Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NGINX Browser Hijack [Closed]

Started by cschaaf , Jul 21 2012 06:57 AM

  • This topic is locked This topic is locked

#1
cschaaf
Posted 21 July 2012 - 06:57 AM

cschaaf

    Member

  • Member
  • PipPip
  • 27 posts
Hi everyone!

NGINX has hijacked my browsers. I use Firefox most often and it will frequently redirect me to the NGINX screen when I try to go to Google.com. IE does it too, but not as often (although I don't use it as much). Clearing cookies will help, but it only lasts a few days then it starts overs.

OTL logfile created on: 7/20/2012 9:06:11 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\001\My Documents\My Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 65.54% Memory free
5.29 Gb Paging File | 4.18 Gb Available in Paging File | 79.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 8.30 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
Drive D: | 835.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PACRLL-28FDVL1 | User Name: 001 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 20:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\001\My Documents\My Downloads\OTL.exe
PRC - [2012/07/20 09:16:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/08 22:34:36 | 000,728,064 | ---- | M] (Filipe Lourenço) -- C:\Program Files\BatteryCare\BatteryCare.exe
PRC - [2012/05/22 14:18:00 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\001\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/04/04 01:54:08 | 001,261,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/27 15:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/06/09 15:33:09 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/06/09 15:33:08 | 000,357,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
PRC - [2011/06/09 15:33:07 | 001,893,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/06/09 15:33:07 | 001,459,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/06/09 15:33:06 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/11/12 18:54:30 | 005,145,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/09/29 17:24:48 | 000,275,792 | ---- | M] (1E) -- C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe
PRC - [2010/09/22 11:55:40 | 001,021,272 | ---- | M] (1E) -- C:\Program Files\1E\NightWatchman50\NwmSvc.exe
PRC - [2010/09/22 11:55:40 | 000,276,824 | ---- | M] (1E) -- C:\Program Files\1E\NightWatchman50\NwmCli.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/04/23 11:05:00 | 000,432,268 | ---- | M] () -- C:\Program Files\FolderMenu\FolderMenu.exe
PRC - [2010/04/08 00:20:00 | 000,965,632 | ---- | M] (Rafael Castro) -- C:\Program Files\Index Your Files\iyf.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/05/22 18:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe
PRC - [2008/05/22 18:31:16 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/05/20 17:21:30 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 16:08:35 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2008/01/16 16:08:33 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/01/16 16:08:31 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/06/23 15:03:07 | 000,708,608 | ---- | M] () -- C:\WINDOWS\system32\r_server.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/20 20:19:44 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/20 09:16:05 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/22 14:18:00 | 000,932,528 | ---- | M] () -- C:\Documents and Settings\001\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/04/04 01:54:04 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/13 12:48:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/13 12:46:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/06/13 12:44:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/06/13 12:44:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/13 12:44:17 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/13 12:34:11 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/13 12:34:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/04/23 11:05:00 | 000,432,268 | ---- | M] () -- C:\Program Files\FolderMenu\FolderMenu.exe
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/06/02 12:42:54 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/06/02 12:42:40 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006/04/20 09:34:38 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2004/06/23 15:03:07 | 000,708,608 | ---- | M] () -- C:\WINDOWS\system32\r_server.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe -- (SitCommunicatorV2.0.1)
SRV - [2012/07/20 09:16:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/23 15:00:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/06/09 15:33:08 | 000,357,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/06/09 15:33:07 | 001,893,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/06/09 15:33:06 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Disabled | Stopped] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/09/29 17:24:48 | 000,275,792 | ---- | M] (1E) [Auto | Running] -- C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe -- (WakeUpAgt)
SRV - [2010/09/22 11:55:40 | 001,021,272 | ---- | M] (1E) [Auto | Running] -- C:\Program Files\1E\NightWatchman50\NwmSvc.exe -- (NightWatchman50)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/05/22 18:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe -- (STacSV)
SRV - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/06/23 15:03:07 | 000,708,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\r_server.exe -- (r_server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\kbstuff5.sys -- (kbstuff)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\idisw2km.sys -- (idisw2km)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/04 14:10:10 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120720.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/04 14:10:10 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120720.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/31 15:39:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/30 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/21 14:09:12 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/09 15:33:12 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/06/09 15:33:11 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/06/09 15:33:11 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/06/09 15:33:11 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/06/09 15:33:09 | 000,067,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/06/09 15:33:08 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/06/09 15:33:02 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/06/09 15:33:02 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/06/09 15:33:02 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/06/09 15:33:01 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/09/22 11:55:40 | 000,046,656 | ---- | M] (1E) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NwmSleepless.sys -- (NwmSleepless)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/07/27 04:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 04:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/08/21 07:38:10 | 000,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2008/07/31 22:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/30 17:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/06/02 12:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/02 12:42:50 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2008/05/22 18:32:50 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/20 17:21:26 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/04/04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/01/16 16:08:31 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/04/20 09:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/06/29 20:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/09/24 04:36:28 | 000,075,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPUATA.sys -- (HPUATA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\SearchScopes,DefaultScope = Comcast
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.111
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\001\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\001\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\001\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\001\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/12 10:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/17 21:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 09:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WebEx\Productivity Tools\ [2012/07/20 08:06:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\001\Application Data\Move Networks [2010/12/21 16:59:34 | 000,000,000 | ---D | M]

[2010/06/01 16:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\001\Application Data\Mozilla\Extensions
[2012/07/07 15:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions
[2011/09/16 12:50:56 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/01/03 08:52:20 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/06/02 08:44:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 10:53:51 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/06/02 07:44:55 | 000,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2012/06/26 12:46:32 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/07/02 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/03 12:31:19 | 000,340,684 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\001\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K2CO42YB.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/20 09:16:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/25 14:04:16 | 000,080,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/06/25 14:04:17 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/02/01 15:59:19 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2010/12/17 11:59:51 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/08/31 09:01:07 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/17 17:32:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 17:32:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gears.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\001\Application Data\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\001\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Anesidora = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiffdaigjahnndmjpkccgiklpmhkfckh\1.3.6_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2010/10/08 14:15:17 | 000,000,767 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Telephony Toolbar Services) - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Telephony Toolbar Call Control) - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Telephony Toolbar Call Control) - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O3 - HKLM\..\Toolbar: (Telephony Toolbar Services) - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O4 - HKCU..\Run: [FolderMenu] C:\Program Files\FolderMenu\FolderMenu.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\001\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infuzer.lnk = C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enableinstallerdetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablelua = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablesecureuiapaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233859793989 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269436934573 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {979B3FE4-7C7E-45AD-85E4-5A737690AF53} http://grandslam.cab...ctBehaviors.dll (ContactCTIServer Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFCBF9F8-0F50-11D2-A9F3-0004ACFF1B93} http://comtrac/Comca...cti_control.ocx (CTI_Control Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cable.comcast.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41F1E7D9-0D44-4B23-B04E-7EFB91B0A806}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/05 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 20:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/20 20:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\001\Start Menu\Programs\HiJackThis
[2012/07/20 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Ad-Aware Antivirus
[2012/07/17 16:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\001\Desktop\OrgChart
[2012/07/10 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2012/07/10 07:54:05 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/07/10 07:54:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/07/10 07:54:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/07/10 07:54:05 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/07/10 07:54:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/07/10 07:54:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/07/10 07:54:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/07/10 07:54:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/07/10 07:54:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/07/10 07:54:04 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/07/10 07:54:04 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/07/09 10:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/07/05 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\001\Local Settings\Application Data\BulletProof Software
[2012/07/05 10:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Star Downloader
[2012/07/02 08:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\001\Start Menu\Programs\Google Chrome
[2012/06/27 11:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/06/22 08:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2012/06/22 08:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoHotkey
[2006/12/29 17:15:00 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2006/12/29 17:15:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2006/12/29 17:15:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2006/12/29 17:15:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[245 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 21:06:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 20:53:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job
[2012/07/20 20:29:30 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\001\Desktop\HiJackThis.lnk
[2012/07/20 20:15:45 | 000,000,456 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2012/07/20 20:14:28 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012/07/20 20:12:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/20 20:10:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 20:10:05 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/20 12:53:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job
[2012/07/20 08:06:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 08:02:16 | 000,052,142 | RHS- | M] () -- C:\Documents and Settings\001\ntuser.pol
[2012/07/20 08:00:33 | 000,038,964 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/07/19 11:21:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/14 20:51:28 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 08:49:58 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\001\Desktop\Google Chrome.lnk
[2012/07/13 08:49:58 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\001\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/09 12:19:32 | 000,009,358 | ---- | M] () -- C:\Documents and Settings\001\Local Settings\Application Data\recently-used.xbel
[2012/07/09 10:19:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\001\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/06/29 08:06:50 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\001\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/28 19:45:30 | 006,350,386 | ---- | M] () -- C:\Documents and Settings\001\Desktop\SalesForceContent.swf
[2012/06/27 11:21:27 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/06/27 11:00:32 | 022,259,528 | ---- | M] () -- C:\Documents and Settings\001\Desktop\vlc-2.0.1-win32.exe
[2012/06/27 08:03:34 | 001,239,561 | ---- | M] () -- C:\Documents and Settings\001\Desktop\export.MHTML
[2012/06/24 12:00:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/06/22 08:20:58 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\001\My Documents\AutoHotkey.ahk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[245 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 20:29:30 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\001\Desktop\HiJackThis.lnk
[2012/07/20 20:10:05 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/10 07:54:05 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/07/10 07:54:05 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/07/10 07:54:05 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/07/10 07:54:05 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/07/10 07:54:05 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/07/10 07:54:04 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/07/10 07:54:04 | 000,195,584 | RHS- | C] () -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/07/10 07:54:04 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/07/10 07:54:04 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/07/10 07:54:04 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/07/10 07:54:04 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/07/09 16:59:53 | 006,350,386 | ---- | C] () -- C:\Documents and Settings\001\Desktop\SalesForceContent.swf
[2012/07/09 12:19:32 | 000,009,358 | ---- | C] () -- C:\Documents and Settings\001\Local Settings\Application Data\recently-used.xbel
[2012/07/09 10:19:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\001\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/07/09 10:19:25 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/07/02 08:44:43 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\001\Desktop\Google Chrome.lnk
[2012/07/02 08:44:43 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\001\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/02 08:43:56 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job
[2012/07/02 08:43:56 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job
[2012/06/27 11:21:27 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/06/27 10:59:52 | 022,259,528 | ---- | C] () -- C:\Documents and Settings\001\Desktop\vlc-2.0.1-win32.exe
[2012/06/22 08:20:58 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\001\My Documents\AutoHotkey.ahk
[2011/10/11 11:27:47 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\001\mm.cfg
[2011/08/31 22:42:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/31 22:42:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/12 16:57:43 | 001,220,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-448539723-1801674531-137367-0.dat
[2011/08/12 16:57:41 | 000,280,490 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/12 08:55:12 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/08/12 08:55:12 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2010/11/07 14:34:56 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/10/28 10:02:13 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 23:41:06 | 002,175,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/20 16:49:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 14:00:52 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\001\g2mdlhlpx.exe
[2010/08/03 15:39:52 | 000,057,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/27 04:03:20 | 010,829,656 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 04:03:20 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 04:03:18 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/07/27 03:56:04 | 000,090,411 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/06/17 10:02:22 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\001\.packettracer
[2010/06/01 15:36:19 | 000,052,142 | RHS- | C] () -- C:\Documents and Settings\001\ntuser.pol
[2009/02/05 14:19:44 | 000,038,964 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/07 12:26:00 | 001,129,984 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2006/12/07 12:26:00 | 001,124,864 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt

========== LOP Check ==========

[2011/01/27 03:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2012/07/20 08:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2010/02/23 14:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/28 16:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2010/12/07 10:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/02/26 15:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GSP4
[2010/02/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inbit
[2011/03/24 08:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/02/26 21:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/02/05 17:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011/08/24 19:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palm
[2011/08/02 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2012/02/14 10:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/02/29 19:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/07/17 11:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSA
[2010/12/23 11:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2011/07/03 22:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/17 10:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/02/23 11:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/10 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Ad-Aware Antivirus
[2011/09/29 09:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2010/10/29 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\ATT Connect
[2012/03/12 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Audacity
[2012/07/17 21:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\BatteryCare
[2011/09/21 12:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\BroadSoft
[2011/11/17 10:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\calibre
[2012/02/13 20:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/12/13 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Cramer
[2012/02/10 12:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\DDMSettings
[2012/03/31 13:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Dropbox
[2011/09/16 12:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Garmin
[2012/05/03 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\GSP4
[2012/04/12 14:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\gtk-2.0
[2012/07/09 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\HandBrake
[2010/06/01 16:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Inbit
[2011/09/06 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Jason Robitaille
[2012/02/03 14:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\JasonRobitaille
[2012/07/14 20:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\KeePass
[2010/06/03 14:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Leadertech
[2011/08/22 14:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\lyrify.com
[2011/02/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Notepad++
[2011/01/13 08:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Research In Motion
[2010/12/20 10:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Sling Media
[2012/07/06 14:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Spotify
[2010/09/20 16:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Sublime Text
[2012/07/20 15:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\TeraCopy
[2010/06/01 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Trondent Development Corp
[2012/07/20 12:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\webex
[2009/02/05 14:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\WinBatch
[2010/06/01 15:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Windows Desktop Search
[2010/06/30 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\001\Application Data\Windows Search
[2012/06/24 12:00:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2011/11/16 09:00:21 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >


Any help is greatly appreciated!
  • 0

Advertisements

#2
Render
Posted 25 July 2012 - 03:08 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#3
cschaaf
Posted 25 July 2012 - 06:04 PM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is my ComboFix log.
ComboFix 12-07-26.04 - cschaa001 07/25/2012 19:28:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2040 [GMT -4:00]
Running from: c:\documents and settings\cschaa001\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\cschaa001\g2mdlhlpx.exe
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\24420e0_27292.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\4c24888_47012.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\bf947e8_43461.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0220e0_26401.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0220e0_27351.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0947e8_19552.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0b47e8_18202.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\c0b47e8_18513.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\cec20e0_17021.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\cec20e0_18021.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\d9f4898_25013.pdf
c:\documents and settings\cschaa001\Local Settings\Temporary Internet Files\d9f4898_26181.pdf
c:\documents and settings\cschaa001\Recent\Thumbs.db
c:\documents and settings\cschaa001_old2\g2mdlhlpx.exe
C:\Install.exe
c:\program files\Internet Explorer\SET785.tmp
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\SET67A.tmp
c:\windows\system32\_004634_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004637_.tmp.dll
c:\windows\system32\_004644_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004646_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004649_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004651_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004654_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004660_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004668_.tmp.dll
c:\windows\system32\_004669_.tmp.dll
c:\windows\system32\_004671_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\_004674_.tmp.dll
c:\windows\system32\_004676_.tmp.dll
c:\windows\system32\_004677_.tmp.dll
c:\windows\system32\_004678_.tmp.dll
c:\windows\system32\_004679_.tmp.dll
c:\windows\system32\_004680_.tmp.dll
c:\windows\system32\_004683_.tmp.dll
c:\windows\system32\_004684_.tmp.dll
c:\windows\system32\_004685_.tmp.dll
c:\windows\system32\_004686_.tmp.dll
c:\windows\system32\_004687_.tmp.dll
c:\windows\system32\_004692_.tmp.dll
c:\windows\system32\_004694_.tmp.dll
c:\windows\system32\_004695_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\Quick Launch
c:\windows\system32\r_server.exe
c:\windows\system32\raddrv.dll
c:\windows\system32\SET13D8.tmp
c:\windows\system32\SET13DB.tmp
c:\windows\system32\SET13E3.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CE.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3FD.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_r_server
-------\Service_r_server
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-24 14:00 . 2012-07-24 14:01 -------- d-----w- C:\starflt
2012-07-24 12:33 . 2012-07-25 17:55 -------- d-----w- C:\dosprogs
2012-07-24 12:01 . 2012-07-24 12:01 -------- d-----w- c:\documents and settings\cschaa001\Local Settings\Application Data\DOSBox
2012-07-24 12:00 . 2012-07-25 19:28 -------- d-----w- c:\program files\DOSBox-0.74
2012-07-21 00:29 . 2012-07-21 00:29 388096 ----a-r- c:\documents and settings\cschaa001\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-21 00:29 . 2012-07-21 00:29 -------- d-----w- c:\program files\Trend Micro
2012-07-21 00:06 . 2012-07-21 00:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-07-09 14:19 . 2012-07-09 14:19 -------- d-----w- c:\program files\Belarc
2012-07-09 14:19 . 2011-08-09 21:33 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-07-05 14:48 . 2012-07-05 14:48 -------- d-----w- c:\documents and settings\cschaa001\Local Settings\Application Data\BulletProof Software
2012-07-05 14:39 . 2012-07-06 23:30 -------- d-----w- c:\program files\Star Downloader
2012-07-02 12:19 . 2012-07-02 12:19 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-28 14:56 . 2012-06-28 14:56 -------- d-----w- c:\documents and settings\jcopti001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-21 00:19 . 2012-04-05 16:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-21 00:19 . 2011-05-19 11:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-02 12:19 . 2010-02-09 14:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 12:19 . 2010-05-06 11:55 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-13 17:40 . 2011-09-21 15:00 230808 ----a-r- c:\windows\system32\cpnprt2.cid
2006-12-29 21:15 . 2006-12-29 21:15 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2006-12-29 21:15 . 2006-12-29 21:15 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 21:15 . 2006-12-29 21:15 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2006-12-29 21:15 . 2006-12-29 21:15 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2012-06-25 18:04 . 2010-08-31 13:01 80184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2012-06-25 18:04 . 2010-08-31 13:01 586040 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2011-02-01 19:59 . 2011-02-01 19:59 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-12-17 15:59 . 2010-12-17 15:59 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-07-20 13:16 . 2011-05-07 17:13 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2012-07-09 728064]
"FolderMenu"="c:\program files\FolderMenu\FolderMenu.exe" [2010-04-23 432268]
"Spotify Web Helper"="c:\documents and settings\cschaa001\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-01-16 176128]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-05-20 466944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-22 442467]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-15 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-15 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-15 150040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2010-11-12 5145952]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-06-09 115624]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2010-11-12 5145952]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-2-6 1528880]
Infuzer.lnk - c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe [2010-5-11 278016]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-1-5 813584]
MultiMon Taskbar.lnk - c:\program files\MMTaskbar\MultiMon.exe [2010-4-19 294912]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)
"enablesecureuiapaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
"NoHardwareTab"= 1 (0x1)
"NoChangeAnimation"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\0\0]
"Script"=NortheastAdminRightsLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\0\1]
"Script"=NortheastLogon.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\0]
"Script"=scr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\1]
"Script"=PaCPA_DriveMapping_Script.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\2]
"Script"=KeystoneBGinstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-137367\Scripts\Logon\1\3]
"Script"=runscriptSQL-KEY.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70120\Scripts\Logon\0\0]
"Script"=NoProxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70120\Scripts\Logon\0\1]
"Script"=runscriptEast.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70124\Scripts\Logon\0\0]
"Script"=runscriptSQL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-448539723-1801674531-70124\Scripts\Logon\0\1]
"Script"=NoProxy.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SlingAgentService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [6/1/2012 9:08 AM 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [6/1/2012 9:08 AM 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/26/2011 2:23 PM 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [6/1/2012 9:08 AM 217976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [5/3/2012 6:37 PM 1226096]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 10:41 PM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 10:41 PM 21352]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/5/2012 8:26 AM 10384]
R2 NightWatchman50;NightWatchman50;c:\program files\1E\NightWatchman50\NwmSvc.exe [9/22/2010 11:55 AM 1021272]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 4:35 PM 61440]
R2 NwmSleepless;NwmSleepless;c:\windows\system32\drivers\NwmSleepless.sys [1/27/2011 2:19 AM 46656]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [12/19/2011 1:20 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/1/2012 9:08 AM 77816]
R2 WakeUpAgt;1E WakeUp Agent;c:\program files\1E\WakeUp\Agent\WakeUpAgt.exe [9/29/2010 5:24 PM 275792]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2/5/2009 2:10 PM 108160]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2/5/2009 2:31 PM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2/5/2009 2:17 PM 244368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2012 8:02 AM 106656]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/5/2009 2:21 PM 110080]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [6/1/2012 9:08 AM 94584]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [7/26/2008 5:30 PM 14416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 1:20 PM 136176]
S2 SitCommunicatorV2.0.1;SitCommunicatorV2.0.1;"c:\program files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe" --> c:\program files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [6/9/2011 3:33 PM 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2010 1:20 PM 136176]
S3 HPUATA;HP CD Writer Plus Controller Driver;c:\windows\system32\drivers\HPUATA.sys [9/24/2001 4:36 AM 75776]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/28/2012 1:02 PM 113120]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [6/1/2012 9:08 AM 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [6/1/2012 9:08 AM 93816]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 3:37 PM 517096]
S4 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [11/3/2010 8:19 PM 94024]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 17:20]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-05 17:20]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job
- c:\documents and settings\cschaa001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-02 12:43]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job
- c:\documents and settings\cschaa001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-02 12:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.teamcomcast.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: {EFCBF9F8-0F50-11D2-A9F3-0004ACFF1B93} - hxxp://comtrac/Comcast0607/controls/cti_control.ocx
FF - ProfilePath - c:\documents and settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
HKCU-Run-AdobeBridge - (no file)
SafeBoot-Symantec Antvirus
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 19:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\windows\SYSTEM32\SYSFER.DLL
.
- - - - - - - > 'explorer.exe'(684)
c:\windows\SYSTEM32\SYSFER.DLL
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\inetres.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\1E\NightWatchman50\NWMCLI.EXE
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-07-25 19:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 23:54
.
Pre-Run: 9,332,674,560 bytes free
Post-Run: 10,954,235,904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4239782475EC25D0B3FC575BD734A572

Thanks!

Attached Files


  • 0

#4
Render
Posted 25 July 2012 - 06:47 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Please download on the desktop RogueKiller (by tigzy).
  • Quit all programs.
  • Run RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan.
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop. We can also open it with the Report button.
  • Please copy content of report and post it in your next reply.

  • 0

#5
cschaaf
Posted 25 July 2012 - 07:28 PM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is my RogueKiller report.

Thanks for the help!

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: CSchaa001 [Admin rights]
Mode: Scan -- Date: 07/25/2012 21:25:17

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4B7E -> HOOKED (Unknown @ 0x8A512F90)
SSDT[13] : NtAlertThread @ 0x805D4B2E -> HOOKED (Unknown @ 0x8A513E88)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8ABA -> HOOKED (Unknown @ 0x88F12990)
SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (Unknown @ 0x8A519DD0)
SSDT[43] : NtCreateMutant @ 0x8061769E -> HOOKED (Unknown @ 0x893CD890)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0x8A4EFB00)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FB2 -> HOOKED (Unknown @ 0x8925B950)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9386 -> HOOKED (Unknown @ 0x893CD960)
SSDT[91] : NtImpersonateThread @ 0x805D7802 -> HOOKED (Unknown @ 0x8A512ED0)
SSDT[108] : NtMapViewOfSection @ 0x805B203A -> HOOKED (Unknown @ 0x8930FA10)
SSDT[114] : NtOpenEvent @ 0x8060F04E -> HOOKED (Unknown @ 0x893CD7D0)
SSDT[123] : NtOpenProcessToken @ 0x805EE054 -> HOOKED (Unknown @ 0x8A51AA78)
SSDT[129] : NtOpenThreadToken @ 0x805EE072 -> HOOKED (Unknown @ 0x8A52ECE0)
SSDT[143] : NtQueryDefaultLocale @ 0x80610CF8 -> HOOKED (\SystemRoot\SYSTEM32\Drivers\SysPlant.sys @ 0xA8268280)
SSDT[206] : NtResumeThread @ 0x805D49BA -> HOOKED (Unknown @ 0x89241DF0)
SSDT[213] : NtSetContextThread @ 0x805D173A -> HOOKED (Unknown @ 0x8A52EC20)
SSDT[228] : NtSetInformationProcess @ 0x805CDE8A -> HOOKED (Unknown @ 0x8A52EDB0)
SSDT[229] : NtSetInformationThread @ 0x805CC10E -> HOOKED (Unknown @ 0x8A520F38)
SSDT[253] : NtSuspendProcess @ 0x805D4A82 -> HOOKED (Unknown @ 0x8A500F48)
SSDT[254] : NtSuspendThread @ 0x805D48F4 -> HOOKED (Unknown @ 0x8A513F90)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0x89239950)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (Unknown @ 0x8A520E78)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E48 -> HOOKED (Unknown @ 0x8930F950)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (Unknown @ 0x8925BA20)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x88EEEE28)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980313AS +++++
--- User ---
[MBR] 8b0aa18d931aea5fba38ef17edaf8dbc
[BSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#6
Render
Posted 25 July 2012 - 07:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#7
cschaaf
Posted 26 July 2012 - 05:12 AM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Kaspersky found no detected threats.

Here is the zip file. Thank you!

Attached Files


  • 0

#8
Render
Posted 26 July 2012 - 05:45 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hmmm. And redirects are still there?

Let's see what say MBAM:

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
cschaaf
Posted 26 July 2012 - 07:21 AM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Maybe that's the problem - it isn't happening right NOW. It comes and goes. The last 2 days, Yahoo would redirect. Sometimes a reboot fixes it, sometimes not.

Somewhere in the reboots while running these scans, it must have cleared the issue as I haven't been redirected so far today.

Here is the Malwarebytes scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cschaa001 :: PACRLL-28FDVL1 [administrator]

7/26/2012 8:23:02 AM
mbam-log-2012-07-26 (08-23-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264961
Time elapsed: 43 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Render
Posted 26 July 2012 - 01:37 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
That's good news. We will clear DNS cache now and reset hosts file:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[resethosts]
[emptytemp]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#11
cschaaf
Posted 26 July 2012 - 06:55 PM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hmmm, bad news. I got the redirect again after running the OTL, but this time I got it when I clicked the Add Reply button on this site. I had to use the quick reply box to post this. I am not getting redirected when I go to Google or Yahoo (the two places where I most commonly get it)

Here is the OTL report after the Run Fix:
All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\cschaa001\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cschaa001\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cschaa001\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cschaa001\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cschaa001\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cschaa001\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cschaa001\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cschaa001\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\cschaa001\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\cschaa001\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: cschaa001
->Temp folder emptied: 213029781 bytes
->Temporary Internet Files folder emptied: 1735311909 bytes
->Java cache emptied: 71237819 bytes
->FireFox cache emptied: 212765300 bytes
->Google Chrome cache emptied: 260472040 bytes
->Flash cache emptied: 7669381 bytes

User: cschaa001_old2
->Temp folder emptied: 837957107 bytes
->Temporary Internet Files folder emptied: 811527089 bytes
->Java cache emptied: 155410297 bytes
->FireFox cache emptied: 191198408 bytes
->Flash cache emptied: 7413047 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: jcopti001

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 295046 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181852 bytes
%systemroot%\System32 .tmp files removed: 40897689 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 742025 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 5310053 bytes

Total Files Cleaned = 4,343.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07262012_182415

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\e-min&f=js%2Fcore%2FDefine&f=js%2Futil%2FHelps&f=js%2Fcore%2FControls&f=js%2Fcore%2Fi18n&f=js%2Fwebtrack2&f=lib%2Flui%2Flinkedin_url-min&f=js%2Fglobal_navigation not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\main_2;sz=300x250;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;k[1].htm not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\main_2;sz=450x60;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;kh[1].asx not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\r-min&f=js%2Fcore%2FDefine&f=js%2Futil%2FHelps&f=js%2Fcore%2FControls&f=js%2Fcore%2Fi18n&f=js%2Fwebtrack2&f=lib%2Flui%2Flinkedin_url-min&f=js%2Fglobal_navigation not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\R4A1X56R\full_profile;optout=false;lang=en;v=1;u=31842619;ue=14dp58r7d6hdpls3bqt7op;title=ic;func=it;func=eng;co_id=1702;ind=8;csize=i;csize_num=100000;zip=15147;[1].htm not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\R4A1X56R\main_2;sz=480x70;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;kh[1].asx not found!
File\Folder C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\PH9SKC4E\2Fdragdrop%2Fdragdrop-min&f=js%2Fapps%2FSendMessageDialog&f=js%2Fapps%2FProfileRecommendDialog&f=js%2Fminiprofile_popup&f=js%2Futil%2FToggleClass&f=js%2Fbookmark not found!
C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_e08.dat not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\e-min&f=js%2Fcore%2FDefine&f=js%2Futil%2FHelps&f=js%2Fcore%2FControls&f=js%2Fcore%2Fi18n&f=js%2Fwebtrack2&f=lib%2Flui%2Flinkedin_url-min&f=js%2Fglobal_navigation not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\main_2;sz=300x250;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;k[1].htm not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\main_2;sz=450x60;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;kh[1].asx not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\XG8RA2LV\r-min&f=js%2Fcore%2FDefine&f=js%2Futil%2FHelps&f=js%2Fcore%2FControls&f=js%2Fcore%2Fi18n&f=js%2Fwebtrack2&f=lib%2Flui%2Flinkedin_url-min&f=js%2Fglobal_navigation not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\R4A1X56R\full_profile;optout=false;lang=en;v=1;u=31842619;ue=14dp58r7d6hdpls3bqt7op;title=ic;func=it;func=eng;co_id=1702;ind=8;csize=i;csize_num=100000;zip=15147;[1].htm not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\R4A1X56R\main_2;sz=480x70;mpvid=AASH-2P5Cp6KzNdo;!c=2;k2=3;k2=36;k2=358;k2=1047;kvid=WBcskBB1eNs;shortform=1;k5=3_36_358_1047;k4=36;kpid=2;kga=-1;kgg=-1;kcr=us;kh[1].asx not found!
File C:\Documents and Settings\cschaa001_old2\Local Settings\Temporary Internet Files\Content.IE5\PH9SKC4E\2Fdragdrop%2Fdragdrop-min&f=js%2Fapps%2FSendMessageDialog&f=js%2Fapps%2FProfileRecommendDialog&f=js%2Fminiprofile_popup&f=js%2Futil%2FToggleClass&f=js%2Fbookmark not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6d0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_e08.dat not found!

Registry entries deleted on Reboot...


Here is the report for the Quick Scan:

OTL logfile created on: 7/26/2012 7:24:44 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\cschaa001\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 69.45% Memory free
5.29 Gb Paging File | 4.37 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.50 Gb Free Space | 19.46% Space Free | Partition Type: NTFS
Drive D: | 835.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PACRLL-28FDVL1 | User Name: CSchaa001 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 09:20:57 | 001,192,664 | ---- | M] () -- C:\Documents and Settings\cschaa001\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/20 20:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cschaa001\Desktop\OTL.exe
PRC - [2012/07/20 09:16:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/08 22:34:36 | 000,728,064 | ---- | M] (Filipe Lourenço) -- C:\Program Files\BatteryCare\BatteryCare.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/04/04 01:54:08 | 001,261,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/02/27 15:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/06/09 15:33:09 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/06/09 15:33:08 | 000,357,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
PRC - [2011/06/09 15:33:07 | 001,893,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/06/09 15:33:07 | 001,459,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/06/09 15:33:06 | 001,839,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2010/11/12 18:54:30 | 005,145,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2010/09/29 17:24:48 | 000,275,792 | ---- | M] (1E) -- C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe
PRC - [2010/09/22 11:55:40 | 001,021,272 | ---- | M] (1E) -- C:\Program Files\1E\NightWatchman50\NwmSvc.exe
PRC - [2010/09/22 11:55:40 | 000,276,824 | ---- | M] (1E) -- C:\Program Files\1E\NightWatchman50\NwmCli.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/04/23 11:05:00 | 000,432,268 | ---- | M] () -- C:\Program Files\FolderMenu\FolderMenu.exe
PRC - [2009/11/09 20:54:24 | 000,278,016 | ---- | M] (Trondent Development Corp.) -- C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/05/22 18:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe
PRC - [2008/05/22 18:31:16 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/05/20 17:21:30 | 000,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/16 16:08:35 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2008/01/16 16:08:33 | 000,176,128 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/01/16 16:08:31 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/23 09:20:57 | 001,192,664 | ---- | M] () -- C:\Documents and Settings\cschaa001\Application Data\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/20 09:16:05 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/04 01:54:04 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/13 12:48:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\042658de519bb1e22ec5925092061892\System.Management.ni.dll
MOD - [2011/06/13 12:46:33 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/06/13 12:44:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/06/13 12:44:28 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/06/13 12:44:17 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/06/13 12:34:11 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/06/13 12:34:02 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/04/23 11:05:00 | 000,432,268 | ---- | M] () -- C:\Program Files\FolderMenu\FolderMenu.exe
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2008/06/02 12:42:54 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/06/02 12:42:40 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/04/20 09:34:38 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Comcast\SitCommunicator\SitCommunicatorV2.0.1.exe -- (SitCommunicatorV2.0.1)
SRV - [2012/07/20 09:16:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/23 15:00:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/06/09 15:33:10 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/06/09 15:33:08 | 000,357,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/06/09 15:33:07 | 001,893,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/06/09 15:33:06 | 001,839,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2011/01/19 23:55:06 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Disabled | Stopped] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/09/29 17:24:48 | 000,275,792 | ---- | M] (1E) [Auto | Running] -- C:\Program Files\1E\WakeUp\Agent\WakeUpAgt.exe -- (WakeUpAgt)
SRV - [2010/09/22 11:55:40 | 001,021,272 | ---- | M] (1E) [Auto | Running] -- C:\Program Files\1E\NightWatchman50\NwmSvc.exe -- (NightWatchman50)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/31 22:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 22:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/05/22 18:32:08 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6017v022\WDM\stacsv.exe -- (STacSV)
SRV - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\kbstuff5.sys -- (kbstuff)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\idisw2km.sys -- (idisw2km)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/04 14:10:10 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120725.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/04 14:10:10 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120725.033\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/31 15:39:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/30 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/21 14:11:32 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/07/21 14:09:12 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/09 15:33:12 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2011/06/09 15:33:11 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/06/09 15:33:11 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/06/09 15:33:11 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/06/09 15:33:09 | 000,067,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2011/06/09 15:33:08 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2011/06/09 15:33:02 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/06/09 15:33:02 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/06/09 15:33:02 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/06/09 15:33:01 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/09/22 11:55:40 | 000,046,656 | ---- | M] (1E) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NwmSleepless.sys -- (NwmSleepless)
DRV - [2010/07/27 04:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/27 04:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2010/07/27 04:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 04:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009/06/17 12:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/10/20 20:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/08/21 07:38:10 | 000,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2008/07/31 22:39:26 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/30 17:44:18 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/07/26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/06/02 12:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/02 12:42:50 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2008/05/22 18:32:50 | 001,381,914 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/05/20 17:21:26 | 000,108,160 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/04/04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/01/16 16:08:31 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/04/20 09:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/06/29 20:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/09/24 04:36:28 | 000,075,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPUATA.sys -- (HPUATA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.teamcomcast.com
IE - HKCU\..\SearchScopes,DefaultScope = Comcast
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.111
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\cschaa001\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\cschaa001\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/12 10:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/17 21:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 09:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 08:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WebEx\Productivity Tools\ [2012/07/26 19:25:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\cschaa001\Application Data\Move Networks [2010/12/21 16:59:34 | 000,000,000 | ---D | M]

[2010/06/01 16:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Extensions
[2012/07/25 08:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions
[2011/09/16 12:50:56 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/01/03 08:52:20 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/06/02 08:44:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 10:53:51 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/06/02 07:44:55 | 000,000,000 | ---D | M] (Stealther) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2012/06/26 12:46:32 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\cschaa001\Application Data\Mozilla\Firefox\Profiles\k2co42yb.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/07/02 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/03 12:31:19 | 000,340,684 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CSCHAA001\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\K2CO42YB.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/20 09:16:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/25 14:04:16 | 000,080,184 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/06/25 14:04:17 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2011/02/01 15:59:19 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2010/12/17 11:59:51 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/08/31 09:01:07 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/17 17:32:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 17:32:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gears.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\cschaa001\Application Data\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Anesidora = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiffdaigjahnndmjpkccgiklpmhkfckh\1.3.6_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\cschaa001\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/07/26 18:24:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Telephony Toolbar Services) - {431A60E6-675F-4b9f-B3F0-66E0FECC8B34} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Telephony Toolbar Call Control) - {8F1FF1A7-C048-4d6b-B052-56E42CE427CB} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Telephony Toolbar Call Control) - {6F6690B9-C5DB-4F08-8833-F2EF4DEE956B} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_CC.dll (BroadSoft® Australia Pty Ltd)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll ()
O3 - HKLM\..\Toolbar: (Telephony Toolbar Services) - {F10D927F-D3DF-4734-98AB-DD258253F5FD} - C:\Program Files\Telephony Toolbar\bin\BW_Assistant_Enterprise_IE_S.dll (BroadSoft® Australia Pty Ltd)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [FolderMenu] C:\Program Files\FolderMenu\FolderMenu.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\cschaa001\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infuzer.lnk = C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe (Trondent Development Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe ()
O4 - Startup: C:\Documents and Settings\cschaa001\Start Menu\Programs\Startup\_uninst_65771502.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enableinstallerdetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: enablesecureuiapaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233859793989 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1269436934573 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {979B3FE4-7C7E-45AD-85E4-5A737690AF53} http://grandslam.cab...ctBehaviors.dll (ContactCTIServer Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFCBF9F8-0F50-11D2-A9F3-0004ACFF1B93} http://comtrac/Comca...cti_control.ocx (CTI_Control Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cable.comcast.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41F1E7D9-0D44-4B23-B04E-7EFB91B0A806}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/05 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/26 18:24:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/26 12:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/26 08:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Application Data\Malwarebytes
[2012/07/26 08:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/26 08:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/26 08:21:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/26 08:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/25 21:28:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/25 21:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Desktop\RK_Quarantine
[2012/07/25 21:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\My Documents\Scans
[2012/07/25 19:23:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/25 19:19:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/25 19:19:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/25 19:19:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/25 19:19:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/25 19:11:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 19:11:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cschaa001\Start Menu\Programs\Administrative Tools
[2012/07/25 19:10:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/25 19:07:45 | 004,719,627 | R--- | C] (Swearware) -- C:\Documents and Settings\cschaa001\Desktop\ComboFix.exe
[2012/07/24 11:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Desktop\TmpInstall
[2012/07/24 10:00:26 | 000,000,000 | ---D | C] -- C:\starflt
[2012/07/24 08:33:55 | 000,000,000 | ---D | C] -- C:\dosprogs
[2012/07/24 08:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\DOSBox
[2012/07/24 08:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DOSBox-0.74
[2012/07/24 08:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2012/07/23 20:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\My Documents\Star
[2012/07/20 20:34:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cschaa001\Desktop\OTL.exe
[2012/07/20 20:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/20 20:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Start Menu\Programs\HiJackThis
[2012/07/20 20:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Ad-Aware Antivirus
[2012/07/17 16:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Desktop\OrgChart
[2012/07/10 07:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft
[2012/07/10 07:54:05 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/07/10 07:54:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/07/10 07:54:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/07/10 07:54:05 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/07/10 07:54:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/07/10 07:54:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/07/10 07:54:05 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/07/10 07:54:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/07/10 07:54:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/07/10 07:54:04 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/07/10 07:54:04 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/07/09 10:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/07/05 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\BulletProof Software
[2012/07/05 10:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Star Downloader
[2012/07/02 08:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cschaa001\Start Menu\Programs\Google Chrome
[2006/12/29 17:15:00 | 003,100,672 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2006/12/29 17:15:00 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2006/12/29 17:15:00 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2006/12/29 17:15:00 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/26 18:37:45 | 000,000,456 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2012/07/26 18:35:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 18:34:48 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012/07/26 18:32:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 18:31:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 18:30:50 | 3707,658,240 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 18:24:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/26 16:53:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job
[2012/07/26 16:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/26 12:53:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job
[2012/07/26 12:11:05 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/26 11:21:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/26 08:12:25 | 000,038,964 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/07/26 08:03:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/07/26 07:01:50 | 000,030,504 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\avptool_sysinfo.zip
[2012/07/25 22:27:47 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\cschaa001\Start Menu\Programs\Startup\_uninst_65771502.lnk
[2012/07/25 22:23:44 | 141,917,856 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\setup_11.0.0.1245.x01_2012_07_25_09_01.exe
[2012/07/25 19:47:21 | 000,528,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/25 19:47:21 | 000,097,132 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/25 19:23:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/25 19:08:22 | 004,719,627 | R--- | M] (Swearware) -- C:\Documents and Settings\cschaa001\Desktop\ComboFix.exe
[2012/07/25 09:45:34 | 000,000,241 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\starflt.bat
[2012/07/25 07:56:04 | 000,052,142 | RHS- | M] () -- C:\Documents and Settings\cschaa001\ntuser.pol
[2012/07/24 16:14:16 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 20:34:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cschaa001\Desktop\OTL.exe
[2012/07/20 20:29:30 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\HiJackThis.lnk
[2012/07/13 08:49:58 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\Google Chrome.lnk
[2012/07/13 08:49:58 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\cschaa001\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/09 12:19:32 | 000,009,358 | ---- | M] () -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\recently-used.xbel
[2012/07/09 10:19:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\cschaa001\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/29 08:06:50 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\cschaa001\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/06/28 19:45:30 | 006,350,386 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\SalesForceContent.swf
[2012/06/27 11:00:32 | 022,259,528 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\vlc-2.0.1-win32.exe
[2012/06/27 08:03:34 | 001,239,561 | ---- | M] () -- C:\Documents and Settings\cschaa001\Desktop\export.MHTML

========== Files Created - No Company Name ==========

[2012/07/26 12:11:05 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/26 07:07:48 | 000,030,504 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\avptool_sysinfo.zip
[2012/07/25 22:27:46 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\cschaa001\Start Menu\Programs\Startup\_uninst_65771502.lnk
[2012/07/25 22:09:37 | 141,917,856 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\setup_11.0.0.1245.x01_2012_07_25_09_01.exe
[2012/07/25 19:23:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/25 19:23:07 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/25 19:19:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/25 19:19:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/25 19:19:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/25 19:19:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/25 19:19:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/25 09:45:34 | 000,000,241 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\starflt.bat
[2012/07/20 20:29:30 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\HiJackThis.lnk
[2012/07/20 20:10:05 | 3707,658,240 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/10 07:54:05 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/07/10 07:54:05 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/07/10 07:54:05 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/07/10 07:54:05 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/07/10 07:54:05 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/07/10 07:54:04 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/07/10 07:54:04 | 000,195,584 | RHS- | C] () -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/07/10 07:54:04 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/07/10 07:54:04 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/07/10 07:54:04 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/07/10 07:54:04 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/07/09 16:59:53 | 006,350,386 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\SalesForceContent.swf
[2012/07/09 12:19:32 | 000,009,358 | ---- | C] () -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\recently-used.xbel
[2012/07/09 10:19:27 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\cschaa001\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2012/07/09 10:19:27 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2012/07/09 10:19:25 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/07/02 08:44:43 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\Google Chrome.lnk
[2012/07/02 08:44:43 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\cschaa001\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/02 08:43:56 | 000,000,994 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367UA.job
[2012/07/02 08:43:56 | 000,000,942 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-448539723-1801674531-137367Core.job
[2012/06/27 10:59:52 | 022,259,528 | ---- | C] () -- C:\Documents and Settings\cschaa001\Desktop\vlc-2.0.1-win32.exe
[2011/10/11 11:27:47 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\cschaa001\mm.cfg
[2011/08/31 22:42:24 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/31 22:42:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/12 16:57:43 | 001,220,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-448539723-1801674531-137367-0.dat
[2011/08/12 16:57:41 | 000,280,490 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/12 08:55:12 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011/08/12 08:55:12 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2010/11/07 14:34:56 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/10/28 10:02:13 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\cschaa001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 23:41:06 | 002,175,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/20 16:49:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/03 15:39:52 | 000,057,588 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/17 10:02:22 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\cschaa001\.packettracer
[2010/06/01 15:36:19 | 000,052,142 | RHS- | C] () -- C:\Documents and Settings\cschaa001\ntuser.pol
[2009/02/05 14:19:44 | 000,038,964 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2006/12/07 12:26:00 | 001,129,984 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2006/12/07 12:26:00 | 001,124,864 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt

========== LOP Check ==========

[2011/01/27 03:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E
[2012/07/26 18:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2010/02/23 14:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/02/28 16:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2010/12/07 10:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/02/26 15:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GSP4
[2010/02/09 16:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Inbit
[2011/03/24 08:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/02/26 21:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/02/05 17:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2011/08/24 19:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palm
[2011/08/02 10:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2012/02/14 10:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/02/29 19:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/07/17 11:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSA
[2010/12/23 11:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2011/07/03 22:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/02/17 10:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/02/23 11:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/10 07:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Ad-Aware Antivirus
[2011/09/29 09:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\ahv2.188B8094779BEFAABA1D70C6602409E1C81B16E6.1
[2010/10/29 10:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\ATT Connect
[2012/03/12 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Audacity
[2012/07/17 21:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\BatteryCare
[2011/09/21 12:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\BroadSoft
[2011/11/17 10:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\calibre
[2012/02/13 20:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/12/13 09:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Cramer
[2012/02/10 12:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\DDMSettings
[2012/03/31 13:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Dropbox
[2011/09/16 12:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Garmin
[2012/05/03 15:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\GSP4
[2012/04/12 14:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\gtk-2.0
[2012/07/09 16:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\HandBrake
[2010/06/01 16:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Inbit
[2011/09/06 12:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Jason Robitaille
[2012/02/03 14:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\JasonRobitaille
[2012/07/24 15:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\KeePass
[2010/06/03 14:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Leadertech
[2011/08/22 14:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\lyrify.com
[2011/02/18 15:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Notepad++
[2011/01/13 08:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Research In Motion
[2010/12/20 10:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Sling Media
[2012/07/26 18:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Spotify
[2010/09/20 16:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Sublime Text
[2012/07/26 09:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\TeraCopy
[2010/06/01 15:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Trondent Development Corp
[2012/07/26 12:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\webex
[2009/02/05 14:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\WinBatch
[2010/06/01 15:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Windows Desktop Search
[2010/06/30 11:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cschaa001\Application Data\Windows Search
[2012/06/24 12:00:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#12
Render
Posted 27 July 2012 - 03:54 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You are using Firefox as I see. Sometimes only reinstall helps so please follow the steps below if you feel comfortable with this:

  • Uninstall Firefox
  • Check mark remove my personal data while uninstalling it
  • Reinstall Firefox
Let me know if you still have issues
  • 0

#13
cschaaf
Posted 29 July 2012 - 08:30 PM

cschaaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you.

Where do you think it 'lives' in Firefox? In other words, can I use the Firefox Environment Backup Extension (FEBE) plugin to backup my bookmarks and usernames/passwords? I figure that backing up the cookies is probably a bad idea.

What do you recommend?

Thanks!
  • 0

#14
Render
Posted 30 July 2012 - 02:36 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I don't know where. I'm also not sure this will help but we can try.

Yes, you can backup your bookmarks and usernames/passwords but I don't recommend to backup cookies.
  • 0

#15
Render
Posted 14 August 2012 - 09:19 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP