Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me remove a virus [Closed] [Solved]


  • This topic is locked This topic is locked

#31
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi,

Sorry for the confusion. The ones I posted are coming from Spy-the-Spy. The original ones I posted from Spy-the-Spy are because Bitdefender caught the files being written to the hard drive and quarantined the files. Spy-the-Spy is the program that shows what exe's are getting written to the hard drive.

The OTL quick scan I posted was just run a minute before I posted it. I wanted to show you the latest information.

Thanks,

Docfxit
  • 0

Advertisements


#32
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Please post the Quick Scan :)
  • 0

#33
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
OTL logfile created on: 2/6/2013 1:40:26 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.66% Memory free
3.77 Gb Paging File | 2.77 Gb Available in Paging File | 73.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 119.71 Gb Free Space | 59.77% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

Computer Name: DOCFXITLT | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 15:17:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp\OTL.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoLauncherService.exe
PRC - [2013/01/10 11:08:58 | 001,229,296 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2013/01/09 04:10:54 | 006,326,272 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2012/12/16 03:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/12/12 20:30:26 | 000,278,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
PRC - [2012/12/12 08:42:50 | 001,199,344 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
PRC - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
PRC - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/07/26 16:57:52 | 000,489,248 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe
PRC - [2012/06/10 23:25:32 | 003,061,376 | ---- | M] (NTWind Software) -- C:\Program Files\WinSnap\WinSnap.exe
PRC - [2012/04/29 10:40:50 | 000,713,584 | ---- | M] (Beiley Software Inc.) -- C:\Program Files\RemindMe\RemindMe.exE
PRC - [2012/03/28 11:54:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2012/03/28 10:36:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe
PRC - [2011/05/26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/04/07 15:41:32 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/04/04 10:43:36 | 000,135,528 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/11/29 15:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/29 19:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
PRC - [2010/09/17 15:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/01 23:57:48 | 001,774,992 | ---- | M] (ALTAP) -- C:\Program Files\Salamander 2.5\salamand.exe
PRC - [2010/05/21 12:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) -- C:\Program Files\RPM\RpmSrv.exe
PRC - [2008/10/30 14:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
PRC - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/05/03 11:23:29 | 001,037,216 | ---- | M] (Rainmaker Research, Inc.) -- C:\Program Files\Spell Catcher Plus\Spell Catcher.exe
PRC - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
PRC - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
PRC - [2004/10/12 12:01:52 | 000,032,768 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe
PRC - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
PRC - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
PRC - [2001/12/28 21:33:14 | 000,214,016 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINDOWS\system32\AEIWLSTA.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/25 22:30:50 | 000,706,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\7113d7b0d1ab8e22518f1eee04bd79dc\SolutoCleanup.ni.dll
MOD - [2013/01/25 22:30:49 | 000,681,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\a510bee3c1e6633374c7e0457a9c2afb\PCGDataAggregation.ni.dll
MOD - [2013/01/25 22:30:47 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\5900fea26dfbf076656a76a6ec415ceb\PCGBootVisualizingCore.ni.dll
MOD - [2013/01/25 22:30:46 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\7b20a2b2de746f4c0a34427668eb3379\Interop.NetFwTypeLib.ni.dll
MOD - [2013/01/25 22:30:45 | 000,295,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\324504aa08dd894d6fcbc1288b2abc65\PCGCatalogItemFootprint.ni.dll
MOD - [2013/01/25 22:30:44 | 000,732,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\d1c3fff5ca7b6984f2813356395b9460\PCGBrowsersProbe.ni.dll
MOD - [2013/01/25 22:30:43 | 000,261,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\b7ffb1db04e5c25f69195285145102b3\PCGSAProbe.ni.dll
MOD - [2013/01/25 22:30:42 | 000,087,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\f5c8bdcc4b6d1bcb4854c677d75b1dbf\PCGCatalogItemCache.ni.dll
MOD - [2013/01/25 22:30:42 | 000,041,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\25b4b05f3611cb0f83ee288e91a888b5\PCGEntities.ni.dll
MOD - [2013/01/25 22:30:41 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\f407b1a910fedc713a6b844835b90900\PCGClientCommunication.ni.dll
MOD - [2013/01/25 22:30:39 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\00776f9637ef2b01424c9ae44af55a43\PCGUpgrader.ni.dll
MOD - [2013/01/25 22:30:39 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\5d0f966d27eb030ad1144bf7313165b1\SolutoUpdateService.ni.dll
MOD - [2013/01/25 22:30:38 | 002,044,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\49aed0293596cb41b3b9383c3bf54548\SolutoService.ni.exe
MOD - [2013/01/25 22:30:28 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\ec81ad124f2887749a29bf67d72e47c1\PCGPostBootResources.ni.dll
MOD - [2013/01/25 22:30:28 | 000,052,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\ea6ef3d32d5e28268377ff81fed27395\PCGHIDProbe.ni.dll
MOD - [2013/01/25 22:30:27 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\32937b6110f36171106fc3a9bc4b397e\Community.CsharpSqlite.ni.dll
MOD - [2013/01/25 22:30:27 | 000,039,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\1ff918080005699a4427ae446d120182\PCGRSPProbe.ni.dll
MOD - [2013/01/25 22:30:25 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\35c49945a5328be7e77060795d7ba080\PCGWuInfo.ni.dll
MOD - [2013/01/25 22:30:25 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\9e0ee4ac48824decaf0cd3ac91bcf8dc\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2013/01/25 22:30:25 | 000,055,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\a178291dc42211f27ccb0269049e2bcb\PCGUsersCenter.ni.dll
MOD - [2013/01/25 22:30:23 | 000,156,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\83169f5e6f353146ec154409dd7d6790\PCGAppControlPluginLoader.ni.dll
MOD - [2013/01/25 22:30:21 | 003,509,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\9ab766011f90c5409cf010140f869f37\PCGClientCommon.ni.dll
MOD - [2013/01/25 22:30:18 | 000,157,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\d3d76007ccd5a9a77c9669a66d6a58ab\PCGBootVisualizingCommon.ni.dll
MOD - [2013/01/25 22:30:17 | 000,222,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\ae4cd0b5747ac822681efb22bda4bb79\PCGDriverProbe.ni.dll
MOD - [2013/01/25 22:30:15 | 000,060,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\391d5b3caf3cf0c71211ea165940949f\PCGConfiguration.ni.dll
MOD - [2013/01/25 22:30:14 | 002,617,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\68fa02e189ba72c91b4a13ffcf8fbab9\PCGDatabase.ni.dll
MOD - [2013/01/25 22:30:14 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\90d790910714eac292348c0c844d8a74\System.Data.SqlServerCe.ni.dll
MOD - [2013/01/25 22:30:11 | 001,538,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\d0055ecdbb5ca8e75ddb4926d14f7a84\PCGAzureShared.ni.dll
MOD - [2013/01/25 22:30:11 | 000,048,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\fbd0db0b6165668a622cc8c38e904144\PCGAzureEntityFramework.ni.dll
MOD - [2013/01/25 22:30:10 | 001,196,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\c19bb8498c051b00555763e3a38d56bc\PCGCommunication.ni.dll
MOD - [2013/01/25 22:30:08 | 001,707,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\fdbcaf85353f2c586634f7b575893baa\PCGPreCompiled.ni.dll
MOD - [2013/01/25 22:29:48 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\5e6ee9397825b25e4543c094f400c859\Ionic.Zip.Reduced.ni.dll
MOD - [2013/01/25 22:29:48 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d6afbc7f7cba70db9b20564440f44622\PCGPrestoSerializer.ni.dll
MOD - [2013/01/25 22:29:46 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2013/01/25 22:29:45 | 002,128,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\7071c2f7ad720d29b2a539184a94fc12\Newtonsoft.Json.Net35.ni.dll
MOD - [2013/01/25 22:29:44 | 002,727,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\6af740b77febde5f102725c19f6cc107\PCGFramework.ni.dll
MOD - [2013/01/25 22:29:40 | 001,620,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\3523ca400bc7eef91481b1577d3cbf6c\Soluto.ni.exe
MOD - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2013/01/10 10:33:28 | 000,077,880 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2013/01/10 10:33:28 | 000,049,720 | R--- | M] () -- C:\Program Files\Soluto\PCGDeviceScanLib.dll
MOD - [2012/12/12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/12/12 08:42:56 | 000,092,600 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
MOD - [2012/12/12 08:42:36 | 000,272,344 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
MOD - [2012/11/27 09:09:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:09:42 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1fa3f0a76f2fa2d3a6cfaf9031bc1dfb\System.Runtime.Remoting.ni.dll
MOD - [2012/11/27 09:09:41 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:09:40 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/27 09:09:04 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/11/27 09:08:49 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/27 09:08:42 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll
MOD - [2012/11/27 09:08:34 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll
MOD - [2012/11/27 09:08:34 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:08:29 | 000,939,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\9bc09040ded0b8de5514235bf9b24888\System.Data.Services.Client.ni.dll
MOD - [2012/11/27 09:07:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/11/27 09:07:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\129677cc2efb77e11fb90785528cbf28\SMDiagnostics.ni.dll
MOD - [2012/11/27 09:07:33 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\96d93d79e2516cac93027cbe2e2d1757\System.ServiceModel.ni.dll
MOD - [2012/11/27 09:07:16 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/11/27 09:05:34 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\7fc7ad881f823df3fc1ee95e7f19d7ae\System.Data.Linq.ni.dll
MOD - [2012/11/27 09:05:31 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/11/27 09:05:27 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/11/27 09:05:09 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:05:02 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:38 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/27 09:04:36 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/27 09:04:29 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/27 09:04:25 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/27 09:04:24 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/27 09:04:21 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/27 09:04:10 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/27 09:04:03 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/11/27 09:02:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/27 09:02:19 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/27 09:02:17 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/27 09:02:05 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/27 09:01:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/11/27 09:01:01 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/27 09:00:51 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/11/27 09:00:48 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/03/27 23:07:06 | 000,004,608 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\imsecurityal.ui
MOD - [2012/03/27 23:07:04 | 000,003,072 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
MOD - [2012/03/22 11:30:52 | 002,063,872 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
MOD - [2012/03/22 11:30:52 | 001,917,952 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
MOD - [2012/03/22 11:30:52 | 001,867,776 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
MOD - [2012/03/22 11:30:52 | 000,956,928 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
MOD - [2012/03/22 11:30:52 | 000,634,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
MOD - [2012/03/22 11:30:52 | 000,513,536 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,446,464 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
MOD - [2012/03/22 11:30:52 | 000,391,168 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
MOD - [2012/01/23 19:27:20 | 000,035,208 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
MOD - [2012/01/23 19:15:40 | 000,059,392 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
MOD - [2012/01/23 19:14:56 | 000,110,880 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
MOD - [2012/01/23 19:14:00 | 000,061,440 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\excludemgr.dll
MOD - [2012/01/23 19:13:40 | 000,154,152 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
MOD - [2012/01/06 15:27:34 | 000,035,720 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
MOD - [2012/01/06 15:27:28 | 000,202,032 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
MOD - [2011/10/27 14:07:06 | 000,362,736 | ---- | M] () -- \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll
MOD - [2011/02/18 17:47:09 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe
MOD - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () -- C:\Program Files\Stunnel\stunnel.exe
MOD - [2010/06/07 06:26:46 | 000,101,376 | ---- | M] () -- C:\Program Files\Stunnel\zlib1.dll
MOD - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
MOD - [2009/01/14 10:29:18 | 000,010,752 | ---- | M] () -- C:\Program Files\RPM\udf\fbudf.dll
MOD - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () -- C:\WINDOWS\system32\MNSFramework.exe
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/30 13:34:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe
MOD - [2005/10/28 19:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/03/11 20:26:46 | 000,622,592 | ---- | M] () -- C:\Program Files\SpyTheSpy\SpyTheSpy.exe
MOD - [2004/02/27 11:24:30 | 000,026,448 | ---- | M] () -- C:\WINDOWS\system32\smfaxmon.dll
MOD - [2004/01/12 04:59:14 | 000,110,592 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver.exe
MOD - [2004/01/12 04:58:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\IconSaver.cpl
MOD - [2003/10/19 06:12:58 | 000,061,440 | ---- | M] () -- C:\Program Files\IconSaver\IconSaverLib.dll
MOD - [2003/10/19 04:11:40 | 000,094,208 | ---- | M] () -- C:\Program Files\IconSaver\IconSaver Editor.dll
MOD - [2003/07/03 22:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2002/03/19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
MOD - [2001/07/31 09:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/10 15:05:36 | 000,225,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2013/01/10 11:09:00 | 000,547,312 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2013/01/10 11:09:00 | 000,166,896 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV - [2013/01/10 10:33:28 | 001,239,552 | ---- | M] (Soluto) [On_Demand | Stopped] -- C:\Program Files\Soluto\SolutoRemoteService.exe -- (SolutoRemoteService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/16 03:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/12/12 08:42:53 | 001,554,176 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV - [2012/11/05 08:07:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/05 08:06:54 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/24 07:56:39 | 000,055,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV - [2012/08/28 05:56:10 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/03/28 11:54:42 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2012/03/28 11:54:38 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2012/03/28 10:57:46 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012/03/28 10:31:52 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/10/14 22:57:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/19 20:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 20:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\WINDOWS\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/05/02 13:17:28 | 000,059,488 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files\Common Files\Gravic\RemarkFTPUtility13.exe -- (Remark FTP Utility)
SRV - [2011/04/20 09:04:40 | 000,130,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/04/04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/03/29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/01/14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/23 07:20:24 | 000,245,760 | ---- | M] (SMServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SMServer)
SRV - [2010/12/23 05:03:32 | 000,385,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2010/11/12 05:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010/11/08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/04 12:33:40 | 002,735,992 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Intuit\QuickBooks Point of Sale 9.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV9)
SRV - [2010/09/22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/19 13:00:02 | 000,097,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Stunnel\stunnel.exe -- (stunnel)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/03 11:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/03 11:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/24 03:13:24 | 001,313,368 | ---- | M] (South River Technologies, LLC) [Disabled | Stopped] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService)
SRV - [2009/11/18 13:22:26 | 000,226,304 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2009/09/17 18:40:44 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe -- (CLDTVHNService)
SRV - [2009/09/04 15:22:56 | 001,391,136 | ---- | M] (Hagel Technologies Ltd.) [Disabled | Stopped] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/04/20 13:17:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/14 10:29:18 | 003,981,312 | ---- | M] (Brooks Internet Software, Inc.) [Auto | Running] -- C:\Program Files\RPM\RpmSrv.exe -- (rpm)
SRV - [2008/10/14 09:33:56 | 000,061,952 | ---- | M] (NeoSmart Technologies) [Auto | Running] -- C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe -- (ToolTipFixer)
SRV - [2008/09/03 18:27:58 | 000,186,360 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\MNSFramework.exe -- (MNSFramework)
SRV - [2008/03/19 11:30:46 | 002,558,464 | R--- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2007/03/21 10:57:56 | 000,516,096 | ---- | M] (Locktime Software) [On_Demand | Stopped] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2007/02/08 17:14:10 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2001/05/08 04:10:00 | 000,053,248 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\timntr.sys -- (timounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swvnic.sys -- (SWVNIC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187B.sys -- (RTL8187B)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pssnap.sys -- (pssnap)
DRV - [2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/12/16 03:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/12/12 08:42:55 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avchv.sys -- (avchv)
DRV - [2012/12/12 08:42:46 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2012/12/12 08:41:35 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2012/11/05 08:06:55 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/09/24 07:57:16 | 000,132,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys -- (bdselfpr)
DRV - [2012/09/24 07:57:12 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/09/10 22:50:22 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2012/08/23 23:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/07/26 01:26:40 | 000,051,712 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\womic.sys -- (wovad_micarray)
DRV - [2012/06/01 09:09:28 | 000,360,976 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/03/12 12:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2012/01/18 14:56:16 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/01/18 14:56:14 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/11/17 16:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bdsandbox.sys -- (bdsandbox)
DRV - [2011/11/14 19:16:28 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2011/10/26 09:45:27 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/10/03 08:15:22 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/13 06:16:56 | 000,141,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CprDrvr.sys -- (CprDrvr)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/03/18 08:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/13 10:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/23 12:43:12 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010/11/25 13:59:16 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2010/10/20 01:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/09/23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/09/16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 08:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2010/06/25 09:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/16 12:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2010/06/16 12:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/04/21 12:16:46 | 000,025,704 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ts_lb.sys -- (ts_lb)
DRV - [2010/04/01 11:33:08 | 000,019,560 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cv2k1.sys -- (CV2K1)
DRV - [2010/02/24 13:11:40 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2010/02/24 03:13:20 | 000,201,176 | ---- | M] () [File_System | Auto | Running] -- C:\Program Files\WebDrive\wdfsd.sys -- (WebDriveFSD)
DRV - [2010/01/19 18:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/11 09:48:00 | 000,027,519 | ---- | M] (Billionton Corporation Reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBKR100.SYS -- (USB-100)
DRV - [2009/10/26 11:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 18:40:52 | 000,119,792 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys -- (ntk_dtv)
DRV - [2009/09/17 11:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/08 00:40:26 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdm.sys -- (ssecmdm)
DRV - [2009/09/08 00:40:26 | 000,086,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecbus.sys -- (ssecbus)
DRV - [2009/09/08 00:40:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssecmdfl.sys -- (ssecmdfl)
DRV - [2009/07/06 10:09:06 | 000,051,200 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/06/30 10:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 10:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 10:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/05/22 10:46:42 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009/05/11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/03/13 12:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009/02/12 13:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/07/24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/03/18 14:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 14:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/02/04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/12/17 15:57:14 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp)
DRV - [2007/06/08 08:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stm_tpm.sys -- (stmtpm)
DRV - [2007/04/23 03:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/04/09 08:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 08:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 08:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/18 21:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/02/06 22:38:32 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 13:44:40 | 000,260,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326)
DRV - [2006/12/25 14:32:52 | 000,049,489 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mamotou.sys -- (mamotou)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/02 00:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/10/02 00:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/08 11:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/06/09 04:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/05/18 08:49:00 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/04/20 00:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/03 00:14:18 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2005/03/03 00:14:04 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/08/24 14:16:54 | 000,003,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMDRV.SYS -- (SMDRV)
DRV - [2002/05/02 11:52:22 | 000,018,189 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - [2002/05/02 11:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2002/01/23 07:28:32 | 000,089,984 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhilDecN.sys -- (phildecn)
DRV - [2002/01/15 12:04:06 | 001,088,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/12/28 21:10:16 | 000,050,688 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [1999/12/31 16:00:00 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {959E4F84-B960-417C-8415-C7A0737817BC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...C3-50E2DD51DD08
IE - HKCU\..\SearchScopes\{959E4F84-B960-417C-8415-C7A0737817BC}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: fireform%40mozilla.org:0.7.4
FF - prefs.js..extensions.enabledAddons: isitcompatible%40eternicode.com:0.5.3
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2012.07.08.17
FF - prefs.js..extensions.enabledAddons: showParentFolder%40alice:2.0
FF - prefs.js..extensions.enabledAddons: flatbm%40xuldev.org:1.8.1
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:3.0.20121120
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Firefox\components [2013/01/25 21:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Firefox\plugins [2012/06/17 10:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\

[2012/10/29 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions
[2013/02/06 09:43:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/01 07:52:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,093,072 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,085,264 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,040,533 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/17 16:44:02 | 000,015,789 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,006,744 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/18 17:03:52 | 000,163,080 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\[email protected]
[2013/01/31 19:36:22 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\go3ojoq5.default\searchplugins\askcom.xml

O1 HOSTS File: ([2013/02/05 07:55:20 | 000,000,185 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 75.79.156.56 atu1277.com
O1 - Hosts: 75.79.6.149 theoffice.la
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [IconSaver] C:\Program Files\IconSaver\IconSaver.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\system32\spool\drivers\W32X86\3\fppdis4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [AnyTime Organizer] C:\Program Files\AnyTime Deluxe\AtDem.exe (Individual Software, Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Programs Now (Hidden).lnk = C:\Program Files\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk = C:\Program Files\SpyTheSpy\SpyTheSpy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: endicia.com ([www.postage] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibm.com ([icm1.teleweb.ca] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([chat.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([expertslive] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto1.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lenovo.com ([rto2.lel] https in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1340638911625 (WUWebControl Class)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} http://www.update.mi...b?1340638867765 (MUWebControl Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7084C14A-C055-4B77-B74E-52C57C1D665D}: NameServer = 66.51.205.100,66.51.206.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6DAFE96-F802-44B8-8447-47E183F9669A}: NameServer = 66.51.205.100,66.51.206.100
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\mctp - No CLSID value found
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/08/28 18:41:20 | 000,565,760 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2002/07/24 08:55:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 16:37:41 | 000,001,094 | ---- | M] () - C:\AUTOEXEC2.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 22:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 12:25:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/31 08:53:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/31 08:53:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/31 08:53:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/31 08:53:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/31 08:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/30 09:09:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/27 15:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\MalwareCleanUp
[2013/01/26 22:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\TortoiseSVN
[2013/01/26 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\TSVNCache
[2013/01/26 22:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2013/01/26 22:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TortoiseSVN
[2013/01/26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2013/01/26 22:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2013/01/26 14:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC_1.1.8
[2013/01/26 08:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime Alternative
[2013/01/26 08:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/01/26 08:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2013/01/26 08:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\Logishrd
[2013/01/26 08:20:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/25 23:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/01/25 23:11:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/25 23:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 22:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2013/01/25 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/01/25 22:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2013/01/25 22:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soluto
[2013/01/25 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/01/25 22:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\Macrium
[2013/01/25 22:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium
[2013/01/25 22:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/25 21:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NeoSmart Technologies
[2013/01/25 21:38:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2013/01/22 08:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2013/01/22 08:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/22 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/22 08:36:08 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/22 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/21 10:50:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition
[2013/01/18 06:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/01/17 15:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Subversion
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpyTheSpy
[2013/01/17 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpyTheSpy
[2013/01/10 15:07:24 | 000,013,432 | ---- | C] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | C] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/08 10:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2006/09/15 11:08:34 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Gary\chatlnk.exe

========== Files - Modified Within 30 Days ==========

[2013/02/06 13:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 07:34:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/02/06 07:33:49 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/02/06 07:32:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/06 07:31:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/06 07:31:46 | 2067,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 17:44:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/05 17:43:59 | 2067,447,808 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/05 07:55:20 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/30 10:02:08 | 000,000,815 | ---- | M] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/28 14:16:49 | 002,555,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/27 15:22:50 | 000,002,992 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/01/26 19:48:29 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Gary\SciTE.session
[2013/01/25 23:17:20 | 000,000,089 | ---- | M] () -- C:\WINDOWS\Spell Catcher.INI
[2013/01/25 22:44:45 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2013/01/25 22:44:04 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:31:04 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Uninstall 6.lnk
[2013/01/25 22:28:48 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/25 22:14:21 | 000,001,962 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/25 21:58:39 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/25 21:24:02 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/25 21:24:02 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/01/24 08:57:54 | 000,000,222 | ---- | M] () -- C:\WINDOWS\System32\checkdnsid.xml
[2013/01/22 14:46:22 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Re-Start.lnk
[2013/01/22 08:36:16 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 09:51:38 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/18 09:33:32 | 000,000,286 | ---- | M] () -- C:\WINDOWS\vuepro32.ini
[2013/01/18 06:52:01 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 17:46:22 | 000,139,097 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/01/17 12:50:57 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 15:07:24 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys
[2013/01/10 15:06:54 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\System32\drivers\pssnap.sys
[2013/01/10 15:05:56 | 000,054,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/10 10:33:16 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\WINDOWS\System32\drivers\Soluto.sys

========== Files Created - No Company Name ==========

[2013/01/31 08:53:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/31 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/31 08:53:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/31 08:53:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/31 08:53:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/30 10:02:08 | 000,000,815 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll.colors
[2013/01/26 08:02:53 | 001,492,640 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/25 22:44:04 | 000,001,491 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/01/25 22:44:04 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk
[2013/01/25 22:36:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Update Checker.lnk
[2013/01/25 22:02:25 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 22:02:25 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/25 21:58:39 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EasyBCD 2.1.2.lnk
[2013/01/22 20:23:19 | 2067,443,712 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/22 08:36:16 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/21 10:50:40 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\iDo Wedding Couple Edition.lnk
[2013/01/18 06:52:01 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/01/17 12:50:57 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpyTheSpy.lnk
[2013/01/17 12:49:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\WinMerge.lnk
[2013/01/10 16:16:37 | 000,001,962 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Reflect.lnk
[2013/01/10 15:05:56 | 000,054,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\psmounterex.sys
[2013/01/09 12:46:38 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job
[2013/01/08 10:10:42 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #2.lnk
[2013/01/08 10:10:33 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #3.lnk
[2013/01/08 10:10:30 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #4.lnk
[2013/01/08 10:10:27 | 000,001,030 | ---- | C] () -- C:\Documents and Settings\Gary\Start Menu\Programs\JBidWatcher.exe #5.lnk
[2012/12/23 18:40:34 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\PUTTY.RND
[2012/12/23 14:36:31 | 000,002,159 | ---- | C] () -- C:\WINDOWS\sshtunnel.ini
[2012/12/23 12:59:20 | 000,002,228 | ---- | C] () -- C:\WINDOWS\System32\dkfzip32.DAT
[2012/12/17 09:35:33 | 001,239,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-133707808-2752991226-3942243025-1004-0.dat
[2012/12/03 22:15:35 | 000,619,946 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/11 10:56:44 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\recently-used.xbel
[2012/10/26 11:59:08 | 096,817,882 | ---- | C] () -- C:\Program Files\Photo Album 6.7z
[2012/10/11 19:54:03 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\Gary\SciTEUser.properties
[2012/10/11 19:53:54 | 000,031,076 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.save.properties
[2012/10/10 13:56:38 | 000,026,448 | ---- | C] () -- C:\WINDOWS\System32\smfaxmon.dll
[2012/09/24 13:54:58 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/18 11:53:19 | 001,292,288 | ---- | C] () -- C:\WINDOWS\is-PPJSS.exe
[2012/08/18 11:41:13 | 000,000,353 | ---- | C] () -- C:\WINDOWS\PC Viewer 4CH ENG.INI
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Windows1569_SettingsRepository.bin
[2012/08/07 22:40:11 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys
[2012/08/01 13:58:19 | 002,784,754 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/07/31 09:58:07 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Gary\.deskmetrics
[2012/06/12 15:49:15 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Gary\Application Datauser_gensett.xml
[2012/05/04 19:23:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\$_hpcst$.hpc
[2012/05/03 11:23:28 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/04/27 08:47:54 | 000,000,377 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2012/04/20 07:51:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/19 17:17:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2012/03/23 16:42:12 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/12 10:49:48 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/22 08:15:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/17 07:14:06 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Gary\abbrev.properties
[2012/02/17 06:02:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.keywords.user.abbreviations.properties
[2012/02/14 12:52:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\Gary\au3UserAbbrev.properties
[2012/02/14 10:28:51 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 18:33:13 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/26 20:19:03 | 000,000,022 | -HS- | C] () -- C:\Documents and Settings\Gary\Application Data\Sys2662.Config.Repository.bin
[2011/10/26 09:45:27 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011/10/03 08:15:22 | 000,025,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\VSPE.sys
[2011/09/21 10:04:44 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2011/09/18 22:09:23 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\profile.wkp
[2011/09/06 21:04:43 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\archCalc.Prefs
[2011/08/12 11:55:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2011/08/12 11:55:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2011/08/12 11:55:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2011/07/13 06:16:56 | 000,141,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\CprDrvr.sys
[2011/07/13 06:15:14 | 000,106,208 | ---- | C] () -- C:\WINDOWS\System32\CprIf.dll
[2011/05/31 08:14:36 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2011/05/31 08:14:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2011/05/31 06:21:02 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2011/05/30 07:41:21 | 000,139,097 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/05/30 07:09:15 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/30 07:09:12 | 000,295,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/30 07:09:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/30 07:08:11 | 002,186,342 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/06/27 09:11:30 | 000,065,536 | ---- | C] () -- C:\Program Files\Logger Pro 3
[2010/03/27 07:22:54 | 000,014,905 | ---- | C] () -- C:\Documents and Settings\Gary\au3abbrev.properties
[2010/03/16 18:02:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\񀿉
[2010/01/02 13:16:12 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Gary\au3.UserUdfs.properties
[2010/01/02 13:15:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary\au3.user.calltips.api
[2009/12/30 21:31:24 | 000,000,174 | -H-- | C] () -- C:\Documents and Settings\Gary\Application Data\lakerda1967.sys
[2009/12/30 21:30:44 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\docXConverter (3).ini
[2009/11/02 16:10:33 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Principia Products.zip
[2009/02/13 11:36:32 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2008/12/14 18:10:13 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Gary\ntuser.pol
[2008/09/17 11:19:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat
[2008/03/13 19:36:57 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gary\.rnd
[2008/01/30 14:34:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\PUTTY.RND
[2007/09/26 10:44:42 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.session
[2006/12/03 22:50:40 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.recent
[2006/12/03 22:50:40 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Gary\SciTE.ses
[2006/11/11 10:26:30 | 000,345,935 | ---- | C] () -- C:\Documents and Settings\Gary\jap.conf
[2006/11/01 19:18:37 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gary\winscp.RND
[2006/09/05 21:43:35 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Gary\.jm_prefs
[2005/11/06 20:54:40 | 000,125,226 | ---- | C] () -- C:\Documents and Settings\Gary\IPSendOptions.exe
[2005/06/23 17:15:00 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\Gary\ipsend.sec

========== ZeroAccess Check ==========

[2008/07/04 15:44:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 11:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2012/02/03 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/06/01 08:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitdefender
[2012/10/29 07:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2008/07/08 21:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/01/26 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brooks Internet Software
[2011/12/27 15:23:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/11/25 21:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/07/08 21:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/12/08 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conexant
[2010/05/06 07:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2011/02/01 09:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gravic
[2008/12/14 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/07/11 00:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/02/07 16:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JudysApps
[2012/04/19 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/22 16:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2011/05/31 06:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/07/19 20:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2013/02/06 07:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/01/31 03:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2011/02/21 12:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/05/03 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2012/10/29 07:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2008/07/08 21:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2012/10/29 07:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microangelo On Display
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/27 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/01 08:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Principia Products
[2008/07/08 21:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2008/07/08 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2012/03/04 10:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/10/29 07:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/01/25 22:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2011/02/18 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/07/08 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2010/05/06 13:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System
[2011/05/12 08:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/05/30 07:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/03/29 17:09:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WebDrive
[2012/11/20 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WordPerfect Office X6
[2008/07/09 14:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.BitTornado
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\.tswebeditor
[2012/04/19 14:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Adam Berent
[2009/02/26 11:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\AI Internet Solutions
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Basta Computing
[2012/09/24 07:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Bitdefender
[2009/04/02 13:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BozTeck
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BPFTP
[2009/01/26 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Brooks Internet Software
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Colasoft Capsa
[2008/07/09 14:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Convivea
[2012/04/19 16:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ElevatedDiagnostics
[2010/02/09 09:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Endicia
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FileMaker
[2009/08/29 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit
[2012/07/31 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Foxit Software
[2012/12/05 09:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Fujitsu
[2010/05/05 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\G7PS
[2012/10/29 07:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GARMIN
[2012/09/30 08:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Geek Uninstaller
[2011/01/11 09:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\GetRightToGo
[2012/10/11 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gsmartcontrol
[2010/12/10 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\gtk-2.0
[2008/07/09 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Hyperionics
[2012/11/05 14:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ImgBurn
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Individual Software
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Interactive Studios
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2010/09/22 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2012/08/18 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\KC Softwares
[2012/04/20 06:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ldw_data
[2008/07/09 14:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/07/09 14:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\LEAPS
[2012/08/18 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leawo
[2008/07/19 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Locktime
[2012/04/25 08:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Millennia
[2012/12/13 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\mjusbsp
[2009/07/19 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2010/04/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NetView
[2012/10/29 07:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Newsbin
[2012/04/24 14:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ntr
[2012/11/01 18:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Nuance
[2013/01/25 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ObviousIdea
[2013/01/05 08:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeRecovery
[2012/01/02 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OpenOffice.org
[2011/06/01 08:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PCDr
[2012/05/03 12:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasus Mail
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Pegasys Inc
[2012/10/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PKWARE
[2011/12/02 09:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Qualys
[2008/07/09 14:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\r2 Studios
[2012/10/29 08:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Remind-Me
[2012/04/27 16:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2011/01/16 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Smart PDF Converter
[2012/10/26 15:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SmartDraw
[2013/02/06 07:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Software Informer
[2008/07/08 07:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spearit
[2008/07/09 14:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Spell Catcher Plus
[2013/01/26 22:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Subversion
[2010/10/29 07:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SyncSquare
[2012/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\SystemRequirementsLab
[2011/03/30 13:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TeamViewer
[2011/10/26 09:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Thinstall
[2012/08/18 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tiger-k
[2008/07/09 14:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Topaz Moment
[2012/10/29 07:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Trillian
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\URSoft
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VERITAS
[2010/06/08 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\VSO
[2008/07/09 14:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\WildPackets
[2012/11/11 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Wireshark
[2012/11/12 13:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Zeon

========== Purity Check ==========



< End of report >
  • 0

#34
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Did the Bit Defender icon come back? The OTL scan shows that the program is still running at start up.
  • 0

#35
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I realize it's running. I do not have the icon. That is why I would either like to repair it (2012) or install 2013 version.

Thanks,

Docfxit
  • 0

#36
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

I've been discussing this with colleagues and I have some questions.

Did you move the BitDefender quarantine folder? I ask this because I think the default location folder of the Quarantine folder is C:\ProgramData\BitDefender\Desktop\Quarantine, and the location in the files you posted shows C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\.

The Spy-The-Spy files that you posted showed the following:

C:\Dnload\Bitdefender 2011 crack.rar Win32/RiskWare.HackAV.IS application

This looks like BitDefender was installed from a cracked copy.
Where did you get the BitDefender program?
  • 0

#37
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Hi,

I've been discussing this with colleagues and I have some questions.

Did you move the BitDefender quarantine folder? I ask this because I think the default location folder of the Quarantine folder is C:\ProgramData\BitDefender\Desktop\Quarantine, and the location in the files you posted shows C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\.


I did not move the quarantine folder. You would be correct if this was on a Win7 PC. Since we are working with XP Pro the folder C:\ProgramData is not on the PC.

The Spy-The-Spy files that you posted showed the following:

C:\Dnload\Bitdefender 2011 crack.rar Win32/RiskWare.HackAV.IS application

This looks like BitDefender was installed from a cracked copy.
Where did you get the BitDefender program?


That information wouldn't have come from Spy-The-Spy. It would have come from Eset.

That file is from when I couldn't get Bitdefender running, and Bitdefender told me to try ver. 2011 and there download site wasn't working. I installed that with Sandboxie at the time so it wouldn't affect anything else on this PC. I found why Bitdefender wouldn't install because there were registry entries from Computer Associates Antivirus that the special removal tool didn't remove. After I cleaned up the registry Bitdefender 2012 installed just fine. I don't need that file any longer and I can delete it. If you check with Bitdefender you will find that I have a fully licensed version on this computer and 11 other computers.


Thank you,

Docfxit
  • 0

#38
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I did not move the quarantine folder. You would be correct if this was on a Win7 PC. Since we are working with XP Pro the folder C:\ProgramData is not on the PC.

You are correct. I forgot this was XP.

That information wouldn't have come from Spy-The-Spy. It would have come from Eset.

Thanks for the clairification. Since there wasn't anything indicating where the files came from I assumed it was Spy-The-Spy.

That file is from when I couldn't get Bitdefender running, and Bitdefender told me to try ver. 2011 and there download site wasn't working. I installed that with Sandboxie at the time so it wouldn't affect anything else on this PC. I found why Bitdefender wouldn't install because there were registry entries from Computer Associates Antivirus that the special removal tool didn't remove. After I cleaned up the registry Bitdefender 2012 installed just fine. I don't need that file any longer and I can delete it. If you check with Bitdefender you will find that I have a fully licensed version on this computer and 11 other computers.

Fair enough. I don't need to check with BitDefender, I was just looking for possible causes.

I have one more question to ask. Then we will clean up the things that ESET found and clear the restore points.

When that is done you can try the repair option in BitDefender. If that doesn't bring the icon back, you will probable need to uninstall the program and then reinstall it. Remember to stop it from running before uninstalling it.

Have you had any external drives connected to the computer? I ask because all of the OTL scans have shown the following drives:

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.17 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

But the MalwareBytes scan found the following:
Files Detected: 2
C:\Excursion9.5\ex2.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\$recycle.bin\s-1-5-21-2709080071-1371776929-3630506870-1000\$rlrgyhd.exe (Trojan.Inject) -> Quarantined and deleted successfully.

Do you know where the D: drive came from?


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:PROCESSES
killallprocesses

:COMMANDS
[createrestorepoint]

:FILES
C:\Batch\hstart.exe
C:\Dnload\Corel WinDVD Pro 11.0.0.342.521748\Corel.WinDVD.Pro.v11.0.Keymaker-CORE.rar
C:\Dnload\Revelation 1.1\Revelation.exe
C:\Dnload\Revelation 2.0\Revelation.exe
C:\Dnload\Revelation 2.0\RevelationHelper.dll
C:\Dnload\SpywareRemovers\MGtools\Process.exe
C:\Dnload\SpywareRemovers\VirtumundoBeGone.exe
C:\Dnload\Advanced_Port_Scanner.exe
C:\Dnload\Aircrack.zip
C:\Dnload\Bitdefender 2011 crack.rar
C:\Dnload\CodeCompareVer.1.0.4.zip
C:\Dnload\cpu-z_1.61.5-setup-en.exe
C:\Dnload\DuplicateCleaner_setupVer.2.1b.exe
C:\Dnload\FoxitReader543.0920_enu_Setup.exe
C:\Dnload\hwmonitor_1.20-setup.exe
C:\Dnload\iDump_mediawidgettrialtype30setup.exe
C:\Dnload\ImgBurn_2.5.7.0.exe
C:\Dnload\magicBlockSetup_v1-2.exe
C:\Dnload\Open_Ports_Scanner_v2_4_Virus.exe
C:\Dnload\paperscanfree_zip.exe
C:\Dnload\passrec.zip
C:\Dnload\port scanner.exe
C:\Dnload\siw-setupVer2011.exe
C:\Dnload\undeleteplus_setup_ver.3.0.3.424.exe
C:\Dnload\Unlocker1.9.1.exe
C:\Dnload\VideoPerformerSetup.exe
C:\Dnload\Windows_XP_Professional_SP3_x32_June_2012___SATA_Drivers_[ThumperDC].exe
C:\Dnload\wirelesskeyview-x64.zip
C:\Dnload\wirelesskeyview.zip
C:\Program Files\NView3x\TcpPatch\EvID4226Patch223d-de.zip

:COMMANDS
[reboot]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer.
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
    System Restore will now be active again.

Step-3.

I think ESET may have listed some files that were false positives so we need to get some additional files scanned.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\MGtools\Process.exe
    C:\Program Files\Common Files\Smarthome\Device Manager\SDM2Server.exe
    C:\Program Files\Common Files\Smarthome\Device Manager\SDM3.exe
    C:\Program Files\Lantronix\TFTP FirmwareUpdate\tftpd32.exe
    C:\Program Files\PCmover\x32\cppwdsvc.exe
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 6 for each file listed.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The VirusTotal results or links
  • 0

#39
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts

Fair enough. I don't need to check with BitDefender, I was just looking for possible causes.

And I do appreciate you looking for anything that may cause this problem. That's why I came to you. I couldn't find it.

I have one more question to ask. Then we will clean up the things that ESET found and clear the restore points.

When that is done you can try the repair option in BitDefender. If that doesn't bring the icon back, you will probable need to uninstall the program and then reinstall it. Remember to stop it from running before uninstalling it.

Have you had any external drives connected to the computer? I ask because all of the OTL scans have shown the following drives:

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 200.27 Gb Total Space | 122.17 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
Drive F: | 70.17 Gb Total Space | 69.04 Gb Free Space | 98.39% Space Free | Partition Type: NTFS

But the MalwareBytes scan found the following:
Files Detected: 2
C:\Excursion9.5\ex2.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\$recycle.bin\s-1-5-21-2709080071-1371776929-3630506870-1000\$rlrgyhd.exe (Trojan.Inject) -> Quarantined and deleted successfully.

Do you know where the D: drive came from?


Yes. My F: drive I use to put the backup files on from backing up my C: drive
The D: drive is hidden from XP. I has Win7 on it. It's a dual boot.
I was surprised to see that Malwarebytes did see the drive.
I have run Malwarebytes on the Win7 drive recently and it didn't find anything. I was really surprised it found anything on that drive.

========== PROCESSES ==========
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Batch\hstart.exe not found.
File\Folder C:\Dnload\Corel WinDVD Pro 11.0.0.342.521748\Corel.WinDVD.Pro.v11.0.Keymaker-CORE.rar not found.
File\Folder C:\Dnload\Revelation 1.1\Revelation.exe not found.
File\Folder C:\Dnload\Revelation 2.0\Revelation.exe not found.
File\Folder C:\Dnload\Revelation 2.0\RevelationHelper.dll not found.
C:\Dnload\SpywareRemovers\MGtools\Process.exe moved successfully.
C:\Dnload\SpywareRemovers\VirtumundoBeGone.exe moved successfully.
File\Folder C:\Dnload\Advanced_Port_Scanner.exe not found.
File\Folder C:\Dnload\Aircrack.zip not found.
File\Folder C:\Dnload\Bitdefender 2011 crack.rar not found.
File\Folder C:\Dnload\CodeCompareVer.1.0.4.zip not found.
File\Folder C:\Dnload\cpu-z_1.61.5-setup-en.exe not found.
C:\Dnload\DuplicateCleaner_setupVer.2.1b.exe moved successfully.
C:\Dnload\FoxitReader543.0920_enu_Setup.exe moved successfully.
File\Folder C:\Dnload\hwmonitor_1.20-setup.exe not found.
File\Folder C:\Dnload\iDump_mediawidgettrialtype30setup.exe not found.
File\Folder C:\Dnload\ImgBurn_2.5.7.0.exe not found.
File\Folder C:\Dnload\magicBlockSetup_v1-2.exe not found.
File\Folder C:\Dnload\Open_Ports_Scanner_v2_4_Virus.exe not found.
File\Folder C:\Dnload\paperscanfree_zip.exe not found.
File\Folder C:\Dnload\passrec.zip not found.
File\Folder C:\Dnload\port scanner.exe not found.
File\Folder C:\Dnload\siw-setupVer2011.exe not found.
C:\Dnload\undeleteplus_setup_ver.3.0.3.424.exe moved successfully.
File\Folder C:\Dnload\Unlocker1.9.1.exe not found.
File\Folder C:\Dnload\VideoPerformerSetup.exe not found.
File\Folder C:\Dnload\Windows_XP_Professional_SP3_x32_June_2012___SATA_Drivers_[ThumperDC].exe not found.
File\Folder C:\Dnload\wirelesskeyview-x64.zip not found.
File\Folder C:\Dnload\wirelesskeyview.zip not found.
File\Folder C:\Program Files\NView3x\TcpPatch\EvID4226Patch223d-de.zip not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 02072013_111536

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Process.exe
https://www.virustot...sis/1360276853/

SDM2Server.exe
https://www.virustot...sis/1360333165/

SDM3.exe
https://www.virustot...sis/1360333322/

tftpd32.exe
https://www.virustot...sis/1360333627/

cppwdsvc.exe
https://www.virustot...sis/1360333747/

Thank you for your time to check all of this.

Docfxit
  • 0

#40
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the information. Makes more sense now.
The files that we scanned apparently weren't false positives.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\MGtools\Process.exe
C:\Program Files\Common Files\Smarthome\Device Manager\SDM2Server.exe
C:\Program Files\Common Files\Smarthome\Device Manager\SDM3.exe
C:\Program Files\Lantronix\TFTP FirmwareUpdate\tftpd32.exe
C:\Program Files\PCmover\x32\cppwdsvc.exe.

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Clearing and resetting the restore points should have prevented BitDefender from alerting on those again.

For the other files, it appears that BitDefender is alerting on its own quarantine folder:

C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup[1].exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0060592.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\agent_setup[1].exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060592.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061496.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0060594.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061492.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061493.exe
C:\\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe
C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Quarantine\\temp\A0061496.exe...


BitDefender can't disenfect the files, it just moves them to the quarantine folder. See this BitDefender page
I would recommend that you have BitDefender rescan them according to the instructions. If the files are clean they will be restored automatically, according to the instructions.
If they don't get restored then they are infected but by default BitDefender won't delete them until they are more than 30 days old. The BitDefender page will tell you how to delete them.

Once we get this sorted out we are gonna need to talk about the D: drive

Post the new OTL fixes log please
  • 0

Advertisements


#41
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\MGtools\Process.exe not found.
File\Folder C:\Program Files\Common Files\Smarthome\Device Manager\SDM2Server.exe not found.
File\Folder C:\Program Files\Common Files\Smarthome\Device Manager\SDM3.exe not found.
File\Folder C:\Program Files\Lantronix\TFTP FirmwareUpdate\tftpd32.exe not found.
File\Folder C:\Program Files\PCmover\x32\cppwdsvc.exe. not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: ASPNET
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 790377 bytes
->Temporary Internet Files folder emptied: 147523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5321879 bytes
->Flash cache emptied: 0 bytes

User: GaryT
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: QBPOSDBSrvUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: scans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02082013_191710

Files\Folders moved on Reboot...
C:\Documents and Settings\Gary\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\WINDOWS\temp\tmp00006d24\tmp00000000 not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I have removed all quarantined items in Bitdefender. Hopefully this will resolve the problem.

Thank you very much,

Docfxit
  • 0

#42
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Now we want to look for programs that are out of date. Some of these programs, like Java and Adobe Reader, are notorious for security holes. Once any out of date programs have been updated we will be ready to clean up and I will post some suggestions on how to keep your computer more secure.


Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the checkup.txt log
  • 0

#43
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpyTheSpy
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
DH Driver Cleaner Professional Edition
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.5.502.149
````````Process Check: objlist.exe by Laurent````````
Gary Desktop MalwareCleanUp SecurityCheck2.exe
Bitdefender Bitdefender 2012 vsserv.exe
Bitdefender Bitdefender 2012 updatesrv.exe
Bitdefender Bitdefender 2012 bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
  • 0

#44
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Your Java is out of date. Below is some important information on Java and instructions on how to update it if that's what you decide to do.

Let me know when this is done and then we need to discuss the file that MalwareBytes found on the D:\ drive.

Posted Image UPDATE JAVA

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
If you still want to update your Java, follow the instructions below:

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u13
  • Click the "Download JRE" button to the right.
  • On the JSE Downloads page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u3 heading:
  • For Windows 32 bit systems, look for Windows x86 Offline, click the jre-7u13-windows-i586.exe file and save it to your desktop.
  • Close any programs you may have running - especially your web browser.

Clear the Java Cache

Click here and follow the instructions to clear the cache.

Uninstall all versions of Java

  • Click Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program and remove all older versions of Java.
  • Click to (highlight) any Java item. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
  • Click the Remove or Change/Remove button and follow the on screen instructions for the Java uninstaller.
  • Click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
Install Java

  • Back on your desktop double-click on the jre-7u13-windows-i586.exe file to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall ComboFix
  • Click Start, then click Run. This will display the Run dialogue box .
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/", it needs to be there) then click OK

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled
Step-3.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image


Step-4.

OTL Cleanup
1. Please copy all of the text in the Quote box below (Do Not copy the word Quote). To do this, highlight everything inside the Quote box (except the word Quote) , right click and click Copy.
  • :COMMANDS
    [EMPTYTEMP]

  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-5.

Delete the following Files and Folders (If Present):

MBR.dat
SecurityCheck.exe
checkup.txt
The VirusTotal links
(If you saved them)
The Java set up file if you reinstalled it

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-6.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.

Step-7.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer.
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
    System Restore will now be active again.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.

1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#45
docfxit

docfxit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Thank you for all the great support in trying to remove this problem.

I have followed the instructions on updating to the latest Java.
After running Security check it still says I have Java 7 13 installed and that Java is out of date.

I have not continued to Uninstall what we have used yet.

In C:\Program Files\Java\
I only have one folder called jre7

I don't see any other Java installed.

Thanks,

Docfxit
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP