Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUM.Hijack.TaskManager help, please

Started by inzeo , Jul 15 2011 03:30 PM

  • Please log in to reply

#1
inzeo
Posted 15 July 2011 - 03:30 PM

inzeo

    Member

  • Member
  • PipPip
  • 47 posts
Noticed system seeming slow the last two days. As I am really a novice who wishes to be intermediate, i figured I was imagining it. While surfing noticed chrome seemed to crash. Tried to open taskmanager and everything froze. Hit Ctrl-Alt-Delete and nothing happened. Walked away to give the comp time and everything seemed normal after a few minutes (5+) then had the following brainstorms thinking maybe I [bleep]ed up and got a virus or trojan. I always seem to have too many processes running and am never sure what needs to run and what doesn't. so I did the following...

A)Ran a quick scan (MBAM) after noticing process hacker (my task manager) wouldn't open. Found this...(Included log below as it probably does a better time explaining than i do)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

B)Ran quarantine as program suggested, restarted... found it again...repeated....started typing here.

C) Ran otl...Log Below

On a side note anything else you notice that might be a "good idea" to take care of I'd love to hear about. (especially how to keep my daughters leapfrog program from always starting up on it's own)

I really appreciate any help and look forward to getting the quality assistance you all always provide me.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7152

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/15/2011 1:54:54 PM
mbam-log-2011-07-15 (13-54-54).txt

Scan type: Quick scan
Objects scanned: 180141
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 7/15/2011 1:55:55 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Owner\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 55.75% Memory free
6.70 Gb Paging File | 5.17 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 929.44 Gb Total Space | 507.46 Gb Free Space | 54.60% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.10 Gb Free Space | 54.79% Space Free | Partition Type: NTFS
Drive E: | 463.69 Gb Total Space | 304.75 Gb Free Space | 65.72% Space Free | Partition Type: NTFS
Drive G: | 2.00 Gb Total Space | 1.19 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 881.04 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
Drive I: | 596.17 Gb Total Space | 595.61 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 897.54 Gb Free Space | 48.18% Space Free | Partition Type: NTFS
Drive K: | 3.77 Gb Total Space | 3.77 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive L: | 596.17 Gb Total Space | 113.29 Gb Free Space | 19.00% Space Free | Partition Type: NTFS
Drive R: | 3.79 Gb Total Space | 3.79 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/15 13:51:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 09:34:44 | 000,853,504 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
PRC - [2011/02/10 19:05:44 | 000,967,168 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/16 19:02:52 | 000,107,008 | ---- | M] (Montpellier-Informatique) -- C:\Program Files\Predator2\PredatorACE.exe
PRC - [2010/09/16 19:02:50 | 000,402,944 | ---- | M] (Montpellier-Informatique) -- C:\Program Files\Predator2\Predator.exe
PRC - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2010/05/04 19:15:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/05/04 19:14:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/12/21 09:03:16 | 000,350,720 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2009/12/21 09:03:12 | 000,492,032 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2009/06/10 06:22:22 | 000,334,224 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2011/07/15 13:51:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/11/04 11:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/12/20 18:44:44 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2009/12/20 18:43:02 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2004/08/25 20:23:14 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Script\Windows Script Control\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (STSService)
SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/16 19:02:52 | 000,107,008 | ---- | M] (Montpellier-Informatique) [Auto | Running] -- C:\Program Files\Predator2\PredatorACE.exe -- (PredatorACE)
SRV - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/05/04 19:14:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/12/04 05:07:26 | 000,285,696 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/04/15 10:47:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2011/07/15 13:39:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50E3B952-E457-43D4-B255-F795EB5D45E5}\MpKslc999d14f.sys -- (MpKslc999d14f)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/28 18:31:08 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/08/12 15:14:40 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/26 11:30:17 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/24 20:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2010/05/04 19:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/05/04 19:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/05/04 19:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/04 18:23:00 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/10 04:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/30 07:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/11/14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/11/12 17:02:46 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/09/29 13:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/09/10 13:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/01/15 04:25:24 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/11/13 01:21:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 04:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/03/20 20:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/12/28 06:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\9kdUSBXP.sys -- (SNL320XP)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2005/05/03 08:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://whatreallyhappened.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2.4
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0.14
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.20110211
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:2.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.131046
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {BB359C50-BFC9-4f40-8302-3FE5A499A859}:3.6.1
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71
FF - prefs.js..extensions.enabledItems: {a78f0ac6-753b-491b-9021-cd2aec3502d9}:3.6


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/06/12 15:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 18:46:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 07:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/07/12 12:19:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions
[2009/08/05 08:24:15 | 000,000,000 | ---D | M] (Options Menu) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{1a6907cb-d310-4d82-bded-c0dd31f8d9a2}
[2009/11/02 14:37:04 | 000,000,000 | ---D | M] (Objection) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{289F3A4A-F3FF-4173-B994-DBC887E9C468}
[2011/03/10 08:12:22 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/02/07 08:29:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011/03/22 07:47:05 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/06/01 16:04:15 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(63)
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(89)
[2011/06/28 18:31:51 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/04/17 09:53:08 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/06/17 15:19:59 | 000,000,000 | ---D | M] (Penn State Nittany Lions) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{a78f0ac6-753b-491b-9021-cd2aec3502d9}
[2009/06/10 22:57:05 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2011/06/26 14:28:28 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/07/23 00:55:24 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/11/03 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2011/03/11 21:37:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/14 20:22:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(64)
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011/06/29 07:01:55 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/03/10 21:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trash
[2010/01/18 13:32:18 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/09/14 20:42:14 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2011/06/17 07:54:11 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/15 22:19:31 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](61).com
[2011/03/22 19:20:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/03/22 07:46:58 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/04/21 09:06:46 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/08/13 19:10:21 | 000,000,000 | ---D | M] (FlashLoader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/06/17 07:54:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/08 14:21:08 | 000,000,000 | ---D | M] (gui:config) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/12/21 23:53:40 | 000,000,000 | ---D | M] ("Handytag") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/11/10 19:02:32 | 000,000,000 | ---D | M] (Magnetiser) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/07/21 13:46:01 | 000,000,000 | ---D | M] (Next Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (Omnibar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](62).com
[2011/03/11 21:37:52 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/06/29 07:01:47 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](88).com
[2011/06/21 14:50:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/11/27 21:03:51 | 000,000,000 | ---D | M] (Tabberwocky) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/01/23 20:47:39 | 000,000,000 | ---D | M] (Tagmarks) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/02/21 22:53:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/05/11 07:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Sunbird\Profiles\uwu58twj.default\extensions
[2009/08/20 16:58:43 | 000,001,625 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\searchplugins\startpage-https.xml
[2011/06/25 18:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/13 15:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WVYMB9Q7.DEFAULT\EXTENSIONS\[email protected]
[2011/01/31 15:23:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/02 06:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/01/17 04:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2010/01/18 13:32:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/07/02 08:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/15 12:28:08 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011/01/02 00:04:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [Predator] C:\Program Files\Predator2\Predator.exe (Montpellier-Informatique)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll (MH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/07/13 10:02:16 | 000,000,000 | ---- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 13:50:57 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/13 03:20:12 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 03:18:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 03:18:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/10 18:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/07/08 13:41:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Groovedown 0.65
[2011/07/06 18:23:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2011/07/06 18:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Cracker
[2011/07/06 18:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Cracker
[2011/07/06 18:09:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Sun
[2011/07/06 18:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011/07/06 18:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityXploded
[2011/07/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/07/06 17:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/07/06 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2011/07/02 07:14:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Drew.Careys.Improv.A.Ganza.S01.WEBRip.XviD-SPUNX
[2011/07/01 15:01:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Teleca
[2011/07/01 15:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2011/07/01 14:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011/07/01 14:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011/07/01 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011/06/30 13:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\Acunetix
[2011/06/30 13:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Havij
[2011/06/30 13:29:37 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.ocx
[2011/06/30 13:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Havij
[2011/06/28 17:49:35 | 000,394,240 | ---- | C] (Progrimax Corporation) -- C:\Users\Owner\Desktop\Grooveshark.exe
[2011/06/28 13:33:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Groovedown 0.64
[2011/06/28 11:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TKM17
[2011/06/28 11:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\TKM17
[2011/06/28 08:52:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Klub 17
[2011/06/28 08:50:40 | 000,000,000 | ---D | C] -- C:\TheKlub17
[2011/06/23 15:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/06/23 09:27:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Game of Thrones
[2011/06/19 22:04:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\BlackBerry
[2011/06/19 22:03:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Research In Motion
[2011/06/19 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2011/06/19 00:05:59 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/06/19 00:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/06/19 00:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2011/06/19 00:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2011/06/18 19:28:38 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/06/15 20:56:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/15 20:56:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/15 20:56:01 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/15 20:56:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/15 20:56:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/15 20:56:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/15 20:56:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 20:55:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/15 20:55:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/15 20:55:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/15 20:55:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 20:55:58 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/15 20:55:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/15 20:55:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/15 20:55:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/15 20:55:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/15 20:55:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/15 13:51:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/07/15 13:47:46 | 000,002,399 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2011/07/15 13:47:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 13:39:49 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 13:39:49 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/15 13:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/15 13:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000UA.job
[2011/07/15 13:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 11:54:45 | 000,037,888 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 11:54:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/07/15 08:40:16 | 000,674,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/15 08:40:16 | 000,130,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/14 14:23:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000Core.job
[2011/07/14 08:16:51 | 000,295,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/13 23:34:56 | 000,035,291 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2011/07/12 11:36:35 | 000,041,184 | ---- | M] () -- C:\Users\Owner\Documents\Order confirmation.pdf
[2011/07/12 11:36:35 | 000,041,184 | ---- | M] () -- C:\Users\Owner\Documents\burts beesOrder confirmation.pdf
[2011/07/12 11:36:35 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Documents\FOXIT_PDF
[2011/07/10 17:57:57 | 000,000,854 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2011/07/09 23:19:24 | 000,002,255 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/09 09:58:15 | 000,000,872 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/07 23:06:03 | 183,515,494 | ---- | M] () -- C:\Users\Owner\Desktop\Futurama.S06E17.HDTV.XviD-ASAP.avi
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/06 12:35:34 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/07/05 17:54:32 | 000,000,531 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Grooveshark.exe - Shortcut (2).lnk
[2011/07/01 22:49:28 | 000,051,134 | ---- | M] () -- C:\Users\Owner\Desktop\450.jpg
[2011/07/01 15:01:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/06/30 13:55:58 | 000,000,140 | ---- | M] () -- C:\Windows\System32\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2011/06/30 13:52:32 | 000,000,810 | ---- | M] () -- C:\Windows\WVS_InstDBLogFile.csv
[2011/06/30 13:51:31 | 000,000,016 | ---- | M] () -- C:\Windows\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/06/30 12:57:58 | 000,138,056 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
[2011/06/29 13:38:24 | 000,000,479 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Grooveshark.exe - Shortcut.lnk
[2011/06/28 13:30:44 | 004,018,120 | ---- | M] () -- C:\Users\Owner\Documents\groovedown-0-64-en.rar
[2011/06/25 21:11:05 | 000,020,085 | ---- | M] () -- C:\Users\Owner\Desktop\tim list.odt
[2011/06/19 00:06:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/06/19 00:06:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/18 15:01:01 | 000,000,947 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ShadowCopy.lnk
[2011/06/18 14:48:04 | 000,000,938 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/06/18 08:46:13 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2011/06/15 18:28:59 | 000,000,943 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 23:34:56 | 000,035,291 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2011/07/12 11:36:54 | 000,041,184 | ---- | C] () -- C:\Users\Owner\Documents\burts beesOrder confirmation.pdf
[2011/07/10 17:57:57 | 000,000,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2011/07/09 09:58:15 | 000,000,872 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/07 22:30:25 | 183,515,494 | ---- | C] () -- C:\Users\Owner\Desktop\Futurama.S06E17.HDTV.XviD-ASAP.avi
[2011/07/05 17:54:32 | 000,000,531 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Grooveshark.exe - Shortcut (2).lnk
[2011/07/01 22:49:27 | 000,051,134 | ---- | C] () -- C:\Users\Owner\Desktop\450.jpg
[2011/07/01 15:01:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011/06/30 13:55:58 | 000,000,140 | ---- | C] () -- C:\Windows\System32\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2011/06/30 13:51:31 | 000,000,810 | ---- | C] () -- C:\Windows\WVS_InstDBLogFile.csv
[2011/06/30 13:51:31 | 000,000,016 | ---- | C] () -- C:\Windows\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/06/30 12:57:58 | 000,138,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
[2011/06/29 13:38:24 | 000,000,479 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Grooveshark.exe - Shortcut.lnk
[2011/06/28 13:31:00 | 004,018,120 | ---- | C] () -- C:\Users\Owner\Documents\groovedown-0-64-en.rar
[2011/06/23 13:02:39 | 000,020,085 | ---- | C] () -- C:\Users\Owner\Desktop\tim list.odt
[2011/06/19 00:06:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01009.Wdf
[2011/06/19 00:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/19 00:06:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011/06/18 15:01:01 | 000,000,947 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ShadowCopy.lnk
[2011/06/18 14:48:04 | 000,000,938 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/06/18 11:19:40 | 000,041,184 | ---- | C] () -- C:\Users\Owner\Documents\Order confirmation.pdf
[2011/06/15 18:28:59 | 000,000,943 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Audacity 1.3 Beta (Unicode).lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/13 15:08:39 | 000,000,703 | ---- | C] () -- C:\Windows\NewsRover.INI
[2011/03/13 14:36:19 | 000,108,992 | ---- | C] () -- C:\Windows\News Rover Uninstaller.exe
[2011/02/19 16:29:55 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/01/14 10:07:45 | 000,163,192 | ---- | C] () -- C:\Windows\hphins27.dat
[2011/01/14 10:07:45 | 000,000,703 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2011/01/01 23:53:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/01 23:53:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/01 23:53:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/01 23:53:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/01 23:53:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/08 14:12:09 | 000,000,029 | ---- | C] () -- C:\Windows\coolacm.ini
[2010/05/09 21:47:11 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2010/05/04 18:21:48 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/04/28 14:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/03/25 08:56:00 | 000,203,331 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/02/04 23:07:32 | 000,149,668 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/11/22 15:01:00 | 000,000,090 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.pls
[2009/11/16 10:21:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/13 13:11:12 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/10 15:07:10 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/05 08:54:35 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\sgeaxael3kiitbyhsirgbnkdqbs5vr4
[2009/09/14 22:53:15 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/09/14 10:55:42 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/07/02 16:15:34 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/06/29 23:05:57 | 000,001,890 | ---- | C] () -- C:\Windows\tefview.ini
[2009/06/06 16:12:59 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/06/05 21:33:08 | 000,006,371 | ---- | C] () -- C:\Windows\System32\hphmon05.dat
[2009/06/05 21:32:16 | 000,004,284 | ---- | C] () -- C:\Windows\hphmdl01.dat
[2009/05/29 09:00:09 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/05/29 08:59:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/29 08:58:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/10 18:31:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/10 18:16:51 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/05/09 22:10:16 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/05/06 20:48:55 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/05/06 12:11:04 | 000,000,453 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/05/05 23:48:12 | 000,528,384 | ---- | C] () -- C:\Windows\System32\BladeEnc.dll
[2009/05/05 23:48:12 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ShnDll32.dll
[2009/04/29 08:48:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/24 21:00:26 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2009/04/24 20:30:41 | 000,037,888 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 20:22:24 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/24 17:42:32 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2009/04/15 18:20:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/15 18:20:47 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/15 10:26:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/02/18 10:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 13:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006/11/02 05:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:46:27 | 000,295,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,674,802 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,130,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/09/12 07:30:28 | 000,018,248 | ---- | C] () -- C:\Windows\HPHins01.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\The.Royal.Wedding.2011.Part.Two.Wedding.Ceremony.and.Procession.HDTV.XviD-2HD-CD2.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\The.Royal.Wedding.2011.Part.One.Pre-Wedding.Preparations.and.Opening.of.Doors.HDTV.XviD-2HD-CD1.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Camelot.S01E04.720p.HDTV.X264-DIMENSION.mkv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Camelot.S01E03.720p.HDTV.X264-DIMENSION.mkv:TOC.WMV
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C9B27A06
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B1CFD78
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EC01D6D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8DD20B4A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7ADCE5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1E86ADD2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:151760F0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EE7AAC75
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DD36B71

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP