2004/05/19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Software\Panda Internet Security 2007\LIBXML2.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/06/08 13:53:13 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Maya\Local Settings\Temp\DATD96.tmp -- (bnswljki)
SRV - [2007/10/03 18:08:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/25 19:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/08/15 18:55:17 | 001,120,960 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/08/08 17:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 13:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 11:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 13:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/06/20 17:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 10:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 11:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 12:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 12:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/04 16:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/03/31 13:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2005/11/28 15:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 15:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 15:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/25 09:02:22 | 000,032,768 | R--- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2005/07/14 21:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 12:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - [2009/08/13 10:45:56 | 000,091,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/04/23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/01/25 19:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/11/29 07:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/10/10 15:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 14:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/03 15:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 13:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 13:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 13:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/24 10:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 10:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 10:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/05 05:29:54 | 000,489,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2006/07/03 00:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/29 21:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/06/14 04:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 01:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/05/11 21:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 17:02:48 | 000,165,120 | R--- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/02/22 10:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2006/02/16 12:01:47 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/08/29 14:23:30 | 000,026,752 | R--- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 13:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2004/11/22 06:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 17:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 12:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.20101102
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.90
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.1
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.03
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\DNL_Viewer: C:\WINDOWS\system32\DNAML\npdbplug.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\DNL_Viewer: C:\WINDOWS\system32\DNAML\npdbplug.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/30 20:01:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 02:22:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 20:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/30 20:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/05/09 20:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Extensions
[2011/12/25 23:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions
[2011/12/18 02:02:27 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/07/10 23:03:33 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/11/22 01:01:53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/02/05 04:13:45 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/12/22 15:47:43 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/11/13 13:59:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/30 23:03:16 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\[email protected]
[2011/12/17 14:05:22 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\[email protected]
[2011/11/22 01:01:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\[email protected]
[2011/03/17 11:47:23 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\searchplugins\wot-safe-search.xml
[2011/12/26 02:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{79C50F9A-2FFE-4EE0-8A37-FAE4F5DACD4F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MAYA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2S15FY1H.DEFAULT\EXTENSIONS\[email protected]
[2011/12/26 02:22:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/04/29 12:02:00 | 002,412,544 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npdbplug.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 04:36:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/02/18 23:42:29 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2007/04/16 09:27:49 | 000,000,835 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2007/04/16 09:27:51 | 000,000,551 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2011/11/09 11:03:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\Application\10.0.648.127\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\Application\10.0.648.127\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\Application\10.0.648.127\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DNL Reader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\2.4.9.1_0\
CHR - Extension: Bookmark Sentry = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.6.5_0\
CHR - Extension: WOT = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.0.4_0\
CHR - Extension: Talking Url = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjnngddfenkcpolmkaobpgmejhbmighk\1.8.1_0\
CHR - Extension: Email this page (by Google) = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1_0\
CHR - Extension: SearchPreview for Google = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\1.3_0\
CHR - Extension: LastPass = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.72.8_0\
CHR - Extension: Minimal = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_1\
CHR - Extension: Poppit = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Boomerang for GMail = C:\Documents and Settings\Maya\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdkdbdadolokifeomchamhifddohomii\0.9.3_0\

O1 HOSTS File: ([2007/02/16 03:02:06 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\WEB Utilities\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Maya\Application Data\Mozilla\Firefox\Profiles\2s15fy1h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [4shared Update] C:\Program Files\WEB Utilities\4Shared Desktop\checkUpdate.exe (New IT Solutions)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [Badoo Desktop] C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.38.1042\Badoo.Desktop.exe (Badoo)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Maya\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Documents and Settings\Maya\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk = C:\Documents and Settings\Maya\Application Data\Microsoft\Installer\{37327654-EBF7-410C-9161-C24D68E02753}\_E47B9B72500055712D025F.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\WEB Utilities\4Shared Desktop\Desktop.32/D_ALL_LINK File not found
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\WEB Utilities\4Shared Desktop\Desktop.32/D_ONE_LINK File not found
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\WEB Utilities\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\WEB Utilities\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\WEB Utilities\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\WEB Utilities\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\GAMES\PokerStars Net\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33646E7C-3F40-4BDD-A67E-8B23A0E5E741}: NameServer = 193.92.150.3,194.219.227.2
O18 - Protocol\Handler\schmap-help {2CF664A0-5EA6-47B5-884C-433A60145F78} - C:\Program Files\Schmap\Schmap Player\Schmapdoclib.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll ()
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Maya\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maya\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/15 13:41:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 03:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\Desktop\SECURITY
[2011/12/27 03:10:54 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Maya\Desktop\dds.com
[2011/12/27 02:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\SECURITY Utilities
[2011/12/27 02:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\Start Menu\Programs\HiJackThis
[2011/12/25 23:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\My Documents\My 4shared Sync
[2011/12/25 23:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\Start Menu\Programs\4shared Tools
[2011/12/25 23:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\Application Data\4shared Desktop
[2011/12/22 12:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maya\Local Settings\Application Data\Evernote
[2011/12/22 12:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Evernote
[2011/12/22 12:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2011/11/30 20:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/30 20:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 03:58:09 | 000,545,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/12/27 03:27:00 | 000,001,260 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2783906991-2299814776-2489509941-1006UA.job
[2011/12/27 03:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/27 03:10:54 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Maya\Desktop\dds.com
[2011/12/27 02:57:02 | 000,190,213 | ---- | M] () -- C:\Documents and Settings\Maya\Desktop\FireShot Screen Capture #011 - 'HiJackThis! Log auto analyzer V2' - hjt_networktechs_com_parse_php.pdf
[2011/12/27 02:33:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/27 02:29:07 | 000,002,605 | ---- | M] () -- C:\Documents and Settings\Maya\Desktop\HiJackThis.lnk
[2011/12/26 18:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 05:27:00 | 000,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2783906991-2299814776-2489509941-1006Core.job
[2011/12/26 02:21:03 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Maya\Desktop\Shortcut to pocket.lnk
[2011/12/25 23:09:38 | 000,001,904 | ---- | M] () -- C:\Documents and Settings\Maya\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2011/12/25 09:55:40 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/12/25 09:55:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/25 09:53:59 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Maya\Start Menu\Programs\Startup\Xacti Screen Capture 1.1.lnk
[2011/12/25 09:53:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2783906991-2299814776-2489509941-1006.job
[2011/12/25 09:51:50 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011/12/25 09:51:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/25 09:51:21 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/22 13:04:46 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Maya\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/22 12:56:54 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Maya\Desktop\Evernote.lnk
[2011/12/19 03:48:06 | 000,130,560 | ---- | M] () -- C:\Documents and Settings\Maya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 20:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2783906991-2299814776-2489509941-1006.job
[2011/12/14 13:24:12 | 001,560,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 13:20:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/12 23:48:33 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2011/12/02 18:22:50 | 000,000,574 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011/11/30 20:01:41 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Offers.lnk
[2011/11/30 20:01:41 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/11/30 20:00:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/27 02:57:02 | 000,190,213 | ---- | C] () -- C:\Documents and Settings\Maya\Desktop\FireShot Screen Capture #011 - 'HiJackThis! Log auto analyzer V2' - hjt_networktechs_com_parse_php.pdf
[2011/12/27 02:27:53 | 000,002,605 | ---- | C] () -- C:\Documents and Settings\Maya\Desktop\HiJackThis.lnk
[2011/12/26 02:21:03 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Maya\Desktop\Shortcut to pocket.lnk
[2011/12/25 23:09:38 | 000,001,904 | ---- | C] () -- C:\Documents and Settings\Maya\Application Data\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk
[2011/12/22 13:04:46 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Maya\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2011/12/22 12:56:53 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Maya\Desktop\Evernote.lnk
[2011/11/30 20:01:41 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Offers.lnk
[2011/11/30 20:01:41 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/08 13:53:26 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2011/06/08 13:53:16 | 000,297,147 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011/06/08 13:53:15 | 000,327,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2011/06/08 13:53:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mdhcp32.dll
[2010/12/11 18:47:27 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/02/19 13:22:52 | 000,091,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2009/01/26 00:49:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/16 02:58:41 | 000,026,328 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/05/03 20:34:07 | 001,012,192 | ---- | C] () -- C:\WINDOWS\dbplugin.exe
[2008/05/03 20:34:00 | 000,200,784 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/04/06 05:58:59 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/04/06 05:58:59 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/04/06 05:58:59 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2007/09/01 00:35:38 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/06/16 01:26:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/06/02 23:56:32 | 000,004,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/02 22:12:15 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/06/02 21:18:17 | 003,655,608 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2007/06/02 21:17:06 | 000,130,560 | ---- | C] () -- C:\Documents and Settings\Maya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/28 12:38:09 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2007/04/28 12:27:13 | 000,545,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/04/02 20:07:22 | 000,000,574 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/03/09 09:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 11:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/17 17:29:02 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/01/25 19:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/17 01:22:25 | 000,002,331 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/16 22:56:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/03 18:35:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Maya\Application Data\wklnhst.dat
[2007/01/03 18:26:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Maya\Local Settings\Application Data\fusioncache.dat
[2006/08/31 19:46:13 | 000,000,322 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/08/15 19:47:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/15 18:48:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/08/15 18:48:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/15 18:48:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/15 18:48:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/15 18:48:38 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/15 18:48:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/15 18:48:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/15 18:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/08/15 17:18:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL
[2006/08/15 16:56:56 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/15 16:56:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/15 14:31:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/15 14:30:16 | 001,560,920 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/15 13:44:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/15 13:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/15 05:24:10 | 000,003,820 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/08/15 05:23:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/15 05:23:14 | 000,459,736 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/15 05:23:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/15 05:23:14 | 000,079,390 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/15 05:23:14 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/15 05:23:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/15 05:23:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/15 05:23:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/15 05:23:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/15 05:23:04 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/15 05:22:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/15 05:22:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/05 03:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/16 11:58:06 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 11:50:36 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/02/16 11:49:25 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/02/16 11:47:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/09/09 13:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Badoo
[2011/02/25 14:23:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2008/11/23 04:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/12/27 03:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\4shared Desktop
[2007/02/10 04:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\CoreFTP
[2011/02/19 01:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\facemoods.com
[2011/12/19 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\FileZilla
[2009/07/26 06:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\FireShot
[2011/02/20 05:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Free Download Manager
[2008/09/04 22:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\InterVideo
[2007/02/06 02:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Itsth
[2007/01/03 18:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Leadertech
[2008/10/16 02:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/03/19 03:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Opera
[2011/10/29 18:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Schmap
[2007/01/03 17:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\sony
[2011/02/12 01:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\TeamViewer
[2007/01/03 18:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Template
[2007/06/12 20:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Thunderbird
[2007/02/10 03:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maya\Application Data\Visicom Media

========== Purity Check ==========



< End of report >

......................

I just wanted to add that in HijackThis scan I did just before the OTL I found this line:

O23 - Service: bnswljki - Moan Tattle - C:\DOCUME~1\Maya\LOCALS~1\Temp\DATD96.tmp.exe

Edited by ralloux, 26 December 2011 - 08:59 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP