Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me remove a virus [Closed] [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The files were not harmful. Most likely one of the installed programs created them.
I'm not really seeing what is causing the BitDefender alarms.

Let's look for a file.

Posted Image OTL Custom Scan

I have changed the settings so please read the instructions carefully!

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
atr.exe
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console
  • Do Not click the box beside Scan All Users at the top of the console.
  • Do Not click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

  • 0

Advertisements


#17
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 1/30/2013 12:21:15 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = \\192.168.168.9\Dnload\%MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.82% Memory free
3.77 Gb Paging File | 2.73 Gb Available in Paging File | 72.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.17 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: ATR.EXE >
[2007/01/19 09:44:10 | 000,487,424 | ---- | M] (Individual Software Inc.) MD5=183737E313EEDCA8E89C8FCDF7B6CFAD -- C:\Program Files\AnyTime Deluxe\atr.exe

< End of report >
  • 0

#18
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
The following is what is being caught by Bitdefender and put into Quarantine many times every day.

C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP1\A0000049.dll
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP1\A0000050.dll
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP1\A0000051.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup[1].exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup[1].exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060592.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061496.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061493.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061493.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060589.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060589.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060589.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060589.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060492.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060492.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060492.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060494.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061490.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061490.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061494.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061491.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061491.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061491.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061491.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060376.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061490.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060374.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061491.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060591.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060490.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060588.exe


Thank you for helping,

Docfxit
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Anti-Virus


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ComboFix log
  • 0

#20
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
ComboFix 13-01-31.01 - Gary 01/31/2013 8:55.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1972.793 [GMT -8:00]
Running from: c:\documents and settings\Gary\Desktop\MalwareCleanUp\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1327682970.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327708936.bdinstall.bin
c:\documents and settings\All Users\Application Data\1327718518.bdinstall.bin
c:\documents and settings\All Users\Application Data\1330559400.bdinstall.bin
c:\documents and settings\All Users\Application Data\1330569044.bdinstall.bin
c:\documents and settings\All Users\Application Data\1338559386.bdinstall.bin
c:\documents and settings\All Users\Application Data\1338562424.bdinstall.bin
c:\documents and settings\All Users\Application Data\1338566755.bdinstall.bin
c:\documents and settings\All Users\Application Data\1339543597.bdinstall.bin
c:\documents and settings\All Users\Application Data\1348498180.bdinstall.bin
c:\documents and settings\All Users\Application Data\1348498655.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe
c:\program files\FireFox\plugin-container.exe
c:\program files\FireFox\uninstall\helper.exe
c:\program files\FireFox\updater.exe
c:\program files\tcpview\tcpview.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\isafprod.1
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UVNC_SERVICE
-------\Service_uvnc_service
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-30 17:09 . 2013-01-30 17:09 -------- d-----w- C:\_OTL
2013-01-28 00:13 . 2013-01-28 00:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache
2013-01-28 00:13 . 2013-01-28 00:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion
2013-01-27 06:45 . 2013-01-27 06:45 -------- d-----w- c:\documents and settings\Gary\Application Data\TortoiseSVN
2013-01-27 06:10 . 2013-01-31 17:12 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\TSVNCache
2013-01-27 06:08 . 2013-01-27 06:08 -------- d-----w- c:\documents and settings\Gary\Application Data\Subversion
2013-01-27 06:03 . 2013-01-27 06:03 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2013-01-27 06:03 . 2013-01-27 06:03 -------- d-----w- c:\program files\TortoiseSVN
2013-01-26 22:48 . 2013-01-26 22:49 -------- d-----w- c:\program files\UltraVNC_1.1.8
2013-01-26 16:34 . 2013-01-26 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-01-26 16:34 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-01-26 16:34 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-01-26 16:34 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll
2013-01-26 16:34 . 2013-01-26 16:34 -------- d-----w- c:\program files\QuickTime Alternative
2013-01-26 16:22 . 2013-01-26 16:22 53248 ----a-r- c:\documents and settings\Gary\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-26 16:22 . 2013-01-26 16:22 -------- d-----w- c:\documents and settings\Gary\Local Settings\Application Data\Logishrd
2013-01-26 07:11 . 2013-01-26 07:11 -------- d-----r- c:\program files\Skype
2013-01-26 07:11 . 2013-01-26 07:11 -------- d-----w- c:\program files\Common Files\Skype
2013-01-26 06:43 . 2013-01-26 06:44 -------- d-----w- c:\program files\Wireshark
2013-01-26 06:29 . 2013-01-26 06:29 -------- d-----w- c:\program files\Soluto
2013-01-26 06:14 . 2013-01-26 06:14 -------- d-----w- c:\program files\Macrium
2013-01-26 06:12 . 2013-01-26 06:13 -------- d-----w- c:\documents and settings\Gary\Application Data\ObviousIdea
2013-01-22 16:36 . 2013-01-22 16:36 -------- d-----w- c:\documents and settings\Gary\Application Data\Malwarebytes
2013-01-22 16:36 . 2013-01-22 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-22 16:36 . 2013-01-22 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-22 16:36 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-17 23:04 . 2013-01-17 23:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Subversion
2013-01-17 20:50 . 2013-01-17 20:55 -------- d-----w- c:\program files\SpyTheSpy
2013-01-17 19:19 . 2013-01-12 11:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-10 23:07 . 2013-01-10 23:07 13432 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-01-10 23:06 . 2013-01-10 23:06 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-01-10 23:05 . 2013-01-10 23:05 54904 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-01-08 18:15 . 2013-01-08 18:14 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-08 18:14 . 2013-01-17 19:19 -------- d-----w- c:\program files\Java
2013-01-02 23:45 . 2013-01-02 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2013-01-02 23:44 . 2013-01-02 23:44 -------- d-----w- c:\documents and settings\Gary\Application Data\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-26 16:21 . 2012-08-19 00:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-26 05:26 . 2012-04-01 15:02 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 05:26 . 2011-05-26 20:50 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-10 18:33 . 2012-09-24 19:05 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-01-08 18:14 . 2010-06-03 20:26 779704 -c--a-w- c:\windows\system32\deployJava1.dll
2012-12-12 16:42 . 2011-11-25 21:59 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2012-12-12 16:42 . 2012-02-17 23:45 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-12-12 16:41 . 2012-03-21 03:22 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-11-05 16:06 . 2011-03-12 08:50 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-05 16:06 . 2011-03-12 08:50 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-05 16:06 . 2011-03-12 08:50 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-05 16:06 . 2011-03-12 08:50 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-02-24 11:11 1314816 ----a-w- c:\windows\system32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 03:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 03:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 03:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 03:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyTime Organizer"="c:\program files\AnyTime Deluxe\AtDem.exe" [2006-08-03 36864]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2013-01-09 6326272]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"frymxins"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"TrackPointSrv"="tp4serv.exe" [2002-01-18 176128]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-04-01 2221352]
"StartupDelayer"="c:\program files\Startup Delayer\Startup Launcher.exe" [2012-08-25 1070592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-03-22 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-03-22 15496000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-03-28 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-28 1210640]
"IconSaver"="c:\program files\IconSaver\IconSaver.exe" [2004-01-12 110592]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-12 1199344]
"pdfFactory Pro Dispatcher v2"="c:\windows\system32\spool\drivers\W32X86\3\fppdis4.exe" [2012-07-27 489248]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-27 208896]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launch Programs Now (Hidden).lnk - c:\program files\Startup Delayer\Startup Launcher.exe [2012-8-25 1070592]
SpyTheSpy.lnk - c:\program files\SpyTheSpy\SpyTheSpy.exe [2013-1-17 622592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-05 16:06 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IconSaver.exe.lnk]
backup=c:\windows\pss\IconSaver.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^4t Tray Minimizer.lnk]
backup=c:\windows\pss\4t Tray Minimizer.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^EruntRegistrySave.bat]
backup=c:\windows\pss\EruntRegistrySave.batStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^FileBox eXtender.lnk]
backup=c:\windows\pss\FileBox eXtender.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gary^Start Menu^Programs^Startup^trillian.exe.lnk]
backup=c:\windows\pss\trillian.exe.lnkStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"DWQueuedReporting"=; c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t
"AnyTime Organizer"=c:\program files\AnyTime Deluxe\AtDem.exe
"Uniblue ProcessQuickLink 2"="c:\program files\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"frymxins"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"SMSI Loader"="c:\program files\Common Files\Smith Micro Shared\FAX\SMLoader.exe" /PRNDRV
"WinVNC"="c:\program files\UltraVNC\WinVNC.exe" -servicehelper
"Client Access Service"="c:\program files\Client Access\cwbsvstr.exe"
"FtLnSOP_setup"=c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
"AdobeCS4ServiceManager"=;"c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"FJTWAIN Setup"=c:\windows\Twain_32\fjscan32\FjtwMkup.exe /Station
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"FTPWRENV"=c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"BigDogPath323Domino"=c:\windows\Domino.exe
"pdfFactory Dispatcher v2"=c:\windows\system32\spool\drivers\W32X86\3\fppdis4.exe
"ScanSoft OmniPage 16-reminder"=c:\documents and settings\All Users\Application Data\ScanSoft\OmniPage 18\Ereg\Ereg.ini
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Talk"="c:\program files\NCH Swift Sound\Talk\talk.exe" -logon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\AboutTime\\AboutTime.exe"=
"c:\\Program Files\\Port Detective\\PBDClient.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\WebDrive\\webdrive.exe"=
"c:\\Program Files\\WebDrive\\wdService.exe"=
"c:\\Program Files\\PCmover\\pcmover.exe"=
"c:\\Program Files\\MyLanViewer\\MyLanViewer.exe"=
"c:\\Excursion9.5\\mIRC.ExCurSioN.exe"=
"c:\\Program Files\\Pumpkin\\PumpKIN.exe"=
"c:\\Program Files\\EnGenius\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickBooks 2012\\QBDBMgrN.exe"=
"c:\\Program Files\\OmniPage18\\OmniPage18.exe"=
"c:\\Program Files\\OmniPage18\\PPMV.exe"=
"c:\\Program Files\\OmniPage18\\Ereg\\Ereg.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Dnload\\solutoinstaller-_wGf57ZsCa4g.exe"=
"c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC™.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Gary\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\UltraVNC_1.0.9.6.2\\vncviewer.exe"=
"c:\\Program Files\\RPM\\RpmSrv.exe"=
"c:\\Dnload\\SpywareRemovers\\Soluto 1.3.1122.0solutoinstaller.exe"=
"c:\\Program Files\\Soluto\\SolutoCleanup.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\UltraVNC_1.1.8\\vncviewer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9220:TCP"= 9220:TCP:HP 9220
"9500:TCP"= 9500:TCP:Hp 9500
"9290:TCP"= 9290:TCP:HP 9290
"161:UDP"= 161:UDP:Hp 161
"427:UDP"= 427:UDP:Hp 427
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"5901:TCP"= 5901:TCP:UltraVNCTCP5901
"5902:TCP"= 5902:TCP:UltraVNCTCP5902
"5903:TCP"= 5903:TCP:UltraVNCTCP5903
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"5500:TCP"= 5500:TCP:vnc5500
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Express Talk RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Express Talk RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Express Talk RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Express Talk RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Express Talk RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Express Talk RTP Incoming Audio (UDP)
"5060:UDP"= 5060:UDP:Express Talk Sip Incoming Calls (UDP)
"8585:TCP"= 8585:TCP:Port Tester 8585
"5060:TCP"= 5060:TCP:Express Talk 5060 tcp
"5070:UDP"= 5070:UDP:Express Talk Sip Incoming Calls (UDP) 5070
"8010:UDP"= 8010:UDP:Express Talk RTP Incoming Audio (UDP) 8010
"8011:UDP"= 8011:UDP:Express Talk RTP Incoming Audio (UDP) 8011
"8012:UDP"= 8012:UDP:Express Talk RTP Incoming Audio (UDP) 8012
"8013:UDP"= 8013:UDP:Express Talk RTP Incoming Audio (UDP) 8013
"8014:UDP"= 8014:UDP:Express Talk RTP Incoming Audio (UDP) 8014
"8015:UDP"= 8015:UDP:Express Talk RTP Incoming Audio (UDP) 8015
"8016:UDP"= 8016:UDP:Express Talk RTP Incoming Audio (UDP) 8016
"8017:UDP"= 8017:UDP:Express Talk RTP Incoming Audio (UDP) 8017
"8018:UDP"= 8018:UDP:Express Talk RTP Incoming Audio (UDP) 8018
"8019:UDP"= 8019:UDP:Express Talk RTP Incoming Audio (UDP) 8019
"8020:UDP"= 8020:UDP:Express Talk RTP Incoming Audio (UDP) 8020
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [3/20/2012 7:22 PM 622616]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/10/2013 3:06 PM 16504]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [9/24/2012 11:05 AM 51144]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [5/31/2011 6:27 AM 21504]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/16/2010 12:44 PM 20592]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys [10/3/2011 8:15 AM 25984]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [5/30/2011 12:58 AM 13680]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 3:03 AM 82200]
R1 SMDRV;SMDRV;c:\windows\system32\drivers\SMDRV.SYS [1/21/2011 9:58 AM 3584]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [7/19/2002 2:23 PM 16384]
R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [6/3/2010 1:39 PM 25704]
R2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [9/17/2009 6:40 PM 75048]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [7/5/2010 1:20 PM 20072]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\Fjscan32\FJTWMKSV.exe [7/20/2011 3:42 PM 36864]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Intuit Entitlement Service v6.0;Intuit Entitlement Service v6.0;c:\program files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe [6/2/2009 12:49 PM 20480]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 4:53 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/18/2012 4:50 PM 12216]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CamMute.exe [5/30/2011 12:57 AM 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [5/30/2011 12:58 AM 45496]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/8/2010 1:11 PM 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 3:40 PM 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 9:07 AM 35088]
R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 6:40 PM 119792]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 8:31 PM 1248256]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/10/2013 3:05 PM 225400]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [12/10/2012 10:00 AM 13880]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [5/31/2011 6:25 AM 45056]
R2 rpm;RPM Remote Print Manager Select;c:\program files\RPM\RpmSrv.exe [9/12/2011 4:48 PM 3981312]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 12:47 PM 12560]
R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [1/10/2013 11:09 AM 166896]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [1/10/2013 11:09 AM 547312]
R2 ToolTipFixer;ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [10/14/2008 9:33 AM 61952]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [5/30/2011 12:58 AM 130920]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [5/30/2011 12:58 AM 64952]
R2 tvMobiliService;tvMobiliService;c:\program files\TVMOBiLi\bin\tvMobiliService.exe [11/12/2010 5:54 AM 819291]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [5/31/2011 6:26 AM 2533400]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [3/13/2012 5:24 PM 55032]
R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [11/18/2009 1:22 PM 226304]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [11/28/2011 11:01 AM 6016]
R2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2/24/2010 3:13 AM 201176]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [8/3/2012 9:59 PM 132608]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 242504]
R3 CprDrvr;Driver for Lantronix CPR Device;c:\windows\system32\drivers\CprDrvr.sys [7/13/2011 6:16 AM 141432]
R3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [5/31/2011 7:54 AM 125696]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 8:55 AM 43704]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 8:55 AM 12216]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [7/16/2010 1:33 PM 11496]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [8/6/2012 1:15 PM 10240896]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [1/11/2011 9:11 AM 23608]
R3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys [7/26/2012 1:26 AM 51712]
S1 HWiNFO32;HWiNFO32 Kernel Driver; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 AEIWL;High Rate Wireless LAN MiniPCI Combo Card Driver;c:\windows\system32\drivers\AEIWLNDS.sys [12/28/2001 9:10 PM 50688]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2/17/2012 3:45 PM 481464]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [4/1/2010 11:30 AM 19560]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/27/2011 12:33 PM 167592]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [12/28/2008 7:04 AM 49489]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S3 phildecn;Philips WDM Video Decoder (PHILDECN);c:\windows\system32\drivers\PhilDecN.sys [12/31/1979 11:00 PM 89984]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [5/31/2011 8:14 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [5/3/2012 11:23 AM 11104]
S3 QBPOSDBServiceV9;QBPOS Database Manager v9;c:\program files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe [10/4/2010 12:33 PM 2735992]
S3 Remark FTP Utility;Remark FTP Utility;c:\program files\Common Files\Gravic\RemarkFTPUtility13.exe [5/2/2011 1:17 PM 59488]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/22/2011 4:51 PM 27064]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [5/8/2011 8:22 PM 606056]
S3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [1/10/2013 10:33 AM 1239552]
S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [3/4/2012 10:28 AM 86528]
S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [3/4/2012 10:28 AM 14976]
S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [3/4/2012 10:28 AM 114304]
S3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [12/23/2010 5:03 AM 385024]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys --> c:\windows\system32\DRIVERS\swvnic.sys [?]
S3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [12/31/1979 11:00 PM 13055]
S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
S3 USB-100;CP-USB-RJ45M 10/100 Ethernet Adapter;c:\windows\system32\drivers\USBKR100.SYS [11/11/2009 9:48 AM 27519]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [7/17/2009 12:12 PM 476672]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [12/18/2009 10:35 AM 260096]
S4 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [7/19/2010 1:45 PM 1391136]
S4 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [1/11/2011 9:11 AM 245760]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2002-07-19 08:38]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 06:02]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 06:02]
.
2013-01-19 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2013-01-02 19:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
Trusted Zone: download.microsoft.com
Trusted Zone: endicia.com\www.postage
Trusted Zone: google.com
Trusted Zone: ibm.com\icm1.teleweb.ca
Trusted Zone: intuit.com\ttlc
Trusted Zone: lenovo.com\chat.lel
Trusted Zone: lenovo.com\expertslive
Trusted Zone: lenovo.com\rto1.lel
Trusted Zone: lenovo.com\rto2.lel
Trusted Zone: magicjack.com\my
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: talk4free.com\reg
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: youtube.com
TCP: Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
TCP: Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
FF - ProfilePath - c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-17 16:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-17 16:44; [email protected]; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-17 16:44; [email protected]; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-17 16:44; [email protected]; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-17 16:44; [email protected]; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-17 16:44; [email protected]; c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-atr.exe - (no file)
AddRemove-Mozilla Firefox 18.0.1 (x86 en-US) - c:\program files\Firefox\uninstall\helper.exe
AddRemove-TuneXP_1.5 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-31 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="15-ESYW-J1UJ-6THR-MQZ3-R6JN-4S6SVM9"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="620020BA03891C6C3C43F63397837E7897E3DAA6A469E7949FF8B9265EDF2F8243A3FA2BD4C7FDDAF4BD65DC1EBB5F5FC61E59E4D69C23D5C96DD9D969280C78418163AFAE2654F12D5916C4D621766F99972DF4ABB2D63EC41A463F165D2F76931AFC0100F44D3FD6DE5235FD9C28995D01E1D04B4E3FBEDD3BEF261B7946102351BCDF2E27AE1717FB327E44B96F90976F56F9D6B5290C95EE1ADF241C189BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667B38B63896907AD54828241E44E7D2BBC1DC8E84830535BA925F1B6E2C9F78D55F5B429BF57A7BD3AC87FB2E724400F3AA8154B1D65AF035FBAC45C1FE970912B4BAA7A02120C83733C81E99020BEA753AE8679CA539CD0A712EBABE7D3CB269BEFD92FE9EE5445CD1480A2C926F132F6843FB62C098715AFBE518B256315D0B6D093F11337405D58BE57EE010DF3FB57B3C0181F0C0734EA8740364AEAF7A9D0940F449FAAB7B96ADC4234A79F04676979F2878654512590E6E83AC830455F8291E2F834F9C35B9BC066A8B39C84ED684821C3C8CBC1F61D0B60FB976A7231A5520F38F7CA915AC9F4C75B9DB77C99D1C3FA5D51D4D9C6CD561F30B4C81877DD18F2FD183874E095B552ACE418170BE84793BA0FC2BCCA265F81E29E6A73180DD5D519C65061ACE472545089D8A2F332606315F2DDB2CAEE71477258E46492DBB1602EB595F21061D0FD509207131CF8CFC37AF3E1A6A2B00A94116941F177B6099FB4A0FBE5F076A869880829FE5ECA0BF44D0EFDA9433DDB72C7DFFCC26B4D6A05F8C26F1D4B56878EAA793320ABFA3B9BC2BFD6EEB126CECE6E498824A9931A669ADBCC1EAAF5AC4CBA779156051FBF3D640B854E0442FBF6B539C8887DC20F7C0C326613B38E0DE4911823A503102847907694C3672E32229F481803C8D5F4E4970E83CA9A1D517FDC743A3251EDBA07F80D06F09D4874E68211C14E810EAAA1563B5CB42CE256A51C2A1FC9AE1971B1A25D4A96F9B378C10B3408C4AFEEC417B98AA06844E42CC5A3DB0CD86DB9F8DDE87ACC9FE357299436559FE9F1C08A8F845270A0D6EC98349E2E3074F6B83306F7F9691558DEA5A2D69B31E178107738506963B869081124884BADD2C4C3B58B52F66DA9E739BF941533D9F409AB3A2386AC8335968645B131E09DCD664D4AB0CD919FAEB519FD76EACAAA0FFC293744687D4DB90D7E155CBE208965000CED9C13E9361EFB769A392717A9C342DF077689BF34928DC7930429BF713CC77A535B2229DE13058C85B06BCF4F46D76C727552DD1E2C6F818A713E7747988A55DEDBCAF6B8CCB259DF9530AF076F56AFFA647D41E4181D8AF64E1D077266A5A0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(940)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(6044)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub32.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN32.dll
c:\program files\TortoiseSVN\bin\libsvn_tsvn32.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn32.dll
c:\program files\TortoiseSVN\bin\libsasl32.dll
c:\program files\TortoiseSVN\bin\crshhndl.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\program files\Microangelo On Display\MODIcon.dll
c:\windows\system32\ieframe.dll
c:\program files\Spell Catcher Plus\Catcher.dll
c:\windows\system32\msi.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\program files\Software Informer\sbtn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Salamander 2.5\plugins\salamext.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdCryptoUtils.dll
c:\windows\system32\wdResDll.dll
c:\windows\system32\wdUIResDll.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\RunDll32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Stunnel\stunnel.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Spell Catcher Plus\Spell Catcher.exe
c:\program files\RemindMe\RemindMe.exE
c:\windows\system32\AEIWLSTA.EXE
c:\windows\system32\RunDll32.exe
c:\windows\system32\taskswitch.exe
c:\program files\LogMeIn\x86\LogMeInSystray.exe
c:\program files\Integrated Camera Driver\RCIMGDIR.exe
c:\program files\WinSnap\WinSnap.exe
c:\program files\ClipX\clipx.exe
c:\windows\AGRSMMSG.exe
c:\program files\ThinkPad\Utilities\EzEjMnAp.Exe
.
**************************************************************************
.
Completion time: 2013-01-31 09:18:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 17:18
.
Pre-Run: 131,107,749,888 bytes free
Post-Run: 130,835,107,840 bytes free
.
- - End Of File - - FA112EDA48DD8EB9923DA5BEA1CA6FE5
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Is Bitdefender still screaming at you?
  • 0

#22
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Yes. I'm getting the same results.

Docfxit
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Strange...never had that happen before.

Step-1

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

Double click the MalWareBytes icon on the desktop to run the program. You will now be at the main program as shown below.

Posted Image

  • Click the Update tab and update the program if required.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3,

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
3. The MalwareBytes log
4. The ESET log (If it found anything)
5. Is Bitdefender still throwing the alarms?
  • 0

#24
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#25
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL Fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service cpuz135 stopped successfully!
Service cpuz135 deleted successfully!
File C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: ASPNET
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 783256 bytes
->Temporary Internet Files folder emptied: 65603 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5430947 bytes
->Flash cache emptied: 0 bytes

User: GaryT
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: QBPOSDBSrvUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: scans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405015 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02012013_112031

Files\Folders moved on Reboot...
C:\Documents and Settings\Gary\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\tmp000058c1\tmp00000000 not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#26
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
The new OTL.txt log

OTL logfile created on: 2/6/2013 10:12:39 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.45% Memory free
3.77 Gb Paging File | 2.77 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 119.78 Gb Free Space | 59.81% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/14 18:20:00 | 012,162,320 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\UltraEdit\Uedit32.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/04 09:43:30 | 001,851,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2012/09/30 23:23:54 | 000,150,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/01 23:57:48 | 001,774,992 | ---- | M] (ALTAP) -- C:\Program Files\Salamander 2.5\salamand.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2013/01/10 10:33:28 | 000,049,720 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/14 18:20:00 | 000,966,144 | ---- | M] () -- C:\Program Files\UltraEdit\uejs.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/03/13 17:00:00 | 001,047,552 | ---- | M] () -- C:\Program Files\UltraEdit\GNU\libxml2.dll
MOD - [2012/03/13 17:00:00 | 000,303,104 | ---- | M] () -- C:\Program Files\UltraEdit\idm_tidylib.dll
MOD - [2012/03/13 17:00:00 | 000,082,944 | ---- | M] () -- C:\Program Files\UltraEdit\idmc.dll
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/07/06 15:10:00 | 001,208,672 | ---- | M] () -- C:\Program Files\UltraEdit\wodTelnetDLX.ocx
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/11/13 15:20:00 | 000,059,904 | ---- | M] () -- C:\Program Files\UltraEdit\GNU\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKCU\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:3.0.20121120
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/01 07:52:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/31 19:36:22 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2013/02/05 07:55:20 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 22:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 12:25:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/31 08:53:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/31 08:53:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/31 08:53:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/31 08:53:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/31 08:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/30 09:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/01/26 08:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/01/26 08:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/26 08:20:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/25 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/10 15:07:24 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/02/06 10:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 07:34:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/02/06 07:33:49 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/02/06 07:32:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/06 07:31:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/06 07:31:46 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 17:44:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/05 17:43:59 | 2067,447,808 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/05 07:55:20 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/30 10:02:08 | 000,000,815 | ---- | M] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/27 15:22:50 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/25 23:17:20 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:44:04 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 22:14:21 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/25 21:58:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 15:07:24 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/10 15:05:56 | 000,054,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys

========== Files Created - No Company Name ==========

[2013/01/31 08:53:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/31 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/31 08:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/31 08:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/31 08:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/30 10:02:08 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/26 08:02:53 | 001,492,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:44:04 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:44:04 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 21:58:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/10 15:05:56 | 000,054,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 001,239,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\񀿉
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/02/06 07:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/02/06 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon

========== Purity Check ==========



< End of report >
  • 0

#27
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.01.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gary :: DOCFXITLT [administrator]

2/1/2013 11:29:56 AM
mbam-log-2013-02-01 (11-29-56).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 596594
Time elapsed: 2 hour(s), 26 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Excursion9.5\ex2.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\$recycle.bin\s-1-5-21-2709080071-1371776929-3630506870-1000\$rlrgyhd.exe (Trojan.Inject) -> Quarantined and deleted successfully.

(end)
  • 0

#28
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
C:\Batch\hstart.exe a variant of Win32/HiddenStart.A application
C:\Dnload\Corel WinDVD Pro 11.0.0.342.521748\Corel.WinDVD.Pro.v11.0.Keymaker-CORE.rar a variant of Win32/Keygen.AU application
C:\Dnload\Revelation 1.1\Revelation.exe a variant of Win32/PSWTool.SnadBoy.B application
C:\Dnload\Revelation 2.0\Revelation.exe Win32/PSWTool.SnadBoy.2011 application
C:\Dnload\Revelation 2.0\RevelationHelper.dll Win32/PSWTool.SnadBoy.2011 application
C:\Dnload\SpywareRemovers\MGtools\Process.exe Win32/PrcView application
C:\Dnload\SpywareRemovers\VirtumundoBeGone.exe Win32/PrcView application
C:\Dnload\Advanced_Port_Scanner.exe multiple threats
C:\Dnload\Aircrack.zip a variant of Win32/MGLocker application
C:\Dnload\Bitdefender 2011 crack.rar Win32/RiskWare.HackAV.IS application
C:\Dnload\CodeCompareVer.1.0.4.zip a variant of Win32/Somoto.A application
C:\Dnload\cpu-z_1.61.5-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\DuplicateCleaner_setupVer.2.1b.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\hwmonitor_1.20-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\iDump_mediawidgettrialtype30setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\ImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\magicBlockSetup_v1-2.exe a variant of Win32/InstallCore.D application
C:\Dnload\Open_Ports_Scanner_v2_4_Virus.exe Win32/Adware.1ClickDownload.J application
C:\Dnload\paperscanfree_zip.exe a variant of Win32/InstallCore.D application
C:\Dnload\passrec.zip multiple threats
C:\Dnload\port scanner.exe MSIL/Solimba.F application
C:\Dnload\siw-setupVer2011.exe Win32/OpenCandy application
C:\Dnload\undeleteplus_setup_ver.3.0.3.424.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Dnload\Unlocker1.9.1.exe multiple threats
C:\Dnload\VideoPerformerSetup.exe a variant of Win32/InstallBrain.P application
C:\Dnload\Windows_XP_Professional_SP3_x32_June_2012___SATA_Drivers_[ThumperDC].exe Win32/Adware.1ClickDownload.G application
C:\Dnload\wirelesskeyview-x64.zip a variant of Win64/WirelessKeyView.B application
C:\Dnload\wirelesskeyview.zip a variant of Win32/WirelessKeyView.A application
C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files\Common Files\Smarthome\Device Manager\SDM2Server.exe probably unknown NewHeur_PE virus
C:\Program Files\Common Files\Smarthome\Device Manager\SDM3.exe probably unknown NewHeur_PE virus
C:\Program Files\Lantronix\TFTP FirmwareUpdate\tftpd32.exe a variant of Win32/TFTPD32.B application
C:\Program Files\NView3x\TcpPatch\EvID4226Patch223d-de.zip Win32/Tool.EvID4226 application
C:\Program Files\PCmover\x32\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP4\A0000445.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP4\A0000446.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP4\A0000447.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000640.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000641.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000642.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000643.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000644.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000645.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000660.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000701.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000702.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000704.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000705.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000706.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000883.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP5\A0000884.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000942.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000943.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000944.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000945.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000946.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000947.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0000948.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001700.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001701.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001702.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001703.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001704.exe a variant of Win32/Adware.WinPump.U application
C:\System Volume Information\_restore{BFCEBE40-399A-481D-83FE-EAD8082FC6F0}\RP6\A0001705.exe a variant of Win32/Adware.WinPump.U application
  • 0

#29
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
After running Malwarebytes I found these being added to system:

C:\WINDOWS\Temp\d7dkkbq5.dll
C:\WINDOWS\Temp\iikg6l3o.dll

Which look very suspicious to me.

I have also seen the same Bitdefender quarantines.

And I don't see the Bitdefender icon in the system tray any more.
I'm currently running Bitdefender ver. 2012. I can repair 2012 or I can Uninstall 2012 and install 2013. I will wait for your suggestions.

Thanks for looking at all the reports.

Docfxit
  • 0

#30
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I think I'm confused now. Are these file alarms coming from BitDefender or Spy-The-Spy?

Please get a new OTL quick scan and let's see if BitDefender is still running at start up.

Re open OTL and click on the Posted Image button.
Post the new OTL.txt log in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP