Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Virus.Win64.ZAccess.b


  • Please log in to reply

#1
Proz

Proz

    New Member

  • Member
  • Pip
  • 5 posts
So my LANDesk Antivirus tells me it found a virus here's the warning message:

Virus found

A virus has been found in the following file. Contact your LANDesk administrator immediately to have the virus removed. Do not use the file until the infection is removed.

Path:
C:\Windows\System32

File name:
services.exe

Virus name:
Virus.Win64.ZAccess.b

The problem with this is I'm in a different state and I need my laptop so can you help me remove this Please?

Here's the OTL log:


OTL logfile created on: 7/12/2012 8:35:31 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Keasha\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 29.59% Memory free
5.49 Gb Paging File | 2.01 Gb Available in Paging File | 36.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135.64 Gb Total Space | 13.49 Gb Free Space | 9.95% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.19 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: PROZDECK | User Name: Keasha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 20:34:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
PRC - [2012/07/06 16:55:00 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/04 23:37:40 | 000,042,496 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Temp\DAT41FE.tmp.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Keasha\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/03/05 03:17:03 | 002,537,400 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.EXE
PRC - [2012/02/28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/14 21:25:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe
PRC - [2012/01/26 20:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
PRC - [2011/08/14 09:16:17 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/28 07:22:27 | 001,249,280 | ---- | M] (Irza Alexandr) -- C:\Program Files (x86)\Volume2\Volume2.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/01 22:21:04 | 000,679,303 | ---- | M] () -- C:\Users\Public\Documents\TotalTaskbarController\TaskbarController.exe
PRC - [2010/08/05 17:50:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\kavehost.exe
PRC - [2010/06/17 12:19:18 | 000,534,224 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe
PRC - [2010/06/09 05:56:14 | 000,845,312 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\LDAV.exe
PRC - [2010/06/01 05:30:58 | 000,315,904 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
PRC - [2010/04/27 08:45:32 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/04/22 08:30:52 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
PRC - [2010/04/16 07:57:42 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/03/30 09:06:02 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
PRC - [2009/11/23 16:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\collector.exe
PRC - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
PRC - [2008/12/14 22:54:52 | 000,451,584 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\GmoteServer.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\SysWOW64\cba\pds.exe
PRC - [2005/10/08 00:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 00:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/10 00:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 00:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 00:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 00:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 00:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 00:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/09 22:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2012/07/06 16:54:57 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/07/06 16:54:43 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/07/06 16:54:43 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/06 16:54:42 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/06 16:54:42 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/07/04 23:37:40 | 000,042,496 | ---- | M] () -- C:\Users\Keasha\AppData\Local\Temp\DAT41FE.tmp.exe
MOD - [2012/06/15 17:11:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/15 17:10:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 17:10:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/15 17:10:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/16 01:20:57 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/13 02:48:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 02:48:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 02:48:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/13 02:47:39 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/13 02:47:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 02:47:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 02:47:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 02:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 02:46:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/01/24 17:20:14 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/01 05:34:14 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\Sony\Content Manager Assistant\opencma.dll
MOD - [2011/03/01 22:21:04 | 000,679,303 | ---- | M] () -- C:\Users\Public\Documents\TotalTaskbarController\TaskbarController.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/23 16:20:54 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\LANDesk\LDClient\rollinglog.dll
MOD - [2009/10/25 22:27:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/10/25 22:27:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/10/25 22:27:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/10/25 22:27:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/10/25 22:27:46 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/10/25 22:27:44 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/10/25 22:27:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/10/25 22:27:20 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
MOD - [2008/12/14 22:54:52 | 000,451,584 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\GmoteServer.exe
MOD - [2008/11/13 07:43:40 | 000,735,744 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libx264_plugin.dll
MOD - [2008/11/13 07:43:10 | 004,688,384 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\avcodec-51.dll
MOD - [2008/11/13 07:43:10 | 001,278,464 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libxml2-2.dll
MOD - [2008/11/13 07:43:10 | 000,892,928 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libiconv-2.dll
MOD - [2008/11/13 07:43:10 | 000,546,304 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libfreetype-6.dll
MOD - [2008/11/13 07:43:10 | 000,278,016 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libgcrypt-11.dll
MOD - [2008/11/13 07:43:10 | 000,160,256 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libfontconfig-1.dll
MOD - [2008/11/13 07:43:10 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libz-1-2.dll
MOD - [2008/11/13 07:43:10 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libgpg-error-0.dll
MOD - [2008/11/13 07:34:28 | 001,168,384 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvorbis_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,992,768 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtaglib_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,281,600 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtheora_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtwolame_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libts_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvod_rtsp_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvout_directx_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvisual_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libty_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvobsub_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwaveout_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvcd_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwingdi_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtransform_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtelnet_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwall_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxtag_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwav_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvoc_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtta_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvmem_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvc1_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwave_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxa_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_channel_mixer_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_resampler_plugin.dll
MOD - [2008/11/13 07:34:28 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_mixer_plugin.dll
MOD - [2008/11/13 07:34:26 | 009,172,480 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libqt4_plugin.dll
MOD - [2008/11/13 07:34:26 | 001,888,768 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libskins2_plugin.dll
MOD - [2008/11/13 07:34:26 | 001,261,568 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmkv_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,701,440 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libschroedinger_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsdl_image_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,278,016 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libswscale_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,262,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmod_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,173,568 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpng_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmp4_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpostproc_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,101,888 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ts_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspeex_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libplaylist_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_rtp_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspatializer_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ps_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,063,488 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libportaudio_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mp4_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libogg_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpanoramix_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsap_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librc_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_asf_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_h264_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_transcode_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_standard_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libremoteosd_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealaudio_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libps_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmosaic_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libreal_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubtitle_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ogg_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librtp_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsdec_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_avi_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librss_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_vc1_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsusf_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libopengl_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotiondetect_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpuzzle_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnuv_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosd_parser_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpva_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspudec_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsmf_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librotate_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosdmenu_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmono_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscreen_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvid_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpsychedelic_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_duplicate_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_bridge_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstats_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscaletempo_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libparam_eq_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libntservice_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsv_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_es_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libquicktime_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpga_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshout_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealvideo_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawdv_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libripple_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpodcast_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsc_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnormvol_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmsn_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_gather_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_display_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsharpen_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscale_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvideo_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_wav_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_copy_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnoise_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mpjpeg_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotionblur_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_autodel_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshowintf_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_dummy_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgv_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_description_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libt140_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librv32_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_dummy_plugin.dll
MOD - [2008/11/13 07:34:26 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspdif_mixer_plugin.dll
MOD - [2008/11/13 07:34:24 | 001,061,888 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblive555_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,844,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libvlccore.dll
MOD - [2008/11/13 07:34:24 | 000,699,904 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavformat_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,612,864 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcaca_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,429,056 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgnutls_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,373,248 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_shout_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,303,616 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfaad_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,255,488 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblua_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,249,344 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflac_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdnav_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,199,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgoom_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdshow_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,152,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbda_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdread_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvbsub_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libatmo_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfreetype_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,104,448 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\libvlc.dll
MOD - [2008/11/13 07:34:24 | 000,102,912 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhttp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libkate_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibass_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libasf_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavcodec_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_mms_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavi_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libid3tag_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_http_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflacsys_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcmml_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_rtmp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_realrtsp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdeinterlace_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdda_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblend_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudioscrobbler_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudio_format_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_ftp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdirect3d_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,030,720 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libequalizer_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_timeshift_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_smb_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_record_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhotkeys_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadjust_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdmo_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libglwin32_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaraw_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_float_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgradient_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogo_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_directx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcrop_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcc_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadpcm_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libextract_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmagnify_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdummy_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_directory_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmarq_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcinepak_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_udp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdts_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogger_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libheadphone_channel_mixer_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libexport_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcroppadd_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgaussianblur_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfake_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liberase_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcvdsub_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libclone_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbluescreen_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmjpeg_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgestures_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libimage_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_http_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblinear_resampler_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcolorthres_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdg_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblendbench_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_file_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaiff_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtssys_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_dump_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy3dn_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_i420_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcanvas_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_file_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_fake_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52sys_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4a_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblpcm_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrain_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libau_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libalphamask_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_udp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_bandwidth_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4v_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_mmx_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libh264_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemuxdump_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_file_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libchain_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_tcp_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libinvert_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfolder_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy_plugin.dll
MOD - [2008/11/13 07:34:24 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_dummy_plugin.dll
MOD - [2008/10/21 15:59:00 | 000,169,984 | ---- | M] () -- C:\Program Files (x86)\RocketDock\Docklets\DigitalClock\DigitalClockDocklet.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2005/10/08 00:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/04 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/10 15:08:05 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/06 16:55:00 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/26 11:26:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/21 00:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/17 12:19:18 | 000,534,224 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe -- (LDAVService) LANDesk®
SRV - [2010/04/27 08:45:32 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/04/22 08:30:52 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2010/04/16 07:57:42 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/04/03 20:39:48 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/30 09:06:02 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe -- (CBA8) LANDesk®
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 01:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/05 17:50:28 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/12 12:21:32 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/23 15:01:12 | 000,020,480 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ldblank.sys -- (ldblank)
DRV:64bit: - [2009/11/23 15:01:12 | 000,006,656 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mirrorflt.sys -- (mirrorflt)
DRV:64bit: - [2009/11/23 15:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ldmirror.sys -- (ldmirror)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/04 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 15:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/09 09:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10208&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10208&home=1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.search...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25488

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "http://search.search...=1&si=10208&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keasha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keasha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/27 06:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/18 20:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 12:45:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/27 06:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 12:45:46 | 000,000,000 | ---D | M]

[2010/12/21 20:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keasha\AppData\Roaming\mozilla\Extensions
[2012/07/04 13:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions
[2012/06/20 20:59:16 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
[2011/12/07 21:01:27 | 000,000,000 | ---D | M] (Open in Private Browsing Mode) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\jid1-0FHdJAAQ7Nb73Q@jetpack
[2012/07/01 00:47:02 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\toolbar@ask.com
[2012/02/18 14:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/13 18:08:50 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/10/30 14:20:23 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/02/24 08:30:59 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012/06/26 11:26:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/14 21:25:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/26 11:26:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/07 20:51:25 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
[2012/06/26 11:26:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Keasha\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Keasha\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [HBLiteSA] "C:\Program Files (x86)\HBLite\bin\11.0.323.0\HBLiteSA.exe" File not found
O4 - HKLM..\Run: [LANDesk Antivirus] C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDav.exe (Avocent Corporation )
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Volume2] C:\Program Files (x86)\Volume2\Volume2.exe (Irza Alexandr)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Keasha\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAT41FE.tmp.exe] C:\Users\Keasha\AppData\Local\Temp\DAT41FE.tmp.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Personal Internet Security 2011] "C:\ProgramData\0b9580\PI0b9_2152.exe" /s /d File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
O4 - Startup: C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D557F61-9324-4EED-9D7C-110E6CAA6393}: DhcpNameServer = 10.200.1.40 10.200.1.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71702822-4CB8-4C00-81D7-00EC664EBD2C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b8694c2-540d-11df-94a2-00269e3b722c}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8694c2-540d-11df-94a2-00269e3b722c}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 20:34:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
[2012/07/12 18:11:25 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\SpeedyPC Software
[2012/07/12 18:11:25 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\DriverCure
[2012/07/12 18:11:04 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/07/12 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/07/12 18:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/12 18:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/07/11 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\LOVE
[2012/07/11 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Carbon
[2012/07/06 19:43:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/01 00:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/07/01 00:46:05 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Local\APN
[2012/07/01 00:45:49 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/07/01 00:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/06/30 23:33:55 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/06/30 23:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/06/30 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Documents\Image-Line
[2012/06/30 23:33:32 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/06/30 23:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/06/30 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/06/29 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Documents\Manga
[2012/06/29 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Quivi
[2012/06/29 09:47:45 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quivi
[2012/06/29 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Quivi
[2012/06/24 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Keasha\LDClient
[2012/06/18 02:28:17 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 20:34:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
[2012/07/12 20:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001UA.job
[2012/07/12 20:13:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 20:12:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 18:12:00 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/12 18:11:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/12 18:11:01 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/12 17:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001Core.job
[2012/07/12 16:28:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 16:28:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 16:21:49 | 000,000,953 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/12 16:17:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 16:17:39 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 21:19:07 | 000,009,036 | ---- | M] () -- C:\Users\Keasha\.recently-used.xbel
[2012/07/10 09:20:32 | 000,779,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/10 09:20:32 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/10 09:20:32 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 16:53:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeasha.job
[2012/07/01 00:45:49 | 000,001,138 | ---- | M] () -- C:\Users\Public\Documents\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/19 20:58:32 | 000,000,094 | ---- | M] () -- C:\Users\Keasha\webct_upload_applet.properties
[2012/06/15 17:02:28 | 000,547,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 18:11:59 | 000,000,494 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/07/12 18:11:01 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/07/12 18:10:51 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/07/11 21:19:07 | 000,009,036 | ---- | C] () -- C:\Users\Keasha\.recently-used.xbel
[2012/07/05 00:09:12 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}\U\80000000.@
[2012/07/05 00:09:11 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}\U\800000cb.@
[2012/07/05 00:09:09 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}\U\00000001.@
[2012/07/04 22:11:32 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKeasha.job
[2012/07/01 00:45:49 | 000,001,138 | ---- | C] () -- C:\Users\Public\Documents\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/19 20:58:32 | 000,000,094 | ---- | C] () -- C:\Users\Keasha\webct_upload_applet.properties
[2012/05/07 09:37:02 | 000,000,419 | ---- | C] () -- C:\Users\Keasha\.gtk-bookmarks
[2012/04/10 20:45:16 | 000,007,606 | ---- | C] () -- C:\Users\Keasha\AppData\Local\Resmon.ResmonCfg
[2012/01/15 20:30:46 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012/01/15 20:30:44 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2012/01/11 08:00:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}\@
[2012/01/11 08:00:38 | 000,002,048 | -HS- | C] () -- C:\Users\Keasha\AppData\Local\{f1430300-e695-d7c5-f583-4f169566af66}\@
[2012/01/01 22:11:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/04 19:21:41 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/13 10:13:58 | 523,522,685 | ---- | C] () -- C:\Users\Keasha\Archive.7z
[2011/05/13 15:37:36 | 000,008,340 | -HS- | C] () -- C:\ProgramData\b52clc54fxy270skpee4vyg6n4sec63l4
[2011/01/04 16:53:17 | 000,001,854 | ---- | C] () -- C:\Users\Keasha\AppData\Roaming\GhostObjGAFix.xml
[2010/10/28 22:46:55 | 002,440,206 | ---- | C] () -- C:\Users\Keasha\AppData\Local\[j0019]-[p02].bmp
[2010/10/28 22:46:53 | 002,440,206 | ---- | C] () -- C:\Users\Keasha\AppData\Local\[j0019]-[p01].bmp
[2010/03/25 12:41:55 | 000,006,656 | ---- | C] () -- C:\Users\Keasha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 14:05:15 | 000,008,400 | ---- | C] () -- C:\Users\Keasha\AppData\Roaming\wklnhst.dat
[2009/09/07 04:44:21 | 000,000,953 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2012/07/12 01:59:00 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\.minecraft
[2012/01/22 02:13:56 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\7stacks
[2012/07/11 20:37:48 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Carbon
[2010/08/16 16:09:42 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012/01/07 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Complitly
[2012/07/12 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\DriverCure
[2012/04/19 06:32:56 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Gmote
[2012/07/11 21:19:07 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\gtk-2.0
[2010/11/18 20:44:41 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\HBLite
[2009/12/27 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\iWin
[2011/04/21 08:20:10 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\LANDesk
[2012/07/11 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\LOVE
[2012/01/28 12:27:22 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\OnLive App
[2012/05/18 17:28:23 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Opera
[2011/01/10 22:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Keasha\AppData\Roaming\Personal Internet Security 2011
[2012/06/29 10:24:39 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Quivi
[2012/03/03 13:29:41 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\RotMG.Production
[2012/07/12 18:11:25 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\SpeedyPC Software
[2012/05/15 01:58:03 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Star Edit
[2010/01/12 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Template
[2012/05/17 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Volume2
[2012/03/07 22:24:03 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\WildTangent
[2009/12/29 04:22:38 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\WildTangentv1001
[2010/05/16 22:01:19 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Windows Live Writer
[2011/04/15 20:13:24 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/12 18:11:01 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/07/12 18:12:00 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/07/12 18:11:03 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



< End of report >
  • 0

Advertisement


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Proz! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Proz only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Have you set a proxy on the system?

Drive C: | 135.64 Gb Total Space | 13.49 Gb Free Space | 9.95% Space Free | Partition Type: NTFS

To ensure our tools run properly, the minimum free disk space required is 15%. I advise that you free some space up on drive C by uninstalling unwanted programs and deleting any personal files you don't want.


Step 1

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands 
    [CREATERESTOREPOINT] 
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={searchTerms}
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
    IE - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10208&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10208&home=1
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.search...q={searchTerms}
    FF - prefs.js..browser.search.order.1: "Complitly"
    FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0
    FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10208&q="
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/18 20:44:41 | 000,000,000 | ---D | M]
    [2012/07/01 00:47:02 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\toolbar@ask.com
    [2012/01/07 20:51:25 | 000,003,195 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml
    O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Keasha\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
    O2 - BHO: (ShoppingReport2) - {258C9770-1713-4021-8D7E-1F184A2BD754} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
    O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
    O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Keasha\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
    O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [HBLiteSA] "C:\Program Files (x86)\HBLite\bin\11.0.323.0\HBLiteSA.exe" File not found
    O4 - HKCU..\Run: [DAT41FE.tmp.exe] C:\Users\Keasha\AppData\Local\Temp\DAT41FE.tmp.exe ()
    O4 - HKCU..\Run: [Personal Internet Security 2011] "C:\ProgramData\0b9580\PI0b9_2152.exe" /s /d File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
    O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.21\ShoppingReport.dll File not found
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
    [2012/07/11 22:35:04 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\LOVE
    [2012/07/01 00:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2011/05/13 15:37:36 | 000,008,340 | -HS- | C] () -- C:\ProgramData\b52clc54fxy270skpee4vyg6n4sec63l4
    [2012/01/07 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Keasha\AppData\Roaming\Complitly
    [2011/01/10 22:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Keasha\AppData\Roaming\Personal Internet Security 2011
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Files
    C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}
    C:\Users\Keasha\AppData\Local\{f1430300-e695-d7c5-f583-4f169566af66}
    C:\Program Files (x86)\Yontoo Layers Runtime
    C:\Program Files (x86)\Windows Searchqu Toolbar
    C:\Program Files (x86)\HBLite
    C:\ProgramData\0b9580
    C:\Program Files (x86)\ShoppingReport2
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • Answer to my question
  • OTL Fix Log
  • OTL.txt
  • ComboFix.txt

  • 0

#4
Proz

Proz

    New Member

  • Member
  • Pip
  • 5 posts
Okay so no proxy

Here's the OTL Fix Log:

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Complitly" removed from browser.search.order.1
Prefs.js: HBLite@HBLite.com:11.0.0.0 removed from extensions.enabledItems
Prefs.js: "http://search.search...=1&si=10208&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions not found.
Folder C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\toolbar@ask.com\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\Complitly.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
C:\Users\Keasha\AppData\Roaming\Complitly\64\Complitly64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}\ deleted successfully.
C:\Users\Keasha\AppData\Roaming\Complitly\Complitly.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FF99715-3016-4381-84CE-E4E4C9673020} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}\ not found.
File C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HBLiteSA not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAT41FE.tmp.exe not found.
File C:\Users\Keasha\AppData\Local\Temp\DAT41FE.tmp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Personal Internet Security 2011 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB38E21A-0133-419d-92AD-ECDFD5244D6D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB620C54-E229-4942-87CE-E717109FC8C6}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Users\Keasha\AppData\Roaming\LOVE\ not found.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
File C:\ProgramData\b52clc54fxy270skpee4vyg6n4sec63l4 not found.
C:\Users\Keasha\AppData\Roaming\Complitly\64 folder moved successfully.
C:\Users\Keasha\AppData\Roaming\Complitly folder moved successfully.
Folder C:\Users\Keasha\AppData\Roaming\Personal Internet Security 2011\ not found.
File/Folder C:\Windows\*.tmp not found.
========== FILES ==========
C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66}\U folder moved successfully.
C:\Windows\Installer\{f1430300-e695-d7c5-f583-4f169566af66} folder moved successfully.
File\Folder C:\Users\Keasha\AppData\Local\{f1430300-e695-d7c5-f583-4f169566af66} not found.
C:\Program Files (x86)\Yontoo Layers Runtime folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\HBLite not found.
C:\ProgramData\0b9580\BackUp folder moved successfully.
C:\ProgramData\0b9580 folder moved successfully.
File\Folder C:\Program Files (x86)\ShoppingReport2 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Keasha\Desktop\cmd.bat deleted successfully.
C:\Users\Keasha\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 53632 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FAMILY
->Temp folder emptied: 59667723 bytes
->Temporary Internet Files folder emptied: 1246115 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keasha
->Temp folder emptied: 530053908 bytes
->Temporary Internet Files folder emptied: 31653447 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7054132 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 72133 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 575091 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 27723760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 628.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07132012_230620

Files\Folders moved on Reboot...
C:\Users\Keasha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\av10D1.tmp not found!
C:\Windows\temp\iswift.dat moved successfully.
C:\Windows\temp\sfdb.dat moved successfully.

PendingFileRenameOperations files...
File C:\Users\Keasha\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\av10D1.tmp not found!
File C:\Windows\temp\iswift.dat not found!
File C:\Windows\temp\sfdb.dat not found!

Registry entries deleted on Reboot...

Here's the scan:


OTL logfile created on: 7/13/2012 11:27:12 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Keasha\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 62.30% Memory free
5.49 Gb Paging File | 3.68 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135.64 Gb Total Space | 38.76 Gb Free Space | 28.57% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.19 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: PROZDECK | User Name: Keasha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 20:34:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
PRC - [2012/07/06 16:55:00 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Keasha\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/05 03:17:03 | 002,537,400 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.EXE
PRC - [2012/01/26 20:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
PRC - [2011/10/04 02:38:54 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/14 09:16:17 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/28 07:22:27 | 001,249,280 | ---- | M] (Irza Alexandr) -- C:\Program Files (x86)\Volume2\Volume2.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/05 17:50:28 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\kavehost.exe
PRC - [2010/06/17 12:19:18 | 000,534,224 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe
PRC - [2010/06/09 05:56:14 | 000,845,312 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\LDAV.exe
PRC - [2010/06/01 05:30:58 | 000,315,904 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
PRC - [2010/04/27 08:45:32 | 000,195,072 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2010/04/22 08:30:52 | 000,480,256 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
PRC - [2010/04/16 07:57:42 | 000,189,952 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
PRC - [2010/03/30 09:06:02 | 000,182,272 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
PRC - [2009/11/23 16:45:46 | 000,495,616 | ---- | M] (Avocent Corporation ) -- C:\Program Files (x86)\LANDesk\LDClient\collector.exe
PRC - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) -- C:\Windows\SysWOW64\cba\pds.exe
PRC - [2005/10/08 00:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/06 16:54:57 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/07/06 16:54:43 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/07/06 16:54:43 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/06 16:54:42 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/06 16:54:42 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/15 17:11:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/15 17:10:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 17:10:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/15 17:10:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/16 01:20:57 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/13 02:48:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 02:48:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 02:48:29 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/13 02:47:39 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/13 02:47:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 02:47:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 02:47:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 02:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 02:46:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/01/24 17:20:14 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/01 05:34:14 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\Sony\Content Manager Assistant\opencma.dll
MOD - [2011/10/04 02:38:54 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/19 10:45:36 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/03/19 10:45:36 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/03/19 10:45:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/23 16:20:54 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\LANDesk\LDClient\rollinglog.dll
MOD - [2009/10/25 22:27:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/10/25 22:27:54 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/10/25 22:27:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/10/25 22:27:46 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/10/25 22:27:46 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/10/25 22:27:44 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/10/25 22:27:38 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/10/25 22:27:20 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
MOD - [2008/10/21 15:59:00 | 000,169,984 | ---- | M] () -- C:\Program Files (x86)\RocketDock\Docklets\DigitalClock\DigitalClockDocklet.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2005/10/08 00:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/04 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/10 15:08:05 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/06 16:55:00 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/26 11:26:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/21 00:26:30 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/17 12:19:18 | 000,534,224 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe -- (LDAVService) LANDesk®
SRV - [2010/04/27 08:45:32 | 000,195,072 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/04/22 08:30:52 | 000,480,256 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2010/04/16 07:57:42 | 000,189,952 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/04/03 20:39:48 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/30 09:06:02 | 000,182,272 | ---- | M] (Avocent Corporation ) [Auto | Running] -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/04 13:21:26 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Running] -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe -- (CBA8) LANDesk®
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 01:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2007/08/31 08:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/05 17:50:28 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/12 12:21:32 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/23 15:01:12 | 000,020,480 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ldblank.sys -- (ldblank)
DRV:64bit: - [2009/11/23 15:01:12 | 000,006,656 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mirrorflt.sys -- (mirrorflt)
DRV:64bit: - [2009/11/23 15:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ldmirror.sys -- (ldmirror)
DRV:64bit: - [2009/09/30 21:22:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/04 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/24 15:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/03/09 09:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {4E25A215-70AB-4499-B9A2-6E77D31A464B}
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {4E25A215-70AB-4499-B9A2-6E77D31A464B}
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25488

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keasha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keasha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/27 06:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 12:45:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/27 06:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 12:45:46 | 000,000,000 | ---D | M]

[2010/12/21 20:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keasha\AppData\Roaming\mozilla\Extensions
[2012/07/13 22:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions
[2012/06/20 20:59:16 | 000,000,000 | ---D | M] (8 Ultimo) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\{2b6788a0-0ccd-11e1-be50-0800200c9a66}
[2011/12/07 21:01:27 | 000,000,000 | ---D | M] (Open in Private Browsing Mode) -- C:\Users\Keasha\AppData\Roaming\mozilla\Firefox\Profiles\bb64r9ty.default\extensions\jid1-0FHdJAAQ7Nb73Q@jetpack
[2012/02/18 14:54:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/13 18:08:50 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011/10/30 14:20:23 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/02/24 08:30:59 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\KEASHA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BB64R9TY.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI
[2012/06/26 11:26:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/14 21:25:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/26 11:26:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/26 11:26:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [LANDesk Antivirus] C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDav.exe (Avocent Corporation )
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Volume2] C:\Program Files (x86)\Volume2\Volume2.exe (Irza Alexandr)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001..\Run: [Akamai NetSession Interface] C:\Users\Keasha\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4064255400-3659260079-864714468-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D557F61-9324-4EED-9D7C-110E6CAA6393}: DhcpNameServer = 10.200.1.40 10.200.1.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71702822-4CB8-4C00-81D7-00EC664EBD2C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9b8694c2-540d-11df-94a2-00269e3b722c}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8694c2-540d-11df-94a2-00269e3b722c}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 22:37:08 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/07/13 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/13 22:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/07/13 21:30:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/13 21:24:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/13 21:23:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/13 20:33:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/13 11:47:42 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Malwarebytes
[2012/07/13 11:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 11:47:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 11:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 11:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 20:34:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
[2012/07/12 18:11:25 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\SpeedyPC Software
[2012/07/12 18:11:25 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\DriverCure
[2012/07/12 18:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/11 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Carbon
[2012/07/06 19:43:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/01 00:46:05 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Local\APN
[2012/07/01 00:45:49 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012/07/01 00:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/06/30 23:33:55 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2012/06/30 23:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2012/06/30 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Documents\Image-Line
[2012/06/30 23:33:33 | 001,554,944 | ---- | C] (HMS http://hp.vector.co....thors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm
[2012/06/30 23:33:32 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012/06/30 23:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2012/06/30 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2012/06/29 10:06:36 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Documents\Manga
[2012/06/29 09:52:24 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Quivi
[2012/06/29 09:47:45 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quivi
[2012/06/29 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\Keasha\Quivi
[2012/06/24 20:24:51 | 000,000,000 | ---D | C] -- C:\Users\Keasha\LDClient
[2012/06/21 11:20:16 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 11:20:16 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 11:20:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 11:19:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 11:19:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/18 02:28:17 | 000,000,000 | ---D | C] -- C:\Users\Keasha\AppData\Local\Macromedia
[2012/06/15 03:04:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/15 03:04:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/15 03:04:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/15 03:04:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/15 03:04:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/15 03:04:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/15 03:04:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/15 03:04:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/15 03:04:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/15 03:04:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/15 03:04:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/15 03:04:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/15 03:04:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 11:51:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 11:51:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 11:51:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 11:51:42 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 11:51:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 11:51:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 11:51:27 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 11:50:30 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 11:50:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/07/13 23:34:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001UA.job
[2012/07/13 23:19:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 23:19:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 23:13:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 23:12:26 | 000,000,953 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/13 23:10:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/13 23:09:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 23:09:36 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 17:34:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001Core.job
[2012/07/13 11:47:16 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 20:34:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Keasha\Desktop\OTL.exe
[2012/07/11 21:19:07 | 000,009,036 | ---- | M] () -- C:\Users\Keasha\.recently-used.xbel
[2012/07/10 09:20:32 | 000,779,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/10 09:20:32 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/10 09:20:32 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 16:53:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKeasha.job
[2012/07/05 00:16:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/05 00:16:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 00:45:49 | 000,001,138 | ---- | M] () -- C:\Users\Public\Documents\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/19 20:58:32 | 000,000,094 | ---- | M] () -- C:\Users\Keasha\webct_upload_applet.properties
[2012/06/15 17:02:28 | 000,547,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/13 11:47:16 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 21:19:07 | 000,009,036 | ---- | C] () -- C:\Users\Keasha\.recently-used.xbel
[2012/07/04 22:11:32 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKeasha.job
[2012/07/01 00:45:49 | 000,001,138 | ---- | C] () -- C:\Users\Public\Documents\ASIO4ALL v2 Instruction Manual.lnk
[2012/06/19 20:58:32 | 000,000,094 | ---- | C] () -- C:\Users\Keasha\webct_upload_applet.properties
[2012/05/07 09:37:02 | 000,000,419 | ---- | C] () -- C:\Users\Keasha\.gtk-bookmarks
[2012/04/10 20:45:16 | 000,007,606 | ---- | C] () -- C:\Users\Keasha\AppData\Local\Resmon.ResmonCfg
[2012/01/15 20:30:46 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012/01/15 20:30:44 | 000,112,688 | ---- | C] () -- C:\Windows\SysWow64\shw32.dll
[2012/01/01 22:11:34 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/04 19:21:41 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/13 10:13:58 | 523,522,685 | ---- | C] () -- C:\Users\Keasha\Archive.7z
[2011/01/04 16:53:17 | 000,001,854 | ---- | C] () -- C:\Users\Keasha\AppData\Roaming\GhostObjGAFix.xml
[2010/10/28 22:46:55 | 002,440,206 | ---- | C] () -- C:\Users\Keasha\AppData\Local\[j0019]-[p02].bmp
[2010/10/28 22:46:53 | 002,440,206 | ---- | C] () -- C:\Users\Keasha\AppData\Local\[j0019]-[p01].bmp
[2010/03/25 12:41:55 | 000,006,656 | ---- | C] () -- C:\Users\Keasha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 14:05:15 | 000,008,400 | ---- | C] () -- C:\Users\Keasha\AppData\Roaming\wklnhst.dat
[2009/09/07 04:44:21 | 000,000,953 | ---- | C] () -- C:\ProgramData\hpqp.ini

< End of report >


Alright here's the problem after I ran combofix it would not let me use any programs so I transferred the log to a usb and used system restore here is that log:

omboFix 12-07-13.03 - Keasha 07/13/2012 23:56:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1501 [GMT -4:00]
Running from: c:\users\Keasha\Desktop\ComboFix.exe
AV: LANDesk Antivirus client *Enabled/Updated* {DF122C4A-2ECB-7E3B-74FC-5564E495A6A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\ChromeSetSearchInBrowser.exe
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\unins000.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Public\invokesi.exe
.
---- Previous Run -------
.
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\blinkxss.exe
c:\program files (x86)\Blinkx\blinkxstop.exe
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\ChromeSetSearchInBrowser.exe
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\Public\invokesi.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 04:07 . 2012-07-14 04:07 -------- d-----w- c:\users\FAMILY\AppData\Local\temp
2012-07-14 04:07 . 2012-07-14 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 02:37 . 2009-03-18 21:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-14 02:37 . 2012-07-14 02:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-14 00:33 . 2012-07-14 00:33 -------- d-----w- C:\_OTL
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\users\Keasha\AppData\Roaming\Malwarebytes
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 15:47 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\SpeedyPC Software
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\DriverCure
2012-07-12 22:10 . 2012-07-14 00:05 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-12 00:37 . 2012-07-12 00:37 -------- d-----w- c:\users\Keasha\AppData\Roaming\Carbon
2012-07-06 23:43 . 2012-07-06 23:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-01 04:46 . 2012-07-01 04:46 -------- d-----w- c:\users\Keasha\AppData\Local\APN
2012-07-01 04:45 . 2012-07-01 04:45 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\VstPlugins
2012-07-01 03:33 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-07-01 03:33 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Outsim
2012-07-01 03:28 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Image-Line
2012-06-29 13:52 . 2012-06-29 14:24 -------- d-----w- c:\users\Keasha\AppData\Roaming\Quivi
2012-06-29 13:47 . 2012-06-29 13:47 -------- d-----w- c:\users\Keasha\Quivi
2012-06-26 15:26 . 2012-06-26 15:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 15:26 . 2012-06-26 15:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 00:24 . 2012-06-25 00:26 -------- d-----w- c:\users\Keasha\LDClient
2012-06-21 15:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 06:28 . 2012-06-18 06:28 -------- d-----w- c:\users\Keasha\AppData\Local\Macromedia
2012-06-14 15:51 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 15:51 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 15:51 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 15:51 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 15:51 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 15:51 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 15:51 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 15:51 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 15:51 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 15:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 15:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 15:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 15:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 15:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 15:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 15:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 15:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 04:16 . 2012-04-19 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 04:16 . 2011-05-12 23:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 04:04 . 2012-07-05 03:13 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AAFC2D7-CD3F-4A44-83ED-76081041CEF5}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-04 3077528]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\Keasha\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"LANDesk Antivirus"="c:\program files (x86)\LANDesk\LDClient\antivirus\LDav.exe" [2010-06-09 845312]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Volume2"="c:\program files (x86)\Volume2\Volume2.exe" [2011-06-28 1249280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2537400]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2009-11-23 20480]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va005;X6va005;c:\users\Keasha\AppData\Local\Temp\005DE96.tmp [x]
R3 X6va006;X6va006;c:\users\Keasha\AppData\Local\Temp\0064E89.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CBA8;LANDesk® Management Agent;c:\program files (x86)\LANDesk\Shared Files\residentagent.exe [2009-11-04 147456]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2010-04-27 195072]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files (x86)\LANDesk\LDClient\tmcsvc.exe [2010-03-30 182272]
S2 LDAVService;LANDesk® Antivirus;c:\program files (x86)\LANDesk\LDClient\antivirus\avservice.exe [2010-06-17 534224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files (x86)\LANDesk\LDClient\softmon.exe [2011-10-19 403632]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2009-11-23 5120]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2009-11-23 6656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001Core.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001UA.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2011-04-24 c:\windows\Tasks\HPCeeScheduleForFAMILY.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-07-06 c:\windows\Tasks\HPCeeScheduleForKeasha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25488
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Keasha\AppData\Roaming\Mozilla\Firefox\Profiles\bb64r9ty.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 36e2560e-360f-4c58-832e-1c28de0d8e0f
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Keasha\AppData\Local\Temp\005DE96.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Keasha\AppData\Local\Temp\0064E89.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\LANDesk\LDClient\collector.exe
c:\program files (x86)\LANDesk\LDClient\localsch.exe
c:\windows\SysWOW64\CBA\pds.exe
c:\progra~2\LANDesk\LDClient\issuser.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\LANDesk\LDClient\antivirus\kavehost.exe
c:\progra~2\LANDesk\LDClient\rcgui.exe
c:\program files (x86)\LANDesk\LDClient\LDIScn32.EXE
.
**************************************************************************
.
Completion time: 2012-07-14 00:22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 04:22
.
Pre-Run: 41,884,442,624 bytes free
Post-Run: 40,974,589,952 bytes free
.
- - End Of File - - 73257C1438F5B47666CAA324AE9D4F61
  • 0

#5
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
If you get this error:

Illegal operation attempted on a registry key that has been marked for deletion.


after running ComboFix then don't worry because it is a known issue that sometimes happens after running ComboFix. Restoring your computer will also restore any malware that was present at the time the restore point is created. The solution to this problem is to simply restart your computer.


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File:: 
c:\users\Keasha\AppData\Local\Temp\005DE96.tmp
c:\users\Keasha\AppData\Local\Temp\0064E89.tmp
c:\windows\SysWOW64\Drivers\X6va008
 
Driver::
X6va005
X6va006 
X6va008

Registry::
[-HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}]

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:25488

Firefox::
FF - ProfilePath - c:\users\Keasha\AppData\Roaming\Mozilla\Firefox\Profiles\bb64r9ty.default\
FF - user.js: extentions.y2layers.installId - 36e2560e-360f-4c58-832e-1c28de0d8e0f
FF - user.js: extentions.y2layers.defaultEnableAppsList - BestVideoDownloader,BestVideoDownloader,


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Things I want to see in your next reply

  • ComboFix.txt

  • 0

#6
Proz

Proz

    New Member

  • Member
  • Pip
  • 5 posts
Thanks for clearing that up :D

here is that log:


ComboFix 12-07-14.01 - Keasha 07/14/2012 22:44:18.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1346 [GMT -4:00]
Running from: c:\users\Keasha\Desktop\ComboFix.exe
Command switches used :: c:\users\Keasha\Desktop\CFScript.txt
AV: LANDesk Antivirus client *Disabled/Updated* {DF122C4A-2ECB-7E3B-74FC-5564E495A6A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Keasha\AppData\Local\Temp\005DE96.tmp"
"c:\users\Keasha\AppData\Local\Temp\0064E89.tmp"
"c:\windows\SysWOW64\Drivers\X6va008"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Legacy_X6VA008
-------\Service_X6va005
-------\Service_X6va006
-------\Service_X6va008
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 02:56 . 2012-07-15 02:56 -------- d-----w- c:\users\FAMILY\AppData\Local\temp
2012-07-15 02:56 . 2012-07-15 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 02:37 . 2009-03-18 21:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-14 02:37 . 2012-07-14 02:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-14 00:33 . 2012-07-14 00:33 -------- d-----w- C:\_OTL
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\users\Keasha\AppData\Roaming\Malwarebytes
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 15:47 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\SpeedyPC Software
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\DriverCure
2012-07-12 22:10 . 2012-07-14 00:05 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-12 00:37 . 2012-07-12 00:37 -------- d-----w- c:\users\Keasha\AppData\Roaming\Carbon
2012-07-06 23:43 . 2012-07-06 23:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-01 04:46 . 2012-07-14 04:51 -------- d-----w- c:\program files (x86)\Ask.com
2012-07-01 04:46 . 2012-07-01 04:46 -------- d-----w- c:\users\Keasha\AppData\Local\APN
2012-07-01 04:45 . 2012-07-01 04:45 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\VstPlugins
2012-07-01 03:33 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-07-01 03:33 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Outsim
2012-07-01 03:28 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Image-Line
2012-06-29 13:52 . 2012-06-29 14:24 -------- d-----w- c:\users\Keasha\AppData\Roaming\Quivi
2012-06-29 13:47 . 2012-06-29 13:47 -------- d-----w- c:\users\Keasha\Quivi
2012-06-26 15:26 . 2012-06-26 15:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 15:26 . 2012-06-26 15:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 00:24 . 2012-06-25 00:26 -------- d-----w- c:\users\Keasha\LDClient
2012-06-21 15:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 06:28 . 2012-06-18 06:28 -------- d-----w- c:\users\Keasha\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 04:16 . 2012-04-19 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 04:16 . 2011-05-12 23:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 04:04 . 2012-07-05 03:13 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AAFC2D7-CD3F-4A44-83ED-76081041CEF5}\mpengine.dll
2012-05-15 01:32 . 2012-06-14 15:51 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-14 15:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 15:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 15:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 15:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 15:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 15:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 15:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 15:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 15:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 15:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 15:50 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 15:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 15:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 15:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_02.20.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 02:14 . 2012-07-15 02:36 72430 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 03:01 65578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-27 10:30 . 2012-07-15 03:01 17842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4064255400-3659260079-864714468-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-07-15 02:43 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-15 02:59 . 2012-07-15 03:03 4913 c:\windows\Temp\sdk8\Report\g_objid.dat
+ 2012-07-15 02:59 . 2012-07-15 03:03 6639 c:\windows\Temp\sdk8\Report\g_objdt.dat
+ 2012-07-15 02:59 . 2012-07-15 03:03 3344 c:\windows\Temp\sdk8\Report\g_objbt.dat
+ 2012-07-15 02:58 . 2012-07-15 02:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-15 02:18 . 2012-07-15 02:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 02:58 . 2012-07-15 02:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 02:18 . 2012-07-15 02:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-15 02:55 . 2012-07-15 02:59 196608 c:\windows\Temp\sfdb.dat
- 2012-07-15 02:14 . 2012-07-15 02:14 196608 c:\windows\Temp\sfdb.dat
- 2012-07-15 02:14 . 2012-07-15 02:14 262144 c:\windows\Temp\iswift.dat
+ 2012-07-15 02:55 . 2012-07-15 02:55 262144 c:\windows\Temp\iswift.dat
+ 2009-07-14 05:01 . 2012-07-15 02:57 473752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-15 02:17 473752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-15 02:25 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-24 00:01 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-08-17 05:43 . 2012-07-15 02:57 1053256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-04 3077528]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\Keasha\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"LANDesk Antivirus"="c:\program files (x86)\LANDesk\LDClient\antivirus\LDav.exe" [2010-06-09 845312]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Volume2"="c:\program files (x86)\Volume2\Volume2.exe" [2011-06-28 1249280]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2537400]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2009-11-23 20480]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CBA8;LANDesk® Management Agent;c:\program files (x86)\LANDesk\Shared Files\residentagent.exe [2009-11-04 147456]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2010-04-27 195072]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files (x86)\LANDesk\LDClient\tmcsvc.exe [2010-03-30 182272]
S2 LDAVService;LANDesk® Antivirus;c:\program files (x86)\LANDesk\LDClient\antivirus\avservice.exe [2010-06-17 534224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files (x86)\LANDesk\LDClient\softmon.exe [2011-10-19 403632]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2009-11-23 5120]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2009-11-23 6656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001Core.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001UA.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2011-04-24 c:\windows\Tasks\HPCeeScheduleForFAMILY.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-07-06 c:\windows\Tasks\HPCeeScheduleForKeasha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
"combofix"="c:\combofix\CF11906.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.searchcompletion.com/?si=10208&home=1
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10208&home=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Keasha\AppData\Roaming\Mozilla\Firefox\Profiles\bb64r9ty.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10208&q=
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\LANDesk\LDClient\collector.exe
c:\program files (x86)\LANDesk\LDClient\localsch.exe
c:\windows\SysWOW64\CBA\pds.exe
c:\progra~2\LANDesk\LDClient\issuser.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\LANDesk\LDClient\antivirus\kavehost.exe
c:\progra~2\LANDesk\LDClient\rcgui.exe
.
**************************************************************************
.
Completion time: 2012-07-14 23:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 03:11
ComboFix2.txt 2012-07-15 02:32
ComboFix3.txt 2012-07-14 04:22
.
Pre-Run: 41,948,651,520 bytes free
Post-Run: 41,336,954,880 bytes free
.
- - End Of File - - 9777E9492F969EBB83A4BDEF0C64E738
  • 0

#7
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
How is your system running? Are you experiencing any problems?


Step 1

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder:: 
c:\program files (x86)\Ask.com
 
Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
 
DDS::
uStart Page = hxxp://search.searchcompletion.com/?si=10208&home=1
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10208&home=1

Firefox::
FF - ProfilePath - c:\users\Keasha\AppData\Roaming\Mozilla\Firefox\Profiles\bb64r9ty.default\
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10208&q=


Save this as CFScript.txt, in the same location as ComboFix.exe.


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • ComboFix.txt
  • MBAM Log
  • log.txt

  • 0

#8
Proz

Proz

    New Member

  • Member
  • Pip
  • 5 posts
Its running smooth :cool:

combo fix:

ComboFix 12-07-16.01 - Keasha 07/17/2012 10:58:37.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1129 [GMT -4:00]
Running from: c:\users\Keasha\Desktop\ComboFix.exe
Command switches used :: c:\users\Keasha\Desktop\CFScript.txt
AV: LANDesk Antivirus client *Disabled/Updated* {DF122C4A-2ECB-7E3B-74FC-5564E495A6A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_1d06.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\users\Keasha\AppData\Local\Temp\nsyDB56.tmp\System.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 16:03 . 2012-07-17 16:03 -------- d-----w- c:\users\FAMILY\AppData\Local\temp
2012-07-17 16:03 . 2012-07-17 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 03:29 . 2012-07-15 03:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-15 03:28 . 2012-07-15 03:28 -------- d-----w- c:\program files (x86)\Oracle
2012-07-15 03:28 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-14 02:37 . 2009-03-18 21:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-14 02:37 . 2012-07-14 02:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-14 00:33 . 2012-07-14 00:33 -------- d-----w- C:\_OTL
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\users\Keasha\AppData\Roaming\Malwarebytes
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-13 15:47 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 15:47 . 2012-07-13 15:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\SpeedyPC Software
2012-07-12 22:11 . 2012-07-12 22:11 -------- d-----w- c:\users\Keasha\AppData\Roaming\DriverCure
2012-07-12 22:10 . 2012-07-14 00:05 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-12 00:37 . 2012-07-12 00:37 -------- d-----w- c:\users\Keasha\AppData\Roaming\Carbon
2012-07-06 23:43 . 2012-07-06 23:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-01 04:46 . 2012-07-01 04:46 -------- d-----w- c:\users\Keasha\AppData\Local\APN
2012-07-01 04:45 . 2012-07-01 04:45 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\VstPlugins
2012-07-01 03:33 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-07-01 03:33 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-07-01 03:33 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Outsim
2012-07-01 03:28 . 2012-07-01 03:33 -------- d-----w- c:\program files (x86)\Image-Line
2012-06-29 13:52 . 2012-06-29 14:24 -------- d-----w- c:\users\Keasha\AppData\Roaming\Quivi
2012-06-29 13:47 . 2012-06-29 13:47 -------- d-----w- c:\users\Keasha\Quivi
2012-06-26 15:26 . 2012-06-26 15:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 15:26 . 2012-06-26 15:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-25 00:24 . 2012-06-25 00:26 -------- d-----w- c:\users\Keasha\LDClient
2012-06-21 15:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 06:28 . 2012-06-18 06:28 -------- d-----w- c:\users\Keasha\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 02:06 . 2010-04-28 02:51 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-05 04:16 . 2012-04-19 10:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 04:16 . 2011-05-12 23:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 04:04 . 2012-07-05 03:13 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AAFC2D7-CD3F-4A44-83ED-76081041CEF5}\mpengine.dll
2012-05-18 02:06 . 2012-06-15 07:04 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-15 07:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-15 07:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:55 . 2012-06-15 07:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:51 . 2012-06-15 07:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-17 22:45 . 2012-06-15 07:04 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-15 07:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-15 07:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-15 07:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-15 07:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-14 15:51 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-04 11:06 . 2012-06-14 15:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 15:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 15:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 15:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 15:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 15:51 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 15:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 15:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 15:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 15:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 15:50 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 15:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 15:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 15:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_02.20.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-17 02:14 . 2012-07-15 03:20 72534 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 16:16 65594 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-27 10:30 . 2012-07-17 16:16 18042 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4064255400-3659260079-864714468-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-07-15 02:43 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-17 16:14 . 2012-07-17 16:18 4971 c:\windows\Temp\sdk8\Report\g_objid.dat
+ 2012-07-17 16:14 . 2012-07-17 16:19 6752 c:\windows\Temp\sdk8\Report\g_objdt.dat
+ 2012-07-17 16:14 . 2012-07-17 16:18 3344 c:\windows\Temp\sdk8\Report\g_objbt.dat
+ 2012-07-17 14:43 . 2012-07-17 14:43 9560 c:\windows\system32\NetworkList\Icons\{53ED812C-EF54-47AB-8501-6119610BA178}_48.bin
+ 2012-07-17 14:43 . 2012-07-17 14:43 4280 c:\windows\system32\NetworkList\Icons\{53ED812C-EF54-47AB-8501-6119610BA178}_32.bin
+ 2012-07-17 14:43 . 2012-07-17 14:43 2456 c:\windows\system32\NetworkList\Icons\{53ED812C-EF54-47AB-8501-6119610BA178}_24.bin
- 2012-07-15 02:18 . 2012-07-15 02:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 16:14 . 2012-07-17 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 16:14 . 2012-07-17 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 02:18 . 2012-07-15 02:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 16:18 . 2012-07-17 16:18 131072 c:\windows\Temp\sfdb.dat
- 2012-07-15 02:14 . 2012-07-15 02:14 262144 c:\windows\Temp\iswift.dat
+ 2012-07-17 16:18 . 2012-07-17 16:18 262144 c:\windows\Temp\iswift.dat
+ 2012-07-15 03:28 . 2012-07-06 02:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-07-15 03:27 . 2012-07-15 03:27 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-07-15 03:27 . 2012-07-15 03:27 174064 c:\windows\SysWOW64\java.exe
+ 2010-01-06 20:13 . 2012-07-17 14:42 357154 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-27 11:31 . 2012-07-17 15:55 506968 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-14 14:25 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 03:06 660530 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-14 14:25 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-15 03:06 121426 c:\windows\system32\perfc009.dat
+ 2009-09-07 08:22 . 2012-07-17 14:51 294912 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-07 08:22 . 2012-07-15 01:35 294912 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-15 02:17 473752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-17 16:13 473752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-15 03:29 . 2012-07-15 03:29 179200 c:\windows\Installer\a8adb.msi
+ 2012-07-15 03:28 . 2012-07-15 03:28 461312 c:\windows\Installer\a8acb.msi
+ 2012-07-14 14:07 . 2012-07-17 14:51 2883584 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-14 14:07 . 2012-07-15 01:35 2883584 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 14:51 7127040 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-15 01:35 7127040 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-06-24 00:01 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-15 02:25 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-08-17 05:43 . 2012-07-17 16:13 1053336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-29 22:39 . 2012-07-17 16:13 9735048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4064255400-3659260079-864714468-1001-8192.dat
- 2010-12-29 22:39 . 2012-07-14 04:08 9735048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4064255400-3659260079-864714468-1001-8192.dat
+ 2012-07-15 03:24 . 2012-07-15 03:24 17379840 c:\windows\Installer\a8ac7.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-04 3077528]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\Keasha\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"LANDesk Antivirus"="c:\program files (x86)\LANDesk\LDClient\antivirus\LDav.exe" [2010-06-09 845312]
"dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"Volume2"="c:\program files (x86)\Volume2\Volume2.exe" [2011-06-28 1249280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Keasha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2537400]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-10-01 35840]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys [2009-11-23 20480]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CBA8;LANDesk® Management Agent;c:\program files (x86)\LANDesk\Shared Files\residentagent.exe [2009-11-04 147456]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2010-04-27 195072]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files (x86)\LANDesk\LDClient\tmcsvc.exe [2010-03-30 182272]
S2 LDAVService;LANDesk® Antivirus;c:\program files (x86)\LANDesk\LDClient\antivirus\avservice.exe [2010-06-17 534224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files (x86)\LANDesk\LDClient\softmon.exe [2011-10-19 403632]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys [2009-11-23 5120]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys [2009-11-23 6656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 00:19]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001Core.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4064255400-3659260079-864714468-1001UA.job
- c:\users\Keasha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 04:01]
.
2011-04-24 c:\windows\Tasks\HPCeeScheduleForFAMILY.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2012-07-06 c:\windows\Tasks\HPCeeScheduleForKeasha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Keasha\AppData\Roaming\Mozilla\Firefox\Profiles\bb64r9ty.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,df,81,4e,73,8e,f9,48,9c,25,b4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\progra~2\LANDesk\LDClient\collector.exe
c:\program files (x86)\LANDesk\LDClient\localsch.exe
c:\windows\SysWOW64\CBA\pds.exe
c:\progra~2\LANDesk\LDClient\issuser.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\LANDesk\LDClient\antivirus\kavehost.exe
c:\progra~2\LANDesk\LDClient\rcgui.exe
c:\program files (x86)\LANDesk\Shared Files\alert.exe
c:\program files (x86)\LANDesk\Shared Files\proxyhost.exe
.
**************************************************************************
.
Completion time: 2012-07-17 12:28:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 16:28
ComboFix2.txt 2012-07-15 03:11
ComboFix3.txt 2012-07-15 02:32
ComboFix4.txt 2012-07-14 04:22
.
Pre-Run: 44,257,378,304 bytes free
Post-Run: 43,608,678,400 bytes free
.
- - End Of File - - 11CB5D7CA01DEF7105B27A0BD071C025

mbam log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Keasha :: PROZDECK [administrator]

Protection: Disabled

7/17/2012 12:36:44 PMs
mbam-log-2012-07-17 (12-36-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242733
Time elapsed: 8 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


net scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6c10daeea6122541aca732ce74629480
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-17 11:47:49
# local_time=2012-07-17 07:47:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 178199 94101237 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=379154
# found=9
# cleaned=9
# scan_time=11081
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Keasha\AppData\Local\Apps\2.0\8KPM2LPJ.08O\E0GEN36T.D36\inst..tion_d0587fc617210d12_0000.0001_fd40a442e685358f\installiqexe.exe probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07132012_203310\C_Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07132012_203310\C_Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul Win32/Adware.Bandoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#9
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START.
Now type Combofix /Uninstall into the Search box and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Files
    C:\Program Files (x86)\Yontoo Layers Runtime
    C:\ProgramData\Tarma Installer
    
    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista/7 users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Open Windows Update.
  • In the left pane, click Change settings.
  • Under Important updates, select Install updates automatically.

Posted Image
Adobe Reader - Make sure you have the latest version of Adobe Reader. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.3.300.265) and Adobe Shockwave Player (11.6.5.635) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start.
  • Type Inetcpl.cpl into the Search box & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#10
Proz

Proz

    New Member

  • Member
  • Pip
  • 5 posts
Thanks for your help :D you really saved me.
  • 0

Advertisement



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured