Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hacked/Backdoor? [Closed]

Started by MinuteMouse , Jan 28 2012 11:19 AM

This topic is locked

#16
MinuteMouse

Posted 02 February 2012 - 08:39 PM

Member

Topic Starter
Member
21 posts

HERE IS THE NEW OTL SCAN YOU REQUESTED. OTL will only let me open it in Administrator's mode (which I guess is User-C). ANY INFORMATION YOU HAVE REGARDING MY SYSTEM AS OF THIS POINT WOULD BE GREATLY APPRECIATED. Thanks for your time and take care.

OTL logfile created on: 2/2/2012 7:29:46 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.96% Memory free
4.88 Gb Paging File | 3.24 Gb Available in Paging File | 66.51% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 97.98 Gb Free Space | 43.98% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.21 Gb Free Space | 42.10% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/28 09:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/16 22:08:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1327961155\ee\aolsoftware.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 12:06:17 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/16 22:08:59 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/31 12:56:49 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011/12/15 16:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120201.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 19:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/29 23:27:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120202.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/29 23:27:49 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/29 23:27:49 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/29 23:27:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120202.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/06/06 00:24:08 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/04 11:36:32 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/13 04:21:40 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2007/10/29 02:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 13:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: "http://aolsearch.aol...archbox&query="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\components [2012/02/01 17:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\plugins [2012/02/01 17:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 03:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 16:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/02 10:51:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/06 23:32:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 12:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 15:06:57 | 000,000,000 | ---D | M]

[2011/12/06 13:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C\AppData\Roaming\mozilla\Extensions
[2012/01/30 15:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions
[2012/01/30 15:07:04 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/25 00:54:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/25 00:54:30 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\[email protected]
[2012/01/03 17:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 17:10:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/16 22:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/03 17:09:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 13:35:18 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2011/12/16 18:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/12/16 18:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/16 18:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/16 18:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/16 18:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/01/31 11:31:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1327961155\ee\aolsoftware.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKLM..\RunOnce: [TodoBackupUninst] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-3008658398-1242687141-1261451896-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://icmsweb.star...olv_cs/smsx.cab (MeadCo ScriptX)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C63BB0-190C-469D-BF4B-2E14F0B49D93}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 11:30:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/30 15:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2012/01/30 15:07:05 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe
[2012/01/30 15:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/01/30 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2012/01/30 15:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/01/30 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2012/01/30 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.6
[2012/01/30 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\C\Desktop\AOL Saved PFC
[2012/01/30 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\AOL
[2012/01/30 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2012/01/30 12:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2012/01/29 00:36:02 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\Norman Malware Cleaner
[2012/01/29 00:21:49 | 000,000,000 | ---D | C] -- C:\Users\C\Documents\Simply Super Software
[2012/01/28 12:55:40 | 000,000,000 | ---D | C] -- C:\My Backups
[2012/01/28 12:55:33 | 000,187,016 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\EuFdDisk.sys
[2012/01/28 12:55:33 | 000,050,312 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
[2012/01/28 12:55:33 | 000,017,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2012/01/28 12:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/01/27 23:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/27 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/27 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\VS Revo Group
[2012/01/27 19:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/01/27 19:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2012/01/27 19:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/27 18:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/01/27 18:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/27 18:04:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/27 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/27 11:15:25 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\temp
[2012/01/27 11:14:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/27 00:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 00:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 00:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 00:27:18 | 000,000,000 | ---D | C] -- C:\user567
[2012/01/27 00:26:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/26 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\Eraser 6
[2012/01/25 11:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/25 00:26:34 | 000,000,000 | ---D | C] -- C:\Users\C\DoctorWeb
[2012/01/23 20:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/21 23:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/21 11:06:59 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\PCTools
[2012/01/21 03:20:27 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/01/21 03:20:27 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/01/21 03:20:25 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/01/20 00:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/20 00:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/19 21:14:01 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/01/19 21:14:01 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/01/19 21:13:26 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/01/19 21:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/19 21:13:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/01/19 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/19 21:10:46 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/01/19 21:10:46 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/01/19 21:10:41 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/01/19 21:10:41 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/01/19 21:10:31 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/19 21:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/19 21:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/19 21:07:49 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\TestApp
[2012/01/19 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/18 23:35:32 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\KeePass
[2012/01/18 22:05:02 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\Process Hacker 2
[2012/01/18 21:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012/01/18 21:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012/01/18 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/01/14 01:08:15 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspSanity32.sys
[2012/01/14 01:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2012/01/13 02:43:30 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\SupportSoft
[2012/01/13 01:56:08 | 000,000,000 | ---D | C] -- C:\Microsoft
[2012/01/10 01:50:08 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\FreeFixer
[2012/01/10 01:50:08 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\FreeFixer
[2012/01/10 01:49:59 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
[2012/01/10 01:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2012/01/10 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\f-secure
[2012/01/10 01:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

========== Files - Modified Within 30 Days ==========

[2012/02/02 19:12:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3008658398-1242687141-1261451896-1001UA.job
[2012/02/02 19:12:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 15:31:49 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/02 15:31:49 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/01 20:56:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3008658398-1242687141-1261451896-1001Core.job
[2012/02/01 13:34:36 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2012/01/31 13:34:12 | 002,356,466 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/01/31 13:34:04 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/31 11:31:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/31 11:25:48 | 000,000,512 | ---- | M] () -- C:\Users\C\Desktop\MBR.dat
[2012/01/30 15:07:25 | 000,002,037 | -H-- | M] () -- C:\IPH.PH
[2012/01/30 15:07:23 | 000,000,880 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2012/01/30 15:07:22 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.6.lnk
[2012/01/30 14:42:44 | 000,000,018 | ---- | M] () -- C:\Windows\msoffice.ini
[2012/01/30 11:55:58 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe
[2012/01/29 01:33:26 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2012/01/27 23:03:07 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 22:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/27 19:38:17 | 000,001,831 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/01/27 19:38:17 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/01/27 19:00:06 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/01/27 18:04:47 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 17:45:59 | 000,000,528 | R--- | M] () -- C:\MediaID.bin
[2012/01/27 12:33:21 | 000,001,051 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/01/27 12:33:21 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/01/27 11:25:32 | 000,299,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 10:56:47 | 000,000,452 | ---- | M] () -- C:\Users\C\Documents\cc_20120127_105640.reg
[2012/01/27 01:28:34 | 002,239,098 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/26 13:57:55 | 000,002,024 | ---- | M] () -- C:\Users\C\Desktop\Google Chrome.lnk
[2012/01/26 13:57:55 | 000,001,986 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/25 20:51:17 | 000,000,512 | ---- | M] () -- C:\Users\C\Documents\MBR.dat
[2012/01/25 20:29:45 | 000,000,000 | ---- | M] () -- C:\Users\C\defogger_reenable
[2012/01/23 19:53:45 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/23 19:53:45 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 16:35:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/22 01:11:52 | 000,001,795 | ---- | M] () -- C:\Users\C\Desktop\Process Hacker 2.lnk
[2012/01/20 19:17:01 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/20 09:18:12 | 000,001,873 | ---- | M] () -- C:\Users\C\Desktop\System Mechanic.lnk
[2012/01/20 00:27:44 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/19 21:07:51 | 000,001,632 | ---- | M] () -- C:\Users\C\Desktop\sdsetup.exe.lnk
[2012/01/19 19:40:18 | 000,000,916 | ---- | M] () -- C:\Users\C\Desktop\Norton Installation Files.lnk
[2012/01/18 23:32:50 | 000,002,686 | ---- | M] () -- C:\Users\C\Documents\NewDatabase.kdbx
[2012/01/14 01:21:47 | 000,005,039 | ---- | M] () -- C:\Users\C\AppData\Local\Temp17.html
[2012/01/14 01:20:19 | 000,001,293 | ---- | M] () -- C:\Users\C\AppData\Local\Temp1.html
[2012/01/13 02:43:31 | 000,000,177 | ---- | M] () -- C:\Users\C\Desktop\Comcast Security.url
[2012/01/13 02:43:31 | 000,000,171 | ---- | M] () -- C:\Users\C\Desktop\Comcast Email.url
[2012/01/13 02:43:31 | 000,000,074 | ---- | M] () -- C:\Users\C\Desktop\Ask Comcast.url
[2012/01/13 02:43:31 | 000,000,054 | ---- | M] () -- C:\Users\C\Desktop\Comcast Help.url
[2012/01/13 02:43:30 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
[2012/01/13 02:43:30 | 000,000,081 | ---- | M] () -- C:\Users\C\Desktop\Comcast Account Login.url
[2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/11 16:17:50 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/01/11 16:14:36 | 000,107,864 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/01/06 11:51:24 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2012/01/06 11:51:16 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2012/01/06 11:29:06 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll

========== Files Created - No Company Name ==========

[2012/01/31 13:34:04 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/31 11:25:48 | 000,000,512 | ---- | C] () -- C:\Users\C\Desktop\MBR.dat
[2012/01/30 15:07:23 | 000,000,880 | ---- | C] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.6.lnk
[2012/01/30 15:07:22 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.6.lnk
[2012/01/30 15:05:06 | 000,002,037 | -H-- | C] () -- C:\IPH.PH
[2012/01/29 01:33:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/01/29 00:21:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012/01/29 00:21:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2012/01/29 00:21:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/01/29 00:21:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/01/28 12:55:32 | 000,044,680 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/01/27 23:03:07 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 19:38:17 | 000,001,831 | ---- | C] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/01/27 19:38:17 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/01/27 19:38:17 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/01/27 19:00:06 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2012/01/27 19:00:06 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2012/01/27 18:04:47 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 17:45:59 | 000,000,528 | R--- | C] () -- C:\MediaID.bin
[2012/01/27 11:25:14 | 000,299,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 10:56:45 | 000,000,452 | ---- | C] () -- C:\Users\C\Documents\cc_20120127_105640.reg
[2012/01/27 00:27:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 00:27:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 00:27:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 00:27:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 00:27:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/25 20:29:45 | 000,000,000 | ---- | C] () -- C:\Users\C\defogger_reenable
[2012/01/20 19:17:01 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/20 19:17:01 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/20 00:27:44 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/19 21:10:49 | 002,239,098 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/19 21:07:51 | 000,001,632 | ---- | C] () -- C:\Users\C\Desktop\sdsetup.exe.lnk
[2012/01/19 19:40:16 | 000,000,916 | ---- | C] () -- C:\Users\C\Desktop\Norton Installation Files.lnk
[2012/01/18 23:32:50 | 000,002,686 | ---- | C] () -- C:\Users\C\Documents\NewDatabase.kdbx
[2012/01/18 21:58:30 | 000,001,795 | ---- | C] () -- C:\Users\C\Desktop\Process Hacker 2.lnk
[2012/01/14 01:21:47 | 000,005,039 | ---- | C] () -- C:\Users\C\AppData\Local\Temp17.html
[2012/01/14 01:08:58 | 000,001,293 | ---- | C] () -- C:\Users\C\AppData\Local\Temp1.html
[2012/01/13 02:43:31 | 000,000,177 | ---- | C] () -- C:\Users\C\Desktop\Comcast Security.url
[2012/01/13 02:43:31 | 000,000,074 | ---- | C] () -- C:\Users\C\Desktop\Ask Comcast.url
[2012/01/13 02:43:31 | 000,000,054 | ---- | C] () -- C:\Users\C\Desktop\Comcast Help.url
[2012/01/13 02:43:30 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
[2012/01/13 02:43:30 | 000,000,171 | ---- | C] () -- C:\Users\C\Desktop\Comcast Email.url
[2012/01/13 02:43:30 | 000,000,081 | ---- | C] () -- C:\Users\C\Desktop\Comcast Account Login.url
[2012/01/07 12:36:35 | 000,000,512 | ---- | C] () -- C:\Users\C\Documents\MBR.dat
[2012/01/02 22:56:58 | 000,000,046 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/06 21:21:47 | 006,342,403 | ---- | C] () -- C:\Users\C\AppData\Roaming\SMRBackup210.dat
[2011/12/05 21:13:44 | 000,000,680 | ---- | C] () -- C:\Users\C\AppData\Local\d3d9caps.dat
[2011/11/22 11:28:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/02 22:13:01 | 000,000,140 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/01/02 22:53:53 | 000,000,018 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/17 00:31:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/09 23:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/09 23:05:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/14 04:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/22 07:00:18 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/16 18:27:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/06 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\DataSafeOnline
[2012/01/10 01:28:57 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\f-secure
[2012/01/10 02:28:53 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\FreeFixer
[2011/12/24 04:13:20 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\iolo
[2012/01/18 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\KeePass
[2011/12/31 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\OpenCandy
[2012/01/21 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\PCTools
[2012/01/24 11:45:57 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\Process Hacker 2
[2011/12/07 01:29:18 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\QFX Software
[2012/01/19 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\TestApp
[2011/12/07 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\Tific
[2012/01/27 22:58:25 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\VS Revo Group
[2011/12/05 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\WinPatrol
[2010/05/24 08:32:06 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/23 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\DataSafeOnline
[2009/12/12 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\eMusic
[2009/12/22 13:21:49 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Funambol
[2011/12/24 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\iolo
[2012/01/19 00:20:40 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Process Hacker 2
[2012/01/25 11:38:19 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Qualys
[2012/01/23 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\QuickScan
[2010/01/04 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\supportdotcom
[2011/02/26 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\SupportSoft
[2009/01/26 19:04:08 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Template
[2010/01/13 01:07:41 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\Tific
[2010/08/22 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow PowerPack 2010
[2011/11/19 15:06:16 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow PowerPack 2011
[2010/08/07 11:18:18 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\TweakNow RegCleaner
[2012/02/01 23:09:26 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< C:\Users\*. >
[2009/01/19 18:14:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users
[2012/01/26 00:12:53 | 000,000,000 | ---D | M] -- C:\Users\C
[2012/01/26 00:12:05 | 000,000,000 | ---D | M] -- C:\Users\D
[2011/11/29 17:19:18 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2009/01/19 18:14:47 | 000,000,000 | -HSD | M] -- C:\Users\Default User
[2011/11/29 17:19:18 | 000,000,000 | R--D | M] -- C:\Users\Public

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Edited by MinuteMouse, 02 February 2012 - 08:41 PM.

#17
MinuteMouse

Posted 03 February 2012 - 06:56 PM

Member

Topic Starter
Member
21 posts

Anything New? Cheers.

#18
Crag_Hack

Posted 04 February 2012 - 02:42 PM

Trusted Helper

Malware Removal
1,839 posts

Hi MinuteMouse. What symptoms are still present on your computer? Please explain in detail.

#19
MinuteMouse

Posted 04 February 2012 - 03:34 PM

Member

Topic Starter
Member
21 posts

Strange files I didn't install, concerns about the music/ads that were suddenly playing on my system (what would have caused this), the strange user-name ("C"). I would like to know what your overall professional impressions are. What did OTL tell you? What was removed/changed since you started helping me. I would like to know if my system is (now) free of infection, if there is a backdoor, should I reinstall ...? Am I good to go? More help needed? Everything clean???

- Your help is much appreciated.

#20
Crag_Hack

Posted 04 February 2012 - 03:52 PM

Trusted Helper

Malware Removal
1,839 posts

So are you not experiencing music and ads anymore? How about the redirects? What new and unusual files are present? Is your computer still performing slowly? What settings on your AV tools were changed and are they back to normal? You said new programs were installed - what were they? Still getting security popups? Regarding your user accounts - you have only two accounts - D and C - C is an administrator account and I'm guessing D is a standard account. This is in line with what you said about having two user accounts one standard and one administrator - it's possible your account could have gotten renamed. Your OTL log was very clean save one entry which we cleaned - it was a malicious driver service. Try and give detailed answers to the previous questions and post a reply. Then try using your computer for a while and see if you still have any symptoms. Then report back to me.

#21
MinuteMouse

Posted 04 February 2012 - 05:42 PM

Member

Topic Starter
Member
21 posts

Hello, thanks for the response.

I haven't heard the music/ads (The ads were for a company called IDG) ... Performance overall pretty good...

I have noticed that in every file/folder/and on desktop there is something called "desktop.ini" ... this appeared during the past two weeks or so.

No weird security pop-ups.

HAVE seen alert saying repeatedly Back-Up failed.

A new, frequent alert (lower right hand side) inquiring whether I want "solutions to computer problems" --- do not know for sure if this is Microsoft or not.

Temp files (gif) with names like Start_Virus_Over were detected ahile back (browsed Sophos site at the time and said these could have been Trojans/Rootkit related). Someone told me hacker software programs like Camera Shy and Scattered could have produced these GIF files to be used maliciously.

When I use Mozilla it lately seems to be preventing redirects ... asks me if I want to allow or not. I see a lot of what appear to possibly be persistent cookies on lower left of screen when pages are loading. Have noticed weird established connections/listening (using Process Hacker tool had to change Local Host name to get rid something called 007Guard).

I noticed something called "Volume Manager" (2 GB), which, I have never seen before... what is this?

A lot of Windows e-mail (which I don't really use) --- sent at the exact same time/same date (about 40 of them). The computer seems to be laboring excessively at times.

Spyware Doctor detected an outrageous amount of malware/trojans (about 150 or so) awhile back (false positives? who knows). That's 'bout all I notice at present time ... Do not know if any of the above are anything to be concerned with but wanted to alert you to them regardless.

****Can you tell me what the malicious driver was that OTL detected and what problems it created/could have created?****

****Do you think I have a BACKDOOR or if I should maybe wipe/re-install Windows?****

Thanks MUCH.

Edited by MinuteMouse, 04 February 2012 - 06:00 PM.

#22
MinuteMouse

Posted 05 February 2012 - 08:04 PM

Member

Topic Starter
Member
21 posts

UPDATE:

HI, A Trojan was detected on my system troj_hidefil.bmc (OTM.exe) which was then apparently killed by Trend Micro.

THEN -- Secuina started reporting new programs being installed on my system including KAPERSKY TDSS Killer and Systinternals....

What Now???

Thanks

Edited by MinuteMouse, 05 February 2012 - 08:06 PM.

#23
Crag_Hack

Posted 06 February 2012 - 04:04 PM

Trusted Helper

Malware Removal
1,839 posts

****Can you tell me what the malicious driver was that OTL detected and what problems it created/could have created?****

I just consulted a colleague and it turns out that was a false positive on my part. Fortunately it's not important.

****Do you think I have a BACKDOOR or if I should maybe wipe/re-install Windows?****

Let's try disinfecting. I think you are safe for now.

A new, frequent alert (lower right hand side) inquiring whether I want "solutions to computer problems" --- do not know for sure if this is Microsoft or not.

Sounds like it's part of Windows

Have noticed weird established connections/listening (using Process Hacker tool had to change Local Host name to get rid something called 007Guard).

Nothing to worry about.

I noticed something called "Volume Manager" (2 GB), which, I have never seen before... what is this?

Can you elaborate? Where does this appear?

A lot of Windows e-mail (which I don't really use) --- sent at the exact same time/same date (about 40 of them).

So are you saying all the email was sent using the built in Windows mail client? Do you normally use webmail? Have you set up the Windows mail client for your Yahoo account but just don't use the program?

When I use Mozilla it lately seems to be preventing redirects ... asks me if I want to allow or not.

Please elaborate. What sites are getting redirected? What exactly does Mozilla say? Try using Internet Explorer and see if you get redirected in it.

HAVE seen alert saying repeatedly Back-Up failed.

Have you set up your computer to be backed up? What program is saying the backup failed?

#24
MinuteMouse

Posted 06 February 2012 - 05:02 PM

Member

Topic Starter
Member
21 posts

Hello,

You stated we would disinfect. Okay, great. I trust You'll let me know when/how I should disinfect?

Correction re: :"VOLUME MANAGER" It's actually a file called "MY VOLUME" (located at C:\Users\D\MY VOLUME) asks me which program I want to start "it" with. It's 2 gb but nothing seems to open successfully with it...

followed by a bunch of other files such as

ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2 (REG TRANS-MS file)

NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.rgtr etc...

The Windows e-mail was all sent to me at the exact same time/date (within seconds of one another) something rss. Several were titled "no subject eml"
I set up accounts for windows email but never used to send or receive.

When searching with Mozilla, on lower left hand side of screen it says "Transferring data to ..." and then an assortment of unfamiliar sites will quickly flash by.

I recently attempted a back up but an alert appeared saying there had been a "CATASTROPHIC ERROR."

Thanks very much for your time. Have a good one.
mm

Edited by MinuteMouse, 06 February 2012 - 05:03 PM.

#25
Crag_Hack

Posted 07 February 2012 - 03:35 PM

Trusted Helper

Malware Removal
1,839 posts

Hi MinuteMouse. I need more information about the redirecting issue. Please answer the following questions.

When searching with Mozilla, on lower left hand side of screen it says "Transferring data to ..." and then an assortment of unfamiliar sites will quickly flash by.

Try using Internet Explorer and see if you get redirected in it. Let me know the results. Are the redirected sites generally porn ones? Once the sites flash by do you go to your desired site?

Also please run this scan.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
C:\Program Files\Common Files\ComObjects\*.* /s
```
Click the Quick Scan button. Post the log it produces in your next reply.

#26
MinuteMouse

Posted 07 February 2012 - 09:02 PM

Member

Topic Starter
Member
21 posts

Hi, just a really fast flurry of unfamiliar sites ... don't really know for sure what kind of sites -- just a lot of strange ones I had never seen -- could be any type I suppose. Sometimes Mozilla alerts me that it has "prevented redirection" and then asks if I want to "allow" a particular page and then provides a button in upper right hand side to allow or not. This doesn't happen all of the time. I generally seem to get to the specified sites. You asked me to try IE to see if redirection occurs there as well. When I tried IE, it was not working for some reason -- an alert popup said to "diagnose connection problems." Mozilla seems to be working okay -- was not noticing the weird "transferring data to" sites, the last time I checked, anyway. I will run OTL and report back to you. Thanks.

Edited by MinuteMouse, 07 February 2012 - 09:04 PM.

#27
MinuteMouse

Posted 07 February 2012 - 09:41 PM

Member

Topic Starter
Member
21 posts

OTL logfile created on: 2/7/2012 8:06:51 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.86% Memory free
4.88 Gb Paging File | 3.81 Gb Available in Paging File | 78.20% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 99.35 Gb Free Space | 44.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.20 Gb Free Space | 52.04% Space Free | Partition Type: NTFS

Computer Name: D-PC | User Name: C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 08:55:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/28 09:46:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\D\Desktop\OTL.exe
PRC - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/29 08:55:53 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/23 12:06:17 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2012/01/11 16:18:14 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/01/11 14:56:12 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/01/11 14:56:08 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/01/06 11:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2012/02/04 10:56:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 10:56:30 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/12/31 12:56:49 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2011/12/15 16:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120207.005\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/14 17:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/12/01 16:07:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/30 19:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/29 23:27:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120207.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/29 23:27:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120207.020\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/06/06 00:24:08 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/04 11:36:32 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2011/04/20 18:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/13 04:21:40 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/14 18:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2007/10/29 02:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/18 11:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..keyword.URL: "http://aolsearch.aol...archbox&query="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\components [2012/02/01 17:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\xulrunner\plugins [2012/02/01 17:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 03:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 16:42:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/07 16:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/06 23:32:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 23:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 15:06:57 | 000,000,000 | ---D | M]

[2011/12/06 13:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C\AppData\Roaming\mozilla\Extensions
[2012/01/30 15:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions
[2012/01/30 15:07:04 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/25 00:54:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/12/25 00:54:30 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\C\AppData\Roaming\mozilla\Firefox\Profiles\vvb3bvb9.default\extensions\[email protected]
[2012/02/04 23:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 08:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/03 17:09:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/10 13:35:18 | 000,002,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/01/29 06:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 06:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\C\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\C\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Users\D\Desktop\Downloads\etunes downloads\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\C\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/01/31 11:31:26 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://icmsweb.star...olv_cs/smsx.cab (MeadCo ScriptX)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9C63BB0-190C-469D-BF4B-2E14F0B49D93}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 13:59:23 | 000,000,000 | ---D | C] -- C:\Users\C\Desktop\GooredFix Backups
[2012/02/06 22:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
[2012/02/06 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2012/02/04 23:39:12 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\temp
[2012/02/04 23:37:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/04 23:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2012/02/04 23:10:47 | 000,173,880 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2012/01/31 11:30:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/30 15:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2012/01/30 15:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/01/30 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\C\Desktop\AOL Saved PFC
[2012/01/30 12:03:50 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\AOL
[2012/01/29 00:36:02 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\Norman Malware Cleaner
[2012/01/29 00:21:49 | 000,000,000 | ---D | C] -- C:\Users\C\Documents\Simply Super Software
[2012/01/28 12:55:40 | 000,000,000 | ---D | C] -- C:\My Backups
[2012/01/28 12:55:33 | 000,187,016 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\EuFdDisk.sys
[2012/01/28 12:55:33 | 000,050,312 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
[2012/01/28 12:55:33 | 000,017,032 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2012/01/28 12:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS
[2012/01/27 23:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/01/27 23:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/27 22:58:25 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\VS Revo Group
[2012/01/27 18:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2012/01/27 18:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/27 18:04:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/27 18:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/27 00:27:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/27 00:27:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/27 00:27:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/27 00:27:18 | 000,000,000 | ---D | C] -- C:\user567
[2012/01/27 00:26:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/26 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\Eraser 6
[2012/01/25 11:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/25 00:26:34 | 000,000,000 | ---D | C] -- C:\Users\C\DoctorWeb
[2012/01/23 20:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/21 23:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/21 11:06:59 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\PCTools
[2012/01/21 03:20:27 | 000,574,424 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/01/21 03:20:27 | 000,035,264 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2012/01/21 03:20:25 | 000,054,328 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/01/20 00:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/20 00:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/19 21:14:01 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/01/19 21:14:01 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/01/19 21:13:26 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/01/19 21:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/01/19 21:13:20 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/01/19 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/19 21:10:46 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/01/19 21:10:46 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/01/19 21:10:41 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/01/19 21:10:41 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/01/19 21:10:31 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/19 21:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/19 21:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/19 21:07:49 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\TestApp
[2012/01/19 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/01/18 23:35:32 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\KeePass
[2012/01/18 22:05:02 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\Process Hacker 2
[2012/01/18 21:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012/01/18 21:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012/01/18 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/01/14 01:08:15 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\System32\drivers\rspSanity32.sys
[2012/01/14 01:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\SanityCheck
[2012/01/13 02:43:30 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\SupportSoft
[2012/01/13 01:56:08 | 000,000,000 | ---D | C] -- C:\Microsoft
[2012/01/10 01:50:08 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\FreeFixer
[2012/01/10 01:50:08 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Local\FreeFixer
[2012/01/10 01:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2012/01/10 01:28:57 | 000,000,000 | ---D | C] -- C:\Users\C\AppData\Roaming\f-secure
[2012/01/10 01:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

========== Files - Modified Within 30 Days ==========

[2012/02/07 18:34:52 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 18:34:52 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 16:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3008658398-1242687141-1261451896-1001UA.job
[2012/02/07 16:34:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 09:50:23 | 000,000,020 | ---- | M] () -- C:\Windows\msoffice.ini
[2012/02/06 20:56:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3008658398-1242687141-1261451896-1001Core.job
[2012/02/06 14:35:55 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/06 14:35:55 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/06 03:22:12 | 000,421,816 | ---- | M] () -- C:\Users\C\AppData\Local\census.cache
[2012/02/06 03:21:56 | 000,178,971 | ---- | M] () -- C:\Users\C\AppData\Local\ars.cache
[2012/02/05 23:22:50 | 000,000,512 | ---- | M] () -- C:\Users\C\Desktop\MBR.dat
[2012/02/05 18:20:12 | 000,000,036 | ---- | M] () -- C:\Users\C\AppData\Local\housecall.guid.cache
[2012/02/04 23:04:08 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/03 15:55:06 | 000,000,832 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 11:25:53 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/01 13:34:36 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2012/01/31 13:34:12 | 002,356,466 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/01/31 13:34:04 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/31 11:31:26 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/30 15:07:25 | 000,002,037 | -H-- | M] () -- C:\IPH.PH
[2012/01/29 01:33:26 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
[2012/01/27 23:03:07 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 22:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/27 18:04:47 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 17:45:59 | 000,000,528 | R--- | M] () -- C:\MediaID.bin
[2012/01/27 12:33:21 | 000,001,051 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/01/27 12:33:21 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/01/27 11:25:32 | 000,299,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 10:56:47 | 000,000,452 | ---- | M] () -- C:\Users\C\Documents\cc_20120127_105640.reg
[2012/01/27 01:28:34 | 002,239,098 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/26 13:57:55 | 000,002,024 | ---- | M] () -- C:\Users\C\Desktop\Google Chrome.lnk
[2012/01/26 13:57:55 | 000,001,986 | ---- | M] () -- C:\Users\C\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/25 20:51:17 | 000,000,512 | ---- | M] () -- C:\Users\C\Documents\MBR.dat
[2012/01/22 16:35:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/22 01:11:52 | 000,001,795 | ---- | M] () -- C:\Users\C\Desktop\Process Hacker 2.lnk
[2012/01/20 19:17:01 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/20 09:18:12 | 000,001,873 | ---- | M] () -- C:\Users\C\Desktop\System Mechanic.lnk
[2012/01/20 00:27:44 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/19 21:07:51 | 000,001,632 | ---- | M] () -- C:\Users\C\Desktop\sdsetup.exe.lnk
[2012/01/19 19:40:18 | 000,000,916 | ---- | M] () -- C:\Users\C\Desktop\Norton Installation Files.lnk
[2012/01/18 23:32:50 | 000,002,686 | ---- | M] () -- C:\Users\C\Documents\NewDatabase.kdbx
[2012/01/14 01:21:47 | 000,005,039 | ---- | M] () -- C:\Users\C\AppData\Local\Temp17.html
[2012/01/14 01:20:19 | 000,001,293 | ---- | M] () -- C:\Users\C\AppData\Local\Temp1.html
[2012/01/13 02:43:31 | 000,000,177 | ---- | M] () -- C:\Users\C\Desktop\Comcast Security.url
[2012/01/13 02:43:31 | 000,000,171 | ---- | M] () -- C:\Users\C\Desktop\Comcast Email.url
[2012/01/13 02:43:31 | 000,000,074 | ---- | M] () -- C:\Users\C\Desktop\Ask Comcast.url
[2012/01/13 02:43:31 | 000,000,054 | ---- | M] () -- C:\Users\C\Desktop\Comcast Help.url
[2012/01/13 02:43:30 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
[2012/01/13 02:43:30 | 000,000,081 | ---- | M] () -- C:\Users\C\Desktop\Comcast Account Login.url
[2012/01/11 16:19:24 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/11 16:17:50 | 000,017,848 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/01/11 16:14:36 | 000,107,864 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/01/11 16:14:30 | 000,253,352 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/01/11 14:56:12 | 000,574,424 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2012/01/11 14:56:12 | 000,054,328 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2012/01/11 14:56:12 | 000,035,264 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys

========== Files Created - No Company Name ==========

[2012/02/05 18:29:23 | 000,421,816 | ---- | C] () -- C:\Users\C\AppData\Local\census.cache
[2012/02/05 18:29:02 | 000,178,971 | ---- | C] () -- C:\Users\C\AppData\Local\ars.cache
[2012/02/05 18:20:12 | 000,000,036 | ---- | C] () -- C:\Users\C\AppData\Local\housecall.guid.cache
[2012/01/31 13:34:04 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/31 11:25:48 | 000,000,512 | ---- | C] () -- C:\Users\C\Desktop\MBR.dat
[2012/01/30 15:05:06 | 000,002,037 | -H-- | C] () -- C:\IPH.PH
[2012/01/29 01:33:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/01/29 00:21:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012/01/29 00:21:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2012/01/29 00:21:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012/01/29 00:21:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012/01/28 12:55:32 | 000,044,680 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2012/01/27 23:03:07 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/27 19:00:06 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2012/01/27 18:04:47 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 17:45:59 | 000,000,528 | R--- | C] () -- C:\MediaID.bin
[2012/01/27 11:25:14 | 000,299,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/27 10:56:45 | 000,000,452 | ---- | C] () -- C:\Users\C\Documents\cc_20120127_105640.reg
[2012/01/27 00:27:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/27 00:27:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/27 00:27:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/27 00:27:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/27 00:27:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/20 19:17:01 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/20 19:17:01 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/01/20 00:27:44 | 000,001,941 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/01/19 21:10:49 | 002,239,098 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/19 21:07:51 | 000,001,632 | ---- | C] () -- C:\Users\C\Desktop\sdsetup.exe.lnk
[2012/01/19 19:40:16 | 000,000,916 | ---- | C] () -- C:\Users\C\Desktop\Norton Installation Files.lnk
[2012/01/18 23:32:50 | 000,002,686 | ---- | C] () -- C:\Users\C\Documents\NewDatabase.kdbx
[2012/01/18 21:58:30 | 000,001,795 | ---- | C] () -- C:\Users\C\Desktop\Process Hacker 2.lnk
[2012/01/14 01:21:47 | 000,005,039 | ---- | C] () -- C:\Users\C\AppData\Local\Temp17.html
[2012/01/14 01:08:58 | 000,001,293 | ---- | C] () -- C:\Users\C\AppData\Local\Temp1.html
[2012/01/13 02:43:31 | 000,000,177 | ---- | C] () -- C:\Users\C\Desktop\Comcast Security.url
[2012/01/13 02:43:31 | 000,000,074 | ---- | C] () -- C:\Users\C\Desktop\Ask Comcast.url
[2012/01/13 02:43:31 | 000,000,054 | ---- | C] () -- C:\Users\C\Desktop\Comcast Help.url
[2012/01/13 02:43:30 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
[2012/01/13 02:43:30 | 000,000,171 | ---- | C] () -- C:\Users\C\Desktop\Comcast Email.url
[2012/01/13 02:43:30 | 000,000,081 | ---- | C] () -- C:\Users\C\Desktop\Comcast Account Login.url
[2012/01/02 22:56:58 | 000,000,046 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/06 21:21:47 | 006,342,403 | ---- | C] () -- C:\Users\C\AppData\Roaming\SMRBackup210.dat
[2011/12/05 21:13:44 | 000,000,680 | ---- | C] () -- C:\Users\C\AppData\Local\d3d9caps.dat
[2011/11/22 11:28:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/02 22:13:01 | 000,000,140 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/01/02 22:53:53 | 000,000,020 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/12/17 00:31:13 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/08/09 23:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/09 23:05:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/14 04:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/22 07:00:18 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/16 18:27:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/03/19 04:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 04:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 04:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 04:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 04:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 04:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 06:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/06 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\DataSafeOnline
[2012/01/10 01:28:57 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\f-secure
[2012/01/10 02:28:53 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\FreeFixer
[2011/12/24 04:13:20 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\iolo
[2012/01/18 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\KeePass
[2011/12/31 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\OpenCandy
[2012/01/21 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\PCTools
[2012/01/24 11:45:57 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\Process Hacker 2
[2011/12/07 01:29:18 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\QFX Software
[2012/01/19 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\TestApp
[2011/12/07 01:00:07 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\Tific
[2012/01/27 22:58:25 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\VS Revo Group
[2011/12/05 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\C\AppData\Roaming\WinPatrol
[2012/02/07 14:32:54 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

#28
Crag_Hack

Posted 08 February 2012 - 05:59 PM

Trusted Helper

Malware Removal
1,839 posts

Hello MinuteMouse. Next step is to run this bad boy:

Please download Farbar Service Scanner and run it.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

#29
MinuteMouse

Posted 08 February 2012 - 09:55 PM

Member

Topic Starter
Member
21 posts

Farbar Service Scanner Version: 08-02-2012
Ran by C (administrator) on 08-02-2012 at 20:52:49
Running from "C:\Users\D\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****