Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Kaz.1711 returns after deletion by MS Security Essents.


  • Please log in to reply

#1
pascal333

pascal333

    New Member

  • Member
  • Pip
  • 1 posts
I am infected with Kaz 18117. It is detected by Bit Defender and MS Security Essentials claims to have removed it. But ir reoccurs immediatele, so it is a continuous loop of Bit Defender and MS SE popups. The problem hides in a Tmp file and is not accessible to most things. I have started in Safe Mode and cleaned out the TEMP files, but the bad TEMP file in Windows/TEMP is recreated as tmp00...0xxx is upon standard startup. I have run the full sacn by Bit Defender, the full scan by MS Security Essentials and Hitman Pro and the onling antivirus programs from reliable companies that I can find, including Kapersky and ESET. Both found bad things I was not aware of but did not cure this aggrevating problem.

Here is the log from the OTL Log:

OTL logfile created on: 5/27/2011 2:51:23 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\User\Desktop\virus killers
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.11% Memory free
4.00 Gb Paging File | 2.50 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 114.19 Gb Free Space | 76.61% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 58.74 Gb Free Space | 39.42% Space Free | Partition Type: NTFS
Drive G: | 233.75 Gb Total Space | 120.17 Gb Free Space | 51.41% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1779.27 Gb Free Space | 95.50% Space Free | Partition Type: NTFS

Computer Name: SILVER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/25 10:39:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\virus killers\OTL.exe
PRC - [2011/05/24 23:20:40 | 000,376,352 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/05/24 23:20:38 | 001,713,712 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2011/05/19 07:11:59 | 002,084,848 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/05/19 07:11:54 | 001,449,368 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/05/11 12:52:52 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
PRC - [2011/04/19 05:51:07 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/04/19 05:35:38 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2011/04/15 02:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/24 19:47:02 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011/03/24 19:46:02 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/03/24 04:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/03/11 23:22:35 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/09 13:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 16:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/11/12 04:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/07/10 16:53:52 | 000,372,736 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Virtual Account Numbers\CitiVAN.exe
PRC - [2009/07/10 16:50:36 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\System32\OBroker.exe
PRC - [2008/03/18 17:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [1997/07/11 01:00:00 | 000,122,880 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE


========== Modules (SafeList) ==========

MOD - [2011/05/25 10:39:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\virus killers\OTL.exe
MOD - [2011/04/12 08:51:56 | 000,276,992 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_nt.m32
MOD - [2011/03/14 20:36:16 | 000,166,912 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_extra.m32
MOD - [2011/03/14 20:35:18 | 000,089,600 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_net.m32
MOD - [2011/03/14 20:35:00 | 000,657,408 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_fragments.m32
MOD - [2011/03/14 20:34:32 | 000,120,832 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_registry.m32
MOD - [2011/03/14 20:34:16 | 000,136,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\plugin_base.m32
MOD - [2011/03/14 20:29:50 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2011\Active Virus Control\Midas_00088_002\midas32.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/24 23:20:40 | 000,376,352 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/05/19 07:11:59 | 002,084,848 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/04/19 05:35:38 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2011/04/15 02:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/24 19:46:02 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011/03/24 04:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/03/11 23:22:35 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/03/10 19:22:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/28 03:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 01:20:46 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43BDCF73-EF30-4BFD-B28E-D966EDF893C5}\MpKsla2e47ad5.sys -- (MpKsla2e47ad5)
DRV - [2011/05/26 04:41:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43BDCF73-EF30-4BFD-B28E-D966EDF893C5}\MpKsl4f8da061.sys -- (MpKsl4f8da061)
DRV - [2011/05/24 23:03:58 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/04/24 15:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/04/12 09:18:53 | 000,307,784 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011/04/12 07:31:57 | 000,105,152 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/03/24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/03/24 04:24:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/03/12 01:08:31 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/11 23:22:38 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011/03/11 23:22:30 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2011/03/11 23:22:25 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011/03/11 23:22:14 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/11/29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010/11/29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 05:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 05:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 03:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/24 10:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 10:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 10:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010/08/24 10:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/08/20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010/08/20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010/05/13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/04/29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (HTCAND32)
DRV - [2010/04/29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/10 14:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/19 08:10:54 | 000,310,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW24B.sys -- (MRV6X32U) Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/03/02 05:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 23:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 23:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 23:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/07/26 22:26:08 | 000,024,059 | ---- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CW50.sys -- (CW50)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 66 7B B5 78 E0 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011/04/12 08:46:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files\Virtual Account Numbers [2011/04/13 09:50:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/04/19 05:52:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox [2011/04/26 14:41:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2011/04/26 14:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/25 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/29 07:05:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011/04/12 08:46:33 | 000,000,000 | ---D | M]

[2011/05/24 05:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/03/11 21:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/26 04:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3164z29i.default\extensions
[2011/05/16 13:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3164z29i.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2011/05/24 05:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/26 04:40:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\User\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - !{472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Citi Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DeskCalc] c:\program files\deskcalc pro\deskcalc.exe (DeskCalc GbR)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Download All By FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra 'Tools' menuitem : Set Fields - {320AF880-6646-11D3-ABEE-C5DBF3571F52} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/09/22 23:11:49 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/02 14:30:52 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *bddel.exe) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/26 10:28:52 | 000,000,000 | ---D | C] -- C:\New folder
[2011/05/26 10:23:32 | 000,000,000 | ---D | C] -- C:\MONEY
[2011/05/26 03:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011/05/26 03:08:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\QFX Software
[2011/05/26 03:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2011/05/25 17:40:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/25 17:40:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2011/05/25 16:05:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/25 16:05:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/25 16:05:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/25 16:00:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/25 15:43:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 15:42:47 | 004,293,906 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/05/25 15:20:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/25 12:17:33 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2011/05/25 12:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2011/05/25 12:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2011/05/25 12:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2011/05/25 11:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/05/25 11:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/05/25 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\temp
[2011/05/24 12:14:36 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Xilisoft
[2011/05/24 12:14:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Xilisoft
[2011/05/24 12:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011/05/24 12:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2011/05/24 12:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2011/05/24 12:07:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BSD
[2011/05/24 12:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaWidget
[2011/05/24 12:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BSD
[2011/05/24 12:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BSD
[2011/05/24 12:06:48 | 002,219,008 | ---- | C] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2011/05/24 12:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Media Widget
[2011/05/24 10:01:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ParetoLogic
[2011/05/24 10:01:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DriverCure
[2011/05/24 10:01:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/05/24 10:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/05/24 10:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/05/24 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/05/24 09:13:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\avz
[2011/05/24 09:07:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\virus killers
[2011/05/24 06:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Say the Time
[2011/05/23 13:57:59 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Downloads
[2011/05/23 07:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/22 14:48:12 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/05/22 10:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/05/22 10:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/05/21 23:55:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\licenses
[2011/05/21 23:55:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PCMM2009
[2011/05/21 23:54:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PCMM2011
[2011/05/21 23:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2011/05/19 02:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/19 02:13:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2011/05/19 02:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/19 02:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/19 02:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/19 02:13:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/19 02:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/18 10:24:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/05/18 10:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/05/16 14:57:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\iphone 2 & 3
[2011/05/16 14:05:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\grn pois0n
[2011/05/16 13:09:52 | 000,440,072 | ---- | C] (InstallCore ©) -- C:\Users\User\Desktop\WhiteSmokeInstaller_9128.exe.dap
[2011/05/14 08:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Config
[2011/05/14 08:11:14 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\System32\cdintf400.dll
[2011/05/14 08:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2010
[2011/05/14 07:36:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Quicken
[2011/05/14 06:52:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Intuit
[2011/05/14 06:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit
[2011/05/11 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MediaGet2
[2011/05/10 10:35:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\i-fun-box
[2011/05/10 06:00:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2011/05/08 06:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2011/05/08 06:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/05/08 06:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2011/05/07 18:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2011/05/07 18:57:11 | 000,225,856 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2011/05/07 18:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2011/05/05 17:14:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Uniblue
[2011/05/05 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/05/04 13:07:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Binreader
[2011/05/04 10:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 8.0.1 Home Edition
[2011/05/04 10:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/05/01 06:36:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/01 06:30:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TechSmith
[2011/04/30 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ImTOO
[2011/04/30 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ImTOO
[2011/04/30 19:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
[2011/04/30 18:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ImTOO
[2011/04/30 18:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2011/04/30 08:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011/04/28 16:13:18 | 000,000,000 | ---D | C] -- C:\Windows\MSAgent
[2011/04/28 16:08:54 | 000,000,000 | ---D | C] -- C:\hotfix
[2011/04/28 10:35:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/04/28 10:32:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/04/28 10:26:01 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2007/04/09 13:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe

========== Files - Modified Within 30 Days ==========

[2011/05/27 12:53:09 | 000,023,040 | ---- | M] () -- C:\Windows\System32\bddel.exe
[2011/05/27 12:53:06 | 000,017,778 | ---- | M] () -- C:\Windows\System32\bddel.dat
[2011/05/27 12:17:19 | 001,481,059 | ---- | M] () -- C:\Users\User\Documents\GLIbrochure.pdf
[2011/05/27 12:16:40 | 000,067,561 | ---- | M] () -- C:\Users\User\Documents\specialneeds.pdf
[2011/05/27 11:29:46 | 000,000,006 | ---- | M] () -- C:\Users\User\Documents\ver.new
[2011/05/27 10:27:52 | 000,004,336 | ---- | M] () -- C:\Windows\System32\.rsp
[2011/05/27 10:27:52 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2011/05/27 01:27:54 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/27 01:27:54 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/27 01:25:00 | 000,627,632 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/27 01:25:00 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/27 01:20:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/27 01:20:22 | 1609,166,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 01:19:24 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/05/27 01:19:24 | 000,031,056 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/05/27 01:19:24 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/05/27 01:19:24 | 000,030,528 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/05/27 01:19:24 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2011/05/26 11:07:27 | 000,000,764 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/26 05:53:02 | 000,001,157 | ---- | M] () -- C:\Users\User\Desktop\BillMeLater.qif
[2011/05/26 05:40:13 | 000,146,518 | ---- | M] () -- C:\Users\User\Desktop\xl2qif.zip
[2011/05/26 04:40:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/26 03:40:21 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/05/25 16:01:07 | 004,293,906 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2011/05/25 13:48:30 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/25 13:48:30 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/05/25 13:46:01 | 000,000,578 | ---- | M] () -- C:\Users\User\Documents\Say the Time Notes.xml
[2011/05/25 13:46:01 | 000,000,053 | ---- | M] () -- C:\Users\User\Documents\Say the Time Reminders.xml
[2011/05/25 12:25:13 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/25 10:32:21 | 000,938,568 | ---- | M] () -- C:\Users\User\Desktop\west view.jpg
[2011/05/24 23:03:58 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2011/05/24 12:14:14 | 000,002,141 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft iPhone Transfer.lnk
[2011/05/24 12:14:14 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft iPhone Transfer.lnk
[2011/05/24 12:06:58 | 000,000,952 | ---- | M] () -- C:\Users\User\Desktop\MediaWidget.lnk
[2011/05/24 10:08:28 | 000,000,000 | -H-- | M] () -- C:\Users\User\Documents\Default.rdp
[2011/05/24 10:01:36 | 000,001,071 | ---- | M] () -- C:\Users\User\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/23 22:17:45 | 338,056,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/23 06:40:37 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/23 06:13:00 | 000,001,494 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/05/22 14:40:42 | 000,185,569 | ---- | M] () -- C:\Users\User\Desktop\statement_20110516.pdf
[2011/05/22 10:07:59 | 000,001,053 | ---- | M] () -- C:\Users\User\Desktop\Sandboxed Web Browser.lnk
[2011/05/22 10:07:59 | 000,001,053 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/05/22 06:18:50 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/22 06:18:50 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/20 08:11:50 | 001,359,906 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/19 18:12:19 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/05/19 02:32:42 | 000,513,032 | ---- | M] () -- C:\Users\User\Desktop\sdasetup.exe
[2011/05/19 02:13:34 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 10:23:50 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/16 13:09:55 | 000,440,072 | ---- | M] (InstallCore ©) -- C:\Users\User\Desktop\WhiteSmokeInstaller_9128.exe.dap
[2011/05/16 10:36:48 | 000,010,385 | ---- | M] () -- C:\Users\User\Desktop\gettin hackuous.png
[2011/05/14 08:11:10 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
[2011/05/14 08:10:52 | 000,000,165 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/05/11 12:53:00 | 002,219,008 | ---- | M] (Bootstrap Development, LLC.) -- C:\Windows\bsdsetup.dll
[2011/05/11 06:40:17 | 001,893,498 | ---- | M] () -- C:\Users\User\Documents\http___www.worldstart.com_ebook_sample__email=ew_johnson@yahoo.pdf
[2011/05/09 11:12:54 | 000,000,109 | ---- | M] () -- C:\Users\User\Desktop\ws-ultimate-freeware.pdf
[2011/05/09 06:54:55 | 004,200,608 | ---- | M] () -- C:\Users\User\Desktop\ws_ultimate_electronics_buyers_guide.pdf
[2011/05/09 06:53:48 | 000,168,104 | ---- | M] () -- C:\Users\User\Desktop\worldstart_ultimate_shortcut_list.pdf
[2011/05/08 06:22:14 | 000,000,064 | ---- | M] () -- C:\Windows\qwimp.ini
[2011/05/07 16:50:11 | 001,194,678 | ---- | M] () -- C:\Users\User\Desktop\bmp.bmp
[2011/05/05 08:26:18 | 000,001,871 | ---- | M] () -- C:\Users\User\Desktop\DeskCalc.lnk
[2011/05/04 10:25:52 | 000,001,416 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/04/30 19:01:00 | 000,002,110 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO iPhone Transfer.lnk
[2011/04/30 19:01:00 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO iPhone Transfer.lnk
[2011/04/30 08:59:55 | 000,002,060 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2011/04/30 08:59:55 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 10.lnk
[2011/04/28 14:08:07 | 000,001,258 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/04/28 11:05:26 | 000,289,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/27 12:17:12 | 001,481,059 | ---- | C] () -- C:\Users\User\Documents\GLIbrochure.pdf
[2011/05/27 12:16:40 | 000,067,561 | ---- | C] () -- C:\Users\User\Documents\specialneeds.pdf
[2011/05/27 03:53:17 | 000,023,040 | ---- | C] () -- C:\Windows\System32\bddel.exe
[2011/05/26 10:47:03 | 000,000,764 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/26 05:45:26 | 000,001,157 | ---- | C] () -- C:\Users\User\Desktop\BillMeLater.qif
[2011/05/26 05:40:13 | 000,146,518 | ---- | C] () -- C:\Users\User\Desktop\xl2qif.zip
[2011/05/26 04:52:25 | 000,185,569 | ---- | C] () -- C:\Users\User\Desktop\statement_20110516.pdf
[2011/05/26 03:39:55 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/05/25 16:05:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/25 16:05:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/25 16:05:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/25 16:05:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/25 16:05:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/25 13:52:57 | 000,004,336 | ---- | C] () -- C:\Windows\System32\.rsp
[2011/05/25 13:52:57 | 000,001,479 | ---- | C] () -- C:\Windows\System32\.lck
[2011/05/25 13:46:01 | 000,000,578 | ---- | C] () -- C:\Users\User\Documents\Say the Time Notes.xml
[2011/05/25 13:46:01 | 000,000,053 | ---- | C] () -- C:\Users\User\Documents\Say the Time Reminders.xml
[2011/05/25 12:25:13 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/25 10:32:07 | 000,938,568 | ---- | C] () -- C:\Users\User\Desktop\west view.jpg
[2011/05/24 12:14:14 | 000,002,141 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft iPhone Transfer.lnk
[2011/05/24 12:14:14 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft iPhone Transfer.lnk
[2011/05/24 12:06:58 | 000,000,952 | ---- | C] () -- C:\Users\User\Desktop\MediaWidget.lnk
[2011/05/24 10:08:28 | 000,000,000 | -H-- | C] () -- C:\Users\User\Documents\Default.rdp
[2011/05/24 10:01:36 | 000,001,071 | ---- | C] () -- C:\Users\User\Desktop\ParetoLogic PC Health Advisor.lnk
[2011/05/24 10:01:34 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/05/24 10:01:32 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/05/22 10:11:41 | 000,001,053 | ---- | C] () -- C:\Users\User\Desktop\Sandboxed Web Browser.lnk
[2011/05/22 10:11:41 | 000,001,053 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2011/05/22 10:11:38 | 000,001,494 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/05/21 23:52:26 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/05/21 23:30:32 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/05/21 22:17:59 | 338,056,096 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/20 08:11:06 | 001,359,906 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/19 02:32:44 | 000,513,032 | ---- | C] () -- C:\Users\User\Desktop\sdasetup.exe
[2011/05/19 02:13:34 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 10:23:50 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/05/18 10:23:50 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/05/16 10:33:56 | 000,010,385 | ---- | C] () -- C:\Users\User\Desktop\gettin hackuous.png
[2011/05/14 08:11:10 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
[2011/05/11 06:40:17 | 001,893,498 | ---- | C] () -- C:\Users\User\Documents\http___www.worldstart.com_ebook_sample__email=ew_johnson@yahoo.pdf
[2011/05/09 11:12:53 | 000,000,109 | ---- | C] () -- C:\Users\User\Desktop\ws-ultimate-freeware.pdf
[2011/05/09 06:54:29 | 004,200,608 | ---- | C] () -- C:\Users\User\Desktop\ws_ultimate_electronics_buyers_guide.pdf
[2011/05/09 06:53:53 | 000,168,104 | ---- | C] () -- C:\Users\User\Desktop\worldstart_ultimate_shortcut_list.pdf
[2011/05/08 06:22:14 | 000,000,064 | ---- | C] () -- C:\Windows\qwimp.ini
[2011/05/08 06:10:52 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/05/04 10:25:52 | 000,001,416 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\EASEUS Partition Master 8.0.1 Home Edition.lnk
[2011/05/04 10:25:51 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/05/04 10:25:50 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/05/04 10:25:50 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/05/04 10:25:50 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/05/04 10:25:49 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/04/30 19:01:00 | 000,002,110 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO iPhone Transfer.lnk
[2011/04/30 19:01:00 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO iPhone Transfer.lnk
[2011/04/30 08:59:55 | 000,002,591 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
[2011/04/30 08:59:55 | 000,002,060 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 10.lnk
[2011/04/30 08:59:55 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 10.lnk
[2011/04/28 10:27:32 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/04/28 10:25:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/28 10:25:20 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/04/28 10:25:04 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/04/27 19:34:15 | 000,017,778 | ---- | C] () -- C:\Windows\System32\bddel.dat
[2011/04/22 12:29:45 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/19 06:28:23 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2011/04/12 17:29:14 | 000,001,167 | ---- | C] () -- C:\Windows\Deskcalc.INI
[2011/04/12 09:27:39 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2011/04/12 06:13:50 | 000,143,570 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/04/12 05:52:51 | 000,000,598 | ---- | C] () -- C:\Windows\System32\secushr.dat
[2011/04/12 05:52:30 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/03/11 23:38:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/03/11 21:55:34 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/11 21:55:34 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/10 19:04:06 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,289,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,627,632 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/04/09 13:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2007/04/09 13:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2007/04/09 13:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2007/04/09 13:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2007/04/09 13:21:44 | 000,048,128 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2007/04/09 13:21:28 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2007/04/09 13:19:44 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2007/04/09 13:19:36 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2007/04/09 13:19:36 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2007/04/09 13:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2007/04/09 13:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2007/04/09 13:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[1997/07/11 01:00:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/03/27 20:49:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acronis
[2011/05/04 13:13:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Binreader
[2011/04/12 08:46:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitDefender
[2011/05/11 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011/05/24 12:07:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSD
[2011/03/12 01:09:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011/05/24 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DriverCure
[2011/04/12 05:52:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2011/04/12 05:52:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2011/03/12 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImgBurn
[2011/04/30 19:04:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ImTOO
[2011/03/12 00:41:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011/05/22 00:03:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\licenses
[2011/05/24 10:01:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ParetoLogic
[2011/05/22 00:00:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCMM2009
[2011/05/21 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCMM2011
[2011/05/26 03:08:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
[2011/04/12 06:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QuickScan
[2011/03/12 00:47:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RoboForm
[2011/05/18 11:10:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011/05/01 06:30:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TechSmith
[2011/04/14 07:03:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca
[2011/03/11 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2011/05/05 17:14:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Uniblue
[2011/05/24 12:14:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Xilisoft
[2011/05/22 06:18:50 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/05/22 06:18:50 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/05/25 13:48:30 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/05/25 13:48:30 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2009/07/13 21:53:46 | 000,026,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 10 bytes -> C:\Users\User\Documents\USMoneyDlxSunset.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\User\Desktop\sdasetup.exe:BDU

< End of report >
  • 0

Advertisements







Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP