Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Norton Security Suite is indicating I have a Trojan Gen 2 infection

Started by Hercules40 , Feb 04 2013 09:51 PM

  • Please log in to reply

#1
Hercules40
Posted 04 February 2013 - 09:51 PM

Hercules40

    New Member

  • Member
  • Pip
  • 3 posts
  • I have Norton Security Suite version 3.8.3.6. The Software was provided by my ISP, Comcast (now known as Xfinity).
  • The software is set to scan 4 times a week and is updated continuously.
  • I am behind a router and a software firewall.
  • I run Malwarebytes Anti-Malware on a Regular basis.
  • I also run Spybot Search and Destroy on a Regular Basis.
  • I also occasionally, for a piece of mind, will run some free Anti-virus like Avast or AVG or Kapersky Labs.

Now for the problems: A few months ago (August last year?), I noticed Firefox (I very rarely use IE for anything), being extremely SLOW to load. Also, extremely slow when switching tabs, and so on. Mind you, I am only on a 3.0 Mbps connection, but still, some times it feels like dial-up. Then the PC was shut down for over a month in January while I was away and when I came back and turned it back on and updated everything I started seeing a Norton Anti-Virus pop-up stating: "That Trojan Gen 2 was detected and stopped". Apparently, this message has been there since October?

Here's one of the files infected:

"C:\documents and settings\mike\application data\winlive\winlive.dll"

The other one is:

"C:\documents and settings\mike\application data\mcommon\windowsliveupdate.exe"


On my network, which consists of the occasional work laptop (which is highly locked-down and is not connected to the Workgroup I have created), I also have two TiVos, a Nook, another occasional tablet and an occasional visiting smart phone. My wife's laptop is the other Workgroup PC.

I am having trouble with Firefox on the wife's laptop as well (as in how slow it is to come-up and respond to commands etc.)

When I loaded Chrome on the PC (main computer / main problem), I could not get it to work properly, with all the apps I needed (such as Ad-blocking software) so I am wondering if something is inhibiting it.

So, my findings so far: Am I as knowledgeable as the people I am asking help from? [bleep] no. I am finding out I know nothing. Yes, I've been a PC technician for 15 years, but that means nothing when faced with something like this. I am missing something OR I am not seeing something in "HijackThis" log. Last run of Spyware Search and Destroy found some minor search bars, but I am guessing those are my recent fault when I got duped by an advert for "Speed Up My PC". They're now gone. And as I've said, Malwarebytes Anti-Malware came-up empty in FULL SCAN mode and Quick SCAN mode. I also run Hitbox which found some tracking cookies on my wife's side of the PC (her account -- she does not surf on the admin account, or in my account for security purposes.)

I am running OTL by OldTimer right now, so I'll be posting that log shortly if you need it.

A couple more pieces of info:
  • I am on Windows XP SP3 (completely patched). -- This is an older DELL Dimension 4700 (it does the job for what I Do with it).
  • Norton Power Eraser (what Symantec recommended) found nothing after a scan
  • Back, after the October Windows XP patch went out, my computer crashed... It did not like something in that patch. I had to go back and use System Restore. However, after the System Restore, I re-patched and everything "seemed" to be ok, except the slowness of everything crept-up by a factor of 10.

So, do I need to re-install? I have a copy of Windows 7 that I have been holding onto for a new PC build, OR can this machine be cleaned?

Can anyone help me?

PS. If this machine is infected and needs to be cleaned, I might need help cleaning the other one as well, the wife's laptop.

Thanks for your help AHEAD of time. Thanks for taking up my case.

Edited by Hercules40, 04 February 2013 - 11:46 PM.

  • 0

Advertisements

#2
Hercules40
Posted 04 February 2013 - 11:50 PM

Hercules40

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here's the OTL output which consists of the
OTL.txt file and
Extras.txt file.

I don't like what I am seeing in my HOSTS file, but I have no clues.

SO I NEED MAJOR HELP AT HIS POINT.

Thanks.
MP

OTL logfile created on: 2/4/2013 9:13:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mike\My Documents\My Downloads\OldTimer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 21.14% Memory free
3.85 Gb Paging File | 2.33 Gb Available in Paging File | 60.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 53.15 Gb Free Space | 35.67% Space Free | Partition Type: NTFS
Drive F: | 60.46 Mb Total Space | 9.56 Mb Free Space | 15.81% Space Free | Partition Type: FAT32
Drive G: | 465.76 Gb Total Space | 95.52 Gb Free Space | 20.51% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 96.76 Gb Free Space | 10.39% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 383.52 Gb Free Space | 20.59% Space Free | Partition Type: NTFS
Drive J: | 55.86 Gb Total Space | 51.29 Gb Free Space | 91.81% Space Free | Partition Type: FAT32
Drive K: | 1863.01 Gb Total Space | 1156.25 Gb Free Space | 62.06% Space Free | Partition Type: NTFS
Drive L: | 37.24 Gb Total Space | 23.46 Gb Free Space | 62.99% Space Free | Partition Type: FAT32
Drive M: | 232.83 Gb Total Space | 216.64 Gb Free Space | 93.05% Space Free | Partition Type: FAT32

Computer Name: PAPAG06 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/04 12:53:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\My Documents\My Downloads\OldTimer\OTL.exe
PRC - [2013/02/03 20:01:26 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/02/01 22:40:12 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/01/22 09:38:29 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/26 17:32:24 | 003,256,208 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe
PRC - [2012/12/08 17:05:10 | 000,217,088 | ---- | M] () -- C:\KMTTG\service\win32\bin\wrapper.exe
PRC - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/09/15 23:26:13 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/01 00:21:25 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/01 00:21:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\system32\java.exe
PRC - [2011/10/11 19:34:47 | 000,443,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.3.6\MCUI32.exe
PRC - [2011/10/11 19:34:47 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2010/08/24 17:47:52 | 000,026,624 | ---- | M] () -- C:\Python26\python.exe
PRC - [2010/08/24 17:02:28 | 000,856,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\Plus\TranscodingService.exe
PRC - [2010/08/24 17:02:20 | 000,608,528 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
PRC - [2010/08/24 17:02:18 | 002,264,336 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2010/08/24 17:02:14 | 000,437,520 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2010/08/24 17:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/25 23:32:20 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\MaxSync.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/05/02 17:59:14 | 000,077,824 | ---- | M] () -- C:\Program Files\pyTivo\pyTivoService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/09/28 02:34:58 | 000,790,651 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
PRC - [2007/06/21 18:16:50 | 000,245,760 | ---- | M] () -- C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
PRC - [2007/05/31 14:54:12 | 000,675,840 | ---- | M] (Sonix) -- C:\WINDOWS\vspc1300.exe
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========

MOD - [2013/01/22 09:38:28 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/20 12:36:19 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/08 17:05:12 | 000,192,512 | ---- | M] () -- C:\KMTTG\service\win32\bin\lib\wrapper.dll
MOD - [2012/11/01 11:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/09/17 11:48:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 07:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/08/24 17:48:54 | 000,011,776 | ---- | M] () -- C:\Python26\DLLs\select.pyd
MOD - [2010/08/24 17:48:52 | 000,286,208 | ---- | M] () -- C:\Python26\DLLs\_hashlib.pyd
MOD - [2010/08/24 17:48:02 | 000,720,896 | ---- | M] () -- C:\Python26\DLLs\_ssl.pyd
MOD - [2010/08/24 17:47:52 | 000,026,624 | ---- | M] () -- C:\Python26\python.exe
MOD - [2010/08/24 17:47:50 | 000,040,448 | ---- | M] () -- C:\Python26\DLLs\_socket.pyd
MOD - [2010/08/24 16:40:42 | 000,259,584 | ---- | M] () -- C:\Program Files\TiVo\Desktop\Id3Lib.dll
MOD - [2010/05/17 22:51:14 | 000,716,800 | ---- | M] () -- C:\Program Files\TiVo\Desktop\loudmouth.dll
MOD - [2009/12/20 19:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2009/09/25 23:32:18 | 000,066,856 | ---- | M] () -- C:\Program Files\Seagate\SeagateManager\Sync\ExtensionFilter.dll
MOD - [2009/04/27 11:55:12 | 000,678,400 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2008/05/02 17:59:14 | 000,077,824 | ---- | M] () -- C:\Program Files\pyTivo\pyTivoService.exe
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/21 18:16:50 | 000,245,760 | ---- | M] () -- C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe
MOD - [2007/04/02 06:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/03/29 15:38:18 | 000,068,344 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2003/01/30 07:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\TiVo\Desktop\StlpMt45.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/02/03 20:01:26 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/01/22 09:38:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/08 17:05:10 | 000,217,088 | ---- | M] () [Auto | Running] -- C:\KMTTG\service\win32\bin\wrapper.exe -- (kmttg)
SRV - [2012/09/01 00:21:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 16:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/11 19:34:47 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2010/08/24 17:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/02 17:59:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\pyTivo\pyTivoService.exe -- (pyTivo)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/08/10 04:11:14 | 000,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 04:10:50 | 000,294,912 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\DU Meter\DUM_XP32.SYS -- (DUMeterDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mike\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/02 08:51:12 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130203.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/02/02 08:51:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/02/02 08:51:12 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130203.009\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/18 16:45:00 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130201.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/11/26 16:34:28 | 000,052,728 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\networx.sys -- (networx)
DRV - [2012/09/25 01:37:22 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/10/11 19:34:47 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011/10/11 19:34:47 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/10/11 19:34:47 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011/10/11 19:34:47 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symndis.sys -- (SYMNDIS)
DRV - [2011/10/11 19:34:47 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symids.sys -- (SYMIDS)
DRV - [2011/05/24 17:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/11/11 17:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/06/25 11:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/20 16:24:23 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/20 16:24:15 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2010/03/20 16:24:15 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2010/03/20 16:24:15 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2010/03/20 16:24:15 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/03/20 16:24:15 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/03/20 16:24:14 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/22 13:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/14 12:08:40 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/12/11 10:23:24 | 003,036,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\spc1300.sys -- (SPC1300)
DRV - [2008/05/07 10:40:04 | 000,088,704 | R--- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/27 04:53:00 | 000,079,232 | R--- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2007/03/10 12:09:56 | 000,009,368 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/10 12:09:34 | 000,098,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/10 12:09:34 | 000,094,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/10 12:09:34 | 000,035,800 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/10 12:09:32 | 000,027,416 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/10 12:09:30 | 000,033,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/10 12:09:30 | 000,016,568 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/10 12:09:28 | 000,108,696 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/02 08:40:52 | 000,030,296 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/02 08:40:52 | 000,014,840 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/09 04:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/07/29 01:57:20 | 000,040,448 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 08 C9 4F 85 21 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{AF4B0F1F-31CA-4C23-8E2C-BD4495528D48}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: delicious%40vjkarunapg.com:2.3.1
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: hidefbticker%40shebo.com:1.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: sortplaces%40andyhalford.com:1.9.2
FF - prefs.js..extensions.enabledAddons: togglepersona%40davidvincent.tld:1.0.9
FF - prefs.js..extensions.enabledAddons: %7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.4.38.1
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bc7b204cd-707e-4d13-b5c4-8eb3ce6f3f52%7D:0.5
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: NoiaFoxoption%40davidvincent.tld:2.0.8
FF - prefs.js..extensions.enabledAddons: Noia4Options%40ArisT2:1.7.7
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.1.0
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6
FF - prefs.js..extensions.enabledAddons: hotfix%40mozilla.org:2.0
FF - prefs.js..extensions.enabledAddons: %7B8545daff-ad1e-493f-a37e-eed1ac79682b%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Bfaf13420-5e24-11e0-80e3-0800200c9a66%7D:1.7.7
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.76
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.5
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {c7d1f80d-de65-49ee-852b-2b00b3b19a5d}:0.74
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..keyword.URL: "http://search.hotspo...lts.php?c=s&q="
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Mike\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Mike\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/11/02 17:21:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/01 10:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/25 22:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/01 01:28:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/19 15:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/22 09:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/22 09:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/18 17:39:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/18 17:39:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Move Networks [2009/08/12 09:18:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/25 22:05:55 | 000,000,000 | ---D | M]

[2010/11/15 15:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2010/11/15 15:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/23 20:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Extensions
[2012/11/25 22:05:55 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix
[2013/01/31 22:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions
[2013/01/20 12:29:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/11/30 10:07:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 08:18:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/18 09:15:14 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2013/01/20 12:29:46 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/07/06 19:13:35 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2012/11/16 18:36:26 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/11/15 23:54:15 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/06/09 15:43:01 | 000,000,000 | ---D | M] (Bargain Book Mole) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{c7b204cd-707e-4d13-b5c4-8eb3ce6f3f52}
[2011/06/22 01:00:39 | 000,000,000 | ---D | M] (Delicious Extension) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/10/02 09:47:18 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2013/01/29 01:12:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2013/01/31 22:57:27 | 000,130,828 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/11/16 23:16:00 | 000,284,001 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/07/05 14:04:31 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2011/10/11 13:37:13 | 000,006,902 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/12/01 12:23:34 | 000,106,259 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/12/01 12:23:33 | 000,066,364 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2011/11/08 20:42:45 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/03/31 23:39:17 | 000,081,251 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/05/25 09:43:31 | 000,009,880 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/11/09 14:52:51 | 000,213,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\[email protected]
[2012/11/19 10:47:37 | 000,097,169 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/11/30 22:16:43 | 002,284,120 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2011/11/08 20:00:58 | 000,010,021 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{BEA8BE00-5A43-4f04-9753-6FE4567C6E5A}.xpi
[2013/01/31 20:32:34 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/01 12:23:33 | 001,527,378 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2008/11/17 17:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2010/06/14 11:30:08 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\searchplugins\bing.xml
[2013/02/03 17:00:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/22 09:38:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/03 17:00:06 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2012/09/01 01:28:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/11/19 15:32:43 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/22 09:38:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/01 01:26:35 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 19:16:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/09 14:58:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/14 17:16:30 | 000,444,321 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15263 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Auto EPSON WorkForce 500 Series on TOMMYBOY] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON WorkForce 500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin1300.lnk = C:\Program Files\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe ()
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\BTGuard Updates.lnk = C:\BTGUARD\settings.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1276534724156 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1250310112921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362FD1DA-0A69-4936-94D1-93E796AA25B2}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E77CE94-F73B-41B0-B897-94B6ACB4D0A1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/22 21:55:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/14 22:05:38 | 000,000,067 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/07/20 12:53:14 | 000,000,067 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 19:54:52 | 000,000,170 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2005/01/11 17:13:32 | 000,000,000 | RH-D | M] - J:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - J:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012/02/23 22:02:32 | 000,000,037 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/10/14 10:33:12 | 000,000,000 | RH-D | M] - L:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - L:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - M:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - M:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 17:54:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/04 00:00:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mike\My Documents\My TiVo Recordings
[2013/02/03 20:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/02/03 20:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/03 19:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/02/03 11:07:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mike\Recent
[2013/01/31 22:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\WD FAT32 Formatter
[2013/01/31 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corp
[2013/01/31 14:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\NPE
[2013/01/31 14:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USPS
[2013/01/26 09:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/01/22 09:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/04 22:13:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-764733703-1177238915-1004UA.job
[2013/02/04 21:44:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-764733703-1177238915-1003UA.job
[2013/02/04 21:31:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/04 17:56:30 | 000,003,964 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/04 17:13:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-764733703-1177238915-1004Core.job
[2013/02/04 11:58:48 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-764733703-1177238915-1003Core.job
[2013/02/04 00:31:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 20:59:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-764733703-1177238915-1003.job
[2013/02/03 20:57:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-764733703-1177238915-1003.job
[2013/02/03 20:57:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/03 20:56:11 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2013/02/03 20:56:08 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-764733703-1177238915-1004.job
[2013/02/03 20:54:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/03 20:54:22 | 463,425,536 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/02/03 11:04:44 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/03 10:42:05 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SMRResults311.dat
[2013/01/31 21:08:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2013/01/29 16:25:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/29 14:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-764733703-1177238915-1004.job
[2013/01/26 16:14:30 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/24 04:38:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume G Task.job
[2013/01/24 01:38:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/01/20 12:36:22 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/20 12:36:21 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/19 22:02:29 | 000,527,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/19 22:02:29 | 000,096,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/05 23:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/03 10:42:05 | 000,000,340 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SMRResults311.dat
[2013/01/31 09:01:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-764733703-1177238915-1003.job
[2012/05/25 10:09:28 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\dtsdecoderdll.dll
[2012/05/25 10:09:24 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2012/05/03 16:36:20 | 000,025,807 | ---- | C] () -- C:\Documents and Settings\Mike\peerblock.dmp
[2012/04/23 14:11:03 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\PUTTY.RND
[2012/02/16 11:07:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/04 01:06:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/11/03 18:44:29 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\rx_image.Cache
[2011/10/24 23:24:00 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Mike\.kmttg_settings
[2011/06/09 16:12:24 | 000,073,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/07 12:32:21 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 19:08:30 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/24 20:52:28 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/24 20:52:24 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/24 20:52:24 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/03/31 13:08:30 | 000,004,216 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\rx_audio.Cache
[2010/01/13 20:21:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Action Clauses
[2010/01/13 20:21:45 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Mike\Application Data\vhosts
[2010/01/13 20:21:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/13 20:17:27 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\AccountTypes
[2010/01/13 20:17:27 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Mike\Application Data\manual
[2010/01/13 20:17:27 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/28 20:10:11 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/10/17 12:08:16 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2009/06/01 17:30:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/30 19:58:52 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\wwqyt5a1.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/03/29 13:06:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mike\Desktop\SECONDARY TOOLS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mike\Desktop\MAIN TOOLS:Roxio EMC Stream
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3440EB47
@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281

< End of report >

Attached Files


  • 0

#3
Hercules40
Posted 06 February 2013 - 04:01 PM

Hercules40

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
So, anyone?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP