I have done a regular Super AntiSpyware scan just last night, and I found that there was an infection with this file: C:\PROGRAM FILES (X86)\ADOBE\READER 10.0\READER\READER_SL.EXE. It was detected as a Trojan.Agent/Gen-Decay. I have gone ahead and quarantined it as SAS suggested. Below is the OTL.txt log and I have attached the SAS log and Extras.txt file.
Since this has something to do with the Acrobat PDF Reader, I am doubting this is just a false positive since I regularly use PDF reader to open documents.
But I am not sure and choose to be on the safe side and seek for your aid. I am already paranoid at this point and I fear any spyware/malware writer actively monitoring the my machine.
Please help me in investigating this. Thank you very much!
EDIT: Please see update 2 posts below this one.
OTL logfile created on: 4/3/2012 6:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jonas\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.05% Memory free
7.98 Gb Paging File | 5.09 Gb Available in Paging File | 63.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.48 Gb Total Space | 60.84 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
Drive D: | 48.73 Gb Total Space | 48.58 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
Drive E: | 736.20 Gb Total Space | 70.03 Gb Free Space | 9.51% Space Free | Partition Type: NTFS
Computer Name: SOURCE | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/03 06:30:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
PRC - [2012/03/19 21:59:08 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/07 08:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/28 11:38:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/16 18:35:40 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/04/09 17:04:44 | 000,022,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/08/29 17:27:30 | 000,143,360 | ---- | M] (Vimicro Corporation) -- C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2008/05/22 10:58:26 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2008/04/17 18:35:00 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/01 17:08:14 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/19 21:59:07 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\SpywareGuard\sgbhp.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/12 05:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/15 11:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/09 00:31:40 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/08/12 07:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/11 14:44:46 | 000,171,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/01 17:08:16 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/28 11:38:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/09 00:37:14 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/09 00:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/12/16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/04/09 17:04:44 | 000,022,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/22 10:58:26 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2008/04/17 18:35:00 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/07 08:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/07 08:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/07 08:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/07 08:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/07 08:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/07 08:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/15 11:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/15 10:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/06 03:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/07/23 00:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 05:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/19 17:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/12/16 18:12:18 | 000,128,584 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2010/12/16 18:12:11 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2010/12/16 18:12:04 | 000,150,088 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2010/12/16 18:11:56 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2010/12/16 18:11:49 | 000,158,280 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2010/01/20 11:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel®
DRV:64bit: - [2009/11/19 07:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/15 19:41:18 | 000,179,752 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/07 16:02:29 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/11/22 00:28:57 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/10/28 12:48:48 | 000,018,200 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\variable64.sys -- (EfiVariable)
DRV - [2010/10/07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/03 12:42:02 | 000,030,384 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys -- (IOCBIOS)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/iat/us_ph.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B D1 EB 4C ED 49 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.2
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/07 23:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/19 21:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/16 07:37:26 | 000,000,000 | ---D | M]
[2010/11/28 08:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Extensions
[2012/03/19 21:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\tjkq2osn.default\extensions
[2012/03/05 21:49:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jonas\AppData\Roaming\mozilla\Firefox\Profiles\tjkq2osn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/04/03 01:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/28 00:16:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/03 01:15:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/07 23:24:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\JONAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TJKQ2OSN.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JONAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TJKQ2OSN.DEFAULT\EXTENSIONS\{CF47767D-5F3A-4E32-9FCE-5D79565C9702}.XPI
() (No name found) -- C:\USERS\JONAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TJKQ2OSN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/19 21:59:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/03 01:15:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/13 00:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/01/02 06:45:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/02 06:45:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/07/23 02:36:34 | 000,614,291 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16344 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} https://mylearning.a...base/SDData.cab (SDData.clsData)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} https://mylearning.a...base/SDAICC.cab (SDAICC.clsAICC)
O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} https://mylearning.a...base/SDWAPI.cab (SDWAPI.clsWAPI)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 124.106.5.2 124.106.4.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4589A8D1-241E-4AF5-A0DC-6F72581EA27A}: DhcpNameServer = 124.106.5.2 124.106.4.2
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/04/03 06:30:18 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012/04/01 10:49:11 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Roaming\FXTS2
[2012/04/01 10:49:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{22E8A5FB-0430-470C-BBEB-436F36D0DCC1}
[2012/04/01 10:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FX Trading
[2012/04/01 10:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2012/04/01 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\AppData\Local\PackageAware
[2012/04/01 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXCM MetaTrader 4
[2012/04/01 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FXCM MetaTrader 4
[2012/04/01 10:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes
[2012/03/31 18:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/31 18:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/31 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/31 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/19 21:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/19 21:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/03/19 21:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/19 21:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/19 21:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/15 00:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jonas\.oanda
[2012/03/11 10:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
========== Files - Modified Within 30 Days ==========
[2012/04/03 06:30:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jonas\Desktop\OTL.exe
[2012/04/03 06:09:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 06:09:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 06:01:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 06:00:58 | 000,000,344 | ---- | M] () -- C:\Windows\SysWow64\mvcli.xml
[2012/04/03 06:00:58 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2012/04/03 06:00:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/03 06:00:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 06:00:40 | 3213,144,064 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 05:40:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 01:27:57 | 000,000,469 | ---- | M] () -- C:\Users\Jonas\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2012/04/02 21:32:26 | 000,872,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/02 21:32:26 | 000,726,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/02 21:32:26 | 000,146,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/02 21:24:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/01 10:49:04 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2012/03/19 21:37:48 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/15 07:01:34 | 004,968,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 05:13:38 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/12 05:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/12 05:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/12 05:13:17 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/11 14:06:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/11 14:06:03 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/11 10:54:32 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/03/07 08:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/07 08:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/07 08:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/07 08:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/07 08:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/07 08:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/07 08:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/07 08:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/07 08:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
========== Files Created - No Company Name ==========
[2012/04/01 17:08:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/01 10:49:04 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2012/03/19 21:37:48 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/02/15 10:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 10:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/28 11:38:21 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/28 11:38:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/28 11:38:14 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/07 00:54:05 | 007,538,093 | ---- | C] () -- C:\Users\Jonas\AppData\Local\census.cache
[2011/08/07 00:53:28 | 000,135,509 | ---- | C] () -- C:\Users\Jonas\AppData\Local\ars.cache
[2011/08/07 00:35:49 | 000,000,036 | ---- | C] () -- C:\Users\Jonas\AppData\Local\housecall.guid.cache
[2011/07/01 10:39:05 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{B3D6B31D-FFC4-4AD3-9F4A-90492E9B7F71}
[2011/06/17 08:57:38 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{00D38F97-705A-4D90-8074-0D5621CAF514}
[2011/05/31 16:41:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/07 21:43:26 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{3A134E27-C256-4800-B157-845DAC9F4443}
[2011/05/02 21:50:48 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{0472CD4A-AAF2-46B5-A900-22245F749312}
[2011/05/02 21:48:59 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{EE8C1FAB-8859-434A-A805-01F2646AAE34}
[2011/05/02 21:46:52 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{1A0DEDB2-BFCE-4F06-9DD2-352810A9A2F8}
[2011/05/02 21:44:46 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{D64923D5-3283-48F4-A3D7-6D8CB21CBD39}
[2011/05/02 21:41:45 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{22E7239E-113D-4332-BAF1-7B33B9D78B90}
[2011/05/02 21:39:16 | 000,000,000 | ---- | C] () -- C:\Users\Jonas\AppData\Local\{F1060091-889B-4384-A505-77005AE72BEF}
[2011/03/19 22:52:08 | 000,000,135 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\default.rss
[2010/11/22 00:09:08 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2010/10/26 21:24:34 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/26 12:10:46 | 000,000,565 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\myMPQ.ini
[2010/09/05 14:11:23 | 000,866,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/05 01:12:11 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010/09/04 18:49:30 | 000,007,606 | ---- | C] () -- C:\Users\Jonas\AppData\Local\resmon.resmoncfg
[2010/09/02 05:51:32 | 000,000,469 | ---- | C] () -- C:\Users\Jonas\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2010/09/01 22:56:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/01 22:47:53 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
========== LOP Check ==========
[2011/08/08 04:07:12 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\abelhadigital.com
[2011/10/17 21:19:41 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/01 10:54:46 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\FXTS2
[2010/12/26 00:15:04 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\ImgBurn
[2011/06/09 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Notepad++
[2012/01/22 01:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Origin
[2010/10/29 01:01:50 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Panda Security
[2011/05/20 06:48:17 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Rovio
[2010/11/21 11:54:02 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\TuneUp Software
[2010/09/13 22:34:27 | 000,000,000 | ---D | M] -- C:\Users\Jonas\AppData\Roaming\Ubisoft
[2011/12/03 17:42:25 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Attached Files
Edited by fallenarchangel, 04 April 2012 - 08:15 PM.