BleepingComputer.com: babylone toolbar

The page with babylon is still showing up

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  
  
• Please post the contents of OTL.txt in your next reply.

Gringo

i just downloaded the new explorer 9 and it's gone:)

Hello

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

• click ok

copy and paste the report into this topic for me to review

Gringo

OTL logfile created on: 16-2-2012 9:47:50 - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Tanya\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,93 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 47,33% Memory free
5,86 Gb Paging File | 4,48 Gb Available in Paging File | 76,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 225,09 Gb Free Space | 49,73% Space Free | Partition Type: NTFS
Drive D: | 12,90 Gb Total Space | 2,15 Gb Free Space | 16,67% Space Free | Partition Type: NTFS

Computer Name: TANYA-PC | User Name: Tanya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tanya\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe (Koninklijke Philips Electronics N.V.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
PRC - C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe ()
MOD - C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe ()
MOD - C:\Program Files (x86)\Manager for Voipbuster\VoipBusterMate.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (WFMC_VAD) WFMCVAD (WDM) -- C:\Windows\SysNative\drivers\wfmcvad.sys (WiFi Media Connect)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (StkTMini) -- C:\Windows\SysNative\drivers\StkTMini.sys (Syntek)
DRV:64bit: - (VF0470Vid) Live! Cam Notebook (VF0470) -- C:\Windows\SysNative\drivers\V0470Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (usbaudio) Stuurprogramma voor USB-audio (WDM) -- C:\Windows\SysWOW64\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\Windows\system32\drivers\usbhub.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQCON/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{E7DCA26F-5ACC-41A4-AF40-CBA2CD20B9E5}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http://217.64.59.190:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=74a9f0920000000000000a60768242f4&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=74a9f0920000000000000a60768242f4"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.728.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-08-06 13:35:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-01-17 01:20:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\eliteproxyswitcher@my-proxy.com:

[2010-02-18 16:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\mozilla\Extensions
[2010-02-18 16:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012-01-20 23:37:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanya\AppData\Roaming\mozilla\Firefox\Profiles\nt5x4yao.default\extensions
[2012-01-18 15:56:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Tanya\AppData\Roaming\mozilla\Firefox\Profiles\nt5x4yao.default\extensions\ffxtlbr@babylon.com
[2011-12-22 15:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-08-28 08:12:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011-10-25 08:05:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-12-22 15:03:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011-09-18 14:04:41 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
[2011-07-08 08:48:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-11-10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-01-18 15:56:44 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010-01-01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010-01-01 09:00:00 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2010-01-01 09:00:00 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2010-01-01 09:00:00 | 000,001,111 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\vandale-nl.xml
[2010-01-01 09:00:00 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012-02-14 20:15:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [C:\Windows\system32\V0470Ext.ax] C:\Windows\SysNative\V0470Ext.ax (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0470Cvw.dll] C:\Windows\SysWOW64\V0470Cvw.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [C:\Windows\SysWOW64\V0470Ext.ax] C:\Windows\SysWOW64\V0470Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Skype.lnk = C:\Program Files (x86)\Manager for Skype\Manager For Skype.exe ()
O4 - Startup: C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manager for Voipbuster.lnk = C:\Program Files (x86)\Manager for Voipbuster\ManagerForVoipbuster.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: 111222.cn ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: pps.tv ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstream.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstv.com ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: ppstv.net ([list1] http in Trusted sites)
O15 - HKU\S-1-5-21-2521898867-1464384672-1165248564-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://62.177.146.89/cab/OCXChecker_8120.cab (OCXDownloadChecker Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E733AE63-B4E8-468B-A7F6-6EF9B7C96652}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-02-16 01:25:54 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{38840B2B-11CC-4661-9FEE-D8A28F79012E}
[2012-02-16 01:25:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{AD643AB0-2AB8-469B-9ADD-256B9CB0C6C2}
[2012-02-16 00:12:29 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012-02-16 00:12:27 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012-02-16 00:12:27 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012-02-16 00:12:21 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012-02-15 08:05:57 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{E6B00671-B010-44E6-BC84-6C21F34A4E90}
[2012-02-15 08:05:34 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{115A1527-21E3-41ED-8F8B-1E3BE8E80216}
[2012-02-14 21:17:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-02-14 21:17:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-02-14 21:17:43 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-02-14 21:17:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-02-14 21:17:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-02-14 21:17:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-02-14 21:17:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-02-14 21:17:43 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-02-14 21:17:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-02-14 21:17:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-02-14 21:17:43 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-02-14 21:17:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-02-14 21:17:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-02-14 21:17:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-02-14 21:17:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-02-14 21:17:43 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-02-14 21:17:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-02-14 21:17:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-02-14 21:17:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-02-14 21:17:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-02-14 21:17:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-02-14 21:17:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-02-14 21:17:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-02-14 21:17:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-02-14 21:17:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-02-14 21:17:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-02-14 21:17:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-02-14 21:17:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-02-14 21:17:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-02-14 21:17:43 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-02-14 21:17:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-02-14 21:17:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-02-14 21:17:43 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-02-14 21:17:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-02-14 21:17:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-02-14 21:17:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-02-14 21:17:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-02-14 21:17:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-02-14 21:17:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-02-14 21:17:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-02-14 21:17:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-02-14 21:17:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-02-14 21:17:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-02-14 21:17:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-02-14 21:17:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-02-14 21:17:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-02-14 21:17:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-02-14 21:17:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-02-14 21:17:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-02-14 21:17:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-02-14 21:17:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-02-14 21:17:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-02-14 21:17:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-02-14 21:17:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-02-14 21:17:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-02-14 21:17:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-02-14 21:17:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-02-14 21:17:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-02-14 21:17:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-02-14 21:17:42 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-02-14 21:17:42 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-02-14 21:17:42 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-02-14 21:17:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-02-14 21:17:42 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-02-14 21:17:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-02-14 21:17:42 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-02-14 21:17:42 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-02-14 21:17:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-02-14 21:17:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-02-14 21:17:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-02-14 21:17:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-02-14 21:17:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-02-14 20:24:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-02-14 20:21:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-02-14 17:19:34 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Tanya\Desktop\aswMBR.exe
[2012-02-14 17:17:47 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
[2012-02-14 12:42:43 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{11DB18A9-D5FF-4736-B54E-1E338B861097}
[2012-02-14 12:42:20 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{7D234497-771E-4A99-96DA-BC866C642BB8}
[2012-02-14 08:48:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-02-14 08:48:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-02-14 08:48:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-02-14 08:48:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-02-14 08:48:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-02-14 08:46:29 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2012-02-13 21:43:37 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{88ECB188-2E31-4251-901C-0D58BAC44794}
[2012-02-13 21:43:26 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{9F03280C-32A7-414A-B100-BF2801FA9ADE}
[2012-02-13 21:43:15 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{35A34287-174D-4C47-8CAC-157B4D15F733}
[2012-02-13 21:42:53 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{4F01A39D-33E8-416D-A991-5FE6056DD4F8}
[2012-02-13 17:17:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tanya\Desktop\dds.scr
[2012-02-13 09:42:24 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{22BDBF63-3D62-498D-B96A-F72BB6D02C13}
[2012-02-13 09:41:50 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{EDD7142C-9AB4-4F62-B594-ECAA312BE2DE}
[2012-02-12 21:41:34 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{9028772E-48E3-4644-9401-5FC17DB8256D}
[2012-02-12 21:41:12 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{F887479D-E0D4-4614-AFF9-A2FAA9FBBC82}
[2012-02-12 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C9B9A162-078B-47CD-876E-AEBE53E61B77}
[2012-02-12 09:37:01 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{1656C97D-B78E-4C13-ADDB-BED15FC578EC}
[2012-02-12 09:36:49 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{688B7798-AACD-470D-B655-C5CDE3AB528A}
[2012-02-12 09:36:27 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{3BD93D13-ED9E-46EF-9991-664704F4ACCB}
[2012-02-11 21:36:14 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C0EDF992-E1DE-4C3F-BF9A-5CF7C57B2821}
[2012-02-11 21:36:03 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{943DE7D8-DAF4-4BE9-B974-3E28A41DF5E7}
[2012-02-11 21:35:52 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{751B5145-35A2-4109-97F4-9553886ED9C2}
[2012-02-11 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{540AC5FF-6743-43F9-BD93-1763419C2A52}
[2012-02-11 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{B4C4BC33-5BC1-49F4-9A5B-15444E765A5B}
[2012-02-11 09:34:49 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{498A552B-CF58-4D52-9DD5-778E6A8A02BC}
[2012-02-10 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{F6081016-00A2-476E-AFC0-E1D8E7CA23A1}
[2012-02-10 21:34:12 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{B02DF548-F042-450F-AC44-6A13107B1BEF}
[2012-02-10 09:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{69B15BC3-3E87-49F5-8640-2C78CC0CB0B4}
[2012-02-10 09:33:46 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{04C77401-739E-4597-AFFA-DD2C7D631421}
[2012-02-09 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{D53617FF-E83D-4564-ABBF-B1B441BD75B7}
[2012-02-09 21:33:10 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{85DA47B9-C090-44E0-A3E2-3801FFCAECCD}
[2012-02-09 14:50:50 | 000,000,000 | ---D | C] -- C:\Users\Tanya\Desktop\serena muziek
[2012-02-09 09:32:55 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C3F870BD-9B41-4D04-9446-836D8D8D7A28}
[2012-02-09 09:32:32 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0962D6EA-31F4-41B7-898D-57CC11AB8C85}
[2012-02-08 21:32:17 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{B46126E4-3C7B-4310-86E4-6133249952EA}
[2012-02-08 21:31:54 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{5B79F332-E1E5-4265-BE6C-04A607B784B6}
[2012-02-08 09:31:40 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{29F3E5E8-420D-4822-AB6E-597FB24324D3}
[2012-02-08 09:31:28 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{31B4F552-223A-4B80-A509-358B99600D6F}
[2012-02-07 21:31:14 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{69F3B3DC-3989-4D29-9558-EAC5AAA34AAC}
[2012-02-07 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{E9BE24CA-C422-49F1-8B01-1BABEB12A6AC}
[2012-02-07 09:30:38 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{7D7F7B77-CC89-4435-A08E-524F0DBA10DB}
[2012-02-07 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{6B895D03-4301-4722-9F0B-8D2A2FB05953}
[2012-02-06 21:30:02 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{47B91747-965E-41E1-AB5A-786358F01FDA}
[2012-02-06 21:29:38 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8DAB1365-DF6A-4EE5-897E-6C96BEDC5946}
[2012-02-06 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{03EB9CD5-F724-4B9B-A8E2-54ED56F0C652}
[2012-02-06 09:29:12 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{D55B1090-2E8D-4173-A5A1-FCF525712BED}
[2012-02-05 12:55:24 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8A25A1D8-8D0C-4E1D-B34B-5B90DA95B531}
[2012-02-05 12:55:12 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{F0F58228-4C53-44B6-904C-264D8298EF83}
[2012-02-04 21:19:02 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{3C154420-1E2D-4F1E-95FC-34EDABA5C2E4}
[2012-02-04 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{9F51CAB8-3F66-4FA0-84F3-667C4B65DA59}
[2012-02-04 09:18:13 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0B45AEE9-04AE-4ACE-9D1A-4E4B08D3879F}
[2012-02-04 09:14:25 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{1ED0A7AA-CB34-4623-AF21-99CE4D9B763F}
[2012-02-03 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{62429886-6576-4B92-9EBA-F2287E9B44D7}
[2012-02-03 20:23:20 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{F8C94F25-EA90-4361-B3AE-300025272B27}
[2012-02-03 08:22:54 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{BEA8D052-D28D-40BA-A74E-B8DCD09992A9}
[2012-02-03 08:22:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{DF79E2FE-55C7-4997-B78C-7A8DB1F90D07}
[2012-02-02 16:40:04 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{011B7785-9B9D-412B-A0B5-AC4A87E1F818}
[2012-02-02 16:39:41 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{1D3C60AF-63D6-423B-995A-77D2722C02BA}
[2012-02-02 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{92C24A34-C7D7-4355-B0AE-ED1935898E01}
[2012-02-02 13:40:51 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{6339B5DA-8414-491A-A087-964E0A13F4E0}
[2012-02-02 01:25:29 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{273A3DCA-E425-420E-BE55-31B394902B83}
[2012-02-02 01:25:06 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{24B84140-2975-4C87-BD36-84546ADA033A}
[2012-02-01 08:31:10 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{D43BC8CB-EE68-4F41-8660-7CE076C50C08}
[2012-02-01 08:30:47 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{1062A35A-D003-4A66-BF4E-FBDF30BF071A}
[2012-01-31 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{083898CB-0AEC-481C-AE15-4A72B1FA42DF}
[2012-01-31 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0DCF3CF9-FD9A-44D5-B52F-EBCEA1509823}
[2012-01-31 08:29:57 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8246B83A-3857-4FD3-9133-054423C59409}
[2012-01-30 20:29:21 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{6FDCA5CF-D9B7-4EF1-B7DB-FA42FA4DAD28}
[2012-01-30 20:29:10 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{5EE11621-1EA7-44A1-A664-7136D11581B7}
[2012-01-30 20:28:59 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{00FACA75-7057-4267-A0E4-91EBE831CFFA}
[2012-01-30 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-01-30 10:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-01-30 08:28:23 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C4F2683A-990B-44D6-985E-CAA9A00EE13F}
[2012-01-30 08:28:00 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8F365678-4C58-4817-A201-C411DF638BE1}
[2012-01-29 20:27:30 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{A40BD6ED-CAA6-4413-BC43-CED298B70E36}
[2012-01-29 20:27:19 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C3B33B04-D7B8-4407-A825-AE1ABC7218F0}
[2012-01-29 20:27:08 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{76493783-3819-441F-AC8F-38252F6927D7}
[2012-01-29 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{A46C5EAF-55B6-4959-8516-B78E237A6D59}
[2012-01-29 08:26:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{39429CA0-8344-4496-A8E6-C23D71AAB419}
[2012-01-29 08:26:19 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{71AFA793-B935-4341-BA15-0A94B27DF103}
[2012-01-28 10:23:50 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{77FAA3E9-BD6C-4E36-B507-4D92FF13AE81}
[2012-01-28 10:23:27 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C54DA175-785A-4E57-9CE4-9590D00EC88A}
[2012-01-27 22:05:58 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{764F3B8A-0962-48F9-9596-56146E29EA0E}
[2012-01-27 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{814810E9-5D97-4F4B-B458-3A35259DD202}
[2012-01-27 09:23:06 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{07F49EB1-9D98-48B4-96C7-358B62442CA4}
[2012-01-27 09:22:43 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0A498CD3-2535-4F58-AD24-E73ACF365B97}
[2012-01-26 21:22:17 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{87FE00F3-E64B-4A99-9532-43525FCD97B4}
[2012-01-26 21:21:55 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{06C4E46A-9D44-473E-8682-185490512086}
[2012-01-26 09:21:28 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{2561AF56-6FBE-4A69-B1EF-EAD4A0315D22}
[2012-01-26 09:21:06 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{68BD46B9-6A8B-43F4-8097-767F17C2CEFB}
[2012-01-25 16:44:28 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{110A79EF-1294-4ECC-871D-4097FCC220C8}
[2012-01-25 16:44:06 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{09D7865A-DA08-4F61-98EC-F084189CE2E3}
[2012-01-25 04:36:11 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{DFE67A4F-9E90-435E-B720-4DF94E9B1BA9}
[2012-01-25 04:35:48 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{26E79073-7AF3-40ED-AD73-D392A29BE782}
[2012-01-24 10:45:35 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{CCD9967F-0D41-4576-8B9D-6FEDE63282FB}
[2012-01-24 10:45:24 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{662C7377-100A-4C24-97D0-9DB6513BB4FB}
[2012-01-24 10:45:12 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{70FE484B-EF11-46A0-B74E-F71D131C5847}
[2012-01-23 22:44:59 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{F69B0962-58DA-4307-8BF7-55DE649A66A7}
[2012-01-23 22:44:48 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{79452882-4555-4595-A7DF-9148768D09EB}
[2012-01-23 22:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{74A52B35-595D-4E6F-9719-E6B762D85C9B}
[2012-01-23 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{A7618C61-6699-4D17-9883-52A862BA3BA7}
[2012-01-23 10:44:00 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0F1DF1AD-FB84-4A9A-8FB9-5B910D028B66}
[2012-01-23 10:43:37 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{DD907B09-2180-41FC-9063-E55A6E7D3A52}
[2012-01-22 22:43:24 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{99396592-E447-4237-A4E7-7658904CE71A}
[2012-01-22 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C8F9E8A7-07D9-44B0-AFDF-762D12B52D8B}
[2012-01-22 22:43:02 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{B8FD885C-AF0E-442B-9561-37B48BE7E6D7}
[2012-01-22 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{DCFF2645-E2E9-4ABB-B90E-29DFB5C37990}
[2012-01-22 10:42:24 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{3AF3A309-7F51-4A08-A2B0-A9E3682B67E5}
[2012-01-22 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{17C9102D-D953-45CD-A8F0-DA95F5EE1EA2}
[2012-01-21 22:41:45 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{904E5319-BC0C-4124-8E05-91D5F656D01E}
[2012-01-21 22:41:33 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0C68F330-B3AC-4BB4-B98C-C1CEE042FAB8}
[2012-01-21 22:41:21 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{639C93E3-F16F-4B89-9284-DF87F05F9974}
[2012-01-21 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{3C89C5AB-683E-4A0D-85E9-C8136756D46C}
[2012-01-21 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{33B31599-BE7E-4166-A67B-DB7C99666BA5}
[2012-01-21 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8EC4D1D2-5AAC-4660-AB1E-E1B355F0A9BE}
[2012-01-20 12:24:42 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{8554675E-A0FA-47ED-BD9D-D1E3AF9FD207}
[2012-01-20 12:24:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{46FF1DB1-F354-47DF-8222-3BCDB1E057CB}
[2012-01-20 12:24:20 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{C569E477-133D-4E61-BB6D-B7E2FA2CBD13}
[2012-01-20 00:24:06 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{2CEBF289-DA43-46F7-883B-BDAB38EE0AE7}
[2012-01-20 00:23:55 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{0CF8CE05-E73C-4DDF-9FF2-15FC4C814A08}
[2012-01-20 00:23:44 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{95BE796E-A61E-427C-AF51-0C5999ECAFD1}
[2012-01-20 00:23:22 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{A533D7A1-96D8-484E-8460-D49687A80E9F}
[2012-01-19 12:23:08 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{BE234913-7C73-431A-9185-62B97A976DFA}
[2012-01-19 12:22:45 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{94F9FF50-F7F0-435D-82D7-BC9C5F8F4BD0}
[2012-01-19 00:22:31 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{32446C64-37A8-450B-93D8-F9F13C8E0652}
[2012-01-19 00:22:08 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{E91DA65C-7F5F-4C88-98B7-0335A75B5610}
[2012-01-18 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Tanya\Desktop\0-5 km
[2012-01-18 15:56:42 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\Babylon
[2012-01-18 15:56:40 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Babylon
[2012-01-18 15:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012-01-18 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFReader
[2012-01-18 15:56:37 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
[2012-01-18 12:21:54 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{80A4CCCA-513B-485C-B2F6-AED598985CA6}
[2012-01-18 00:21:36 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{D334902E-9BE5-4508-A1E7-DB5D26377D79}
[2012-01-17 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{308F0EB7-BDCA-4A6B-9663-6D91833A76DD}
[2012-01-17 11:03:46 | 000,000,000 | ---D | C] -- C:\Users\Tanya\AppData\Local\{99AEF16A-96BA-4F4D-AF54-F49D3BF3167C}
[2010-05-14 17:05:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Tanya\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-16 09:26:16 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-02-16 03:34:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-02-16 03:34:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-02-16 03:27:39 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-02-16 03:27:05 | 000,465,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-16 03:27:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-02-16 03:26:45 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012-02-16 03:06:44 | 001,607,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-02-16 03:06:44 | 000,714,000 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-02-16 03:06:44 | 000,627,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-02-16 03:06:44 | 000,139,718 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-02-16 03:06:44 | 000,111,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-02-14 21:33:01 | 000,094,005 | ---- | M] () -- C:\Users\Tanya\Desktop\416816_252485524829277_100002034950461_553656_2011217540_n.jpg
[2012-02-14 21:21:52 | 000,001,413 | ---- | M] () -- C:\Users\Tanya\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-02-14 21:17:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012-02-14 21:17:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012-02-14 21:17:43 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-02-14 21:17:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-02-14 21:17:43 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-02-14 21:17:43 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-02-14 21:17:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012-02-14 21:17:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012-02-14 21:17:43 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-02-14 21:17:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012-02-14 21:17:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-02-14 21:17:43 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012-02-14 21:17:43 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012-02-14 21:17:43 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-02-14 21:17:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-02-14 21:17:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012-02-14 21:17:43 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012-02-14 21:17:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012-02-14 21:17:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-02-14 21:17:43 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-02-14 21:17:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012-02-14 21:17:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012-02-14 21:17:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012-02-14 21:17:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012-02-14 21:17:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012-02-14 21:17:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012-02-14 21:17:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012-02-14 21:17:43 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-02-14 21:17:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-02-14 21:17:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012-02-14 21:17:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012-02-14 21:17:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012-02-14 21:17:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-02-14 21:17:43 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012-02-14 21:17:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012-02-14 21:17:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012-02-14 21:17:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012-02-14 21:17:43 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012-02-14 21:17:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012-02-14 21:17:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012-02-14 21:17:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012-02-14 21:17:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012-02-14 21:17:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012-02-14 21:17:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012-02-14 21:17:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012-02-14 21:17:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012-02-14 21:17:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-02-14 21:17:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-02-14 21:17:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012-02-14 21:17:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012-02-14 21:17:43 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012-02-14 21:17:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012-02-14 21:17:43 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012-02-14 21:17:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012-02-14 21:17:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012-02-14 21:17:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012-02-14 21:17:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-02-14 21:17:43 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012-02-14 21:17:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-02-14 21:17:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-02-14 21:17:42 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-02-14 21:17:42 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-02-14 21:17:42 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-02-14 21:17:42 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-02-14 21:17:42 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012-02-14 21:17:42 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012-02-14 21:17:42 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012-02-14 21:17:42 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-02-14 21:17:42 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012-02-14 21:17:42 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012-02-14 21:17:42 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012-02-14 21:17:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012-02-14 21:17:42 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012-02-14 21:17:42 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-02-14 20:15:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-02-14 17:30:16 | 000,000,512 | ---- | M] () -- C:\Users\Tanya\Desktop\MBR.dat
[2012-02-14 17:19:34 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Tanya\Desktop\aswMBR.exe
[2012-02-14 17:17:55 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tanya\Desktop\tdsskiller.exe
[2012-02-14 12:08:59 | 000,088,101 | ---- | M] () -- C:\Users\Tanya\Desktop\a screenshot of my browser.bmp
[2012-02-14 08:46:29 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\ComboFix.exe
[2012-02-13 17:17:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tanya\Desktop\dds.scr
[2012-02-13 17:08:52 | 000,050,477 | ---- | M] () -- C:\Users\Tanya\Desktop\Defogger.exe
[2012-02-07 12:44:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTanya.job
[2012-02-06 14:16:21 | 000,055,459 | ---- | M] () -- C:\Users\Tanya\Desktop\reclame news brief.png
[2012-02-06 14:12:01 | 000,004,425 | ---- | M] () -- C:\Users\Tanya\Desktop\erc-logo-nw.gif
[2012-01-30 10:25:38 | 000,002,975 | ---- | M] () -- C:\Users\Tanya\Desktop\HiJackThis.lnk
[2012-01-29 20:43:37 | 000,123,319 | ---- | M] () -- C:\Users\Tanya\Desktop\IMG_1556.jpg
[2012-01-29 20:40:55 | 000,099,634 | ---- | M] () -- C:\Users\Tanya\Desktop\IMG_1371.jpg
[2012-01-20 12:39:01 | 000,004,996 | ---- | M] () -- C:\Users\Tanya\Desktop\CMP-2DTO3DCONV-240x240.jpg
[2012-01-18 16:07:30 | 586,645,338 | ---- | M] () -- C:\Users\Tanya\Desktop\0-5km.zip
[2012-01-18 15:56:55 | 000,000,237 | ---- | M] () -- C:\user.js
[2012-01-18 15:56:37 | 000,000,990 | ---- | M] () -- C:\Users\Tanya\Desktop\PDF Reader.lnk
[2012-01-18 15:56:01 | 000,561,672 | ---- | M] () -- C:\Users\Tanya\Desktop\PDFReaderSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-02-14 21:17:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-02-14 21:17:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012-02-14 18:43:47 | 000,094,005 | ---- | C] () -- C:\Users\Tanya\Desktop\416816_252485524829277_100002034950461_553656_2011217540_n.jpg
[2012-02-14 17:30:16 | 000,000,512 | ---- | C] () -- C:\Users\Tanya\Desktop\MBR.dat
[2012-02-14 12:08:58 | 000,088,101 | ---- | C] () -- C:\Users\Tanya\Desktop\a screenshot of my browser.bmp
[2012-02-14 08:48:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-02-14 08:48:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-02-14 08:48:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-02-14 08:48:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-02-14 08:48:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-02-13 17:08:49 | 000,050,477 | ---- | C] () -- C:\Users\Tanya\Desktop\Defogger.exe
[2012-02-06 14:16:03 | 000,055,459 | ---- | C] () -- C:\Users\Tanya\Desktop\reclame news brief.png
[2012-01-30 10:25:38 | 000,002,975 | ---- | C] () -- C:\Users\Tanya\Desktop\HiJackThis.lnk
[2012-01-29 20:43:55 | 000,123,319 | ---- | C] () -- C:\Users\Tanya\Desktop\IMG_1556.jpg
[2012-01-29 20:41:17 | 000,099,634 | ---- | C] () -- C:\Users\Tanya\Desktop\IMG_1371.jpg
[2012-01-22 15:18:34 | 000,004,425 | ---- | C] () -- C:\Users\Tanya\Desktop\erc-logo-nw.gif
[2012-01-20 12:39:17 | 000,004,996 | ---- | C] () -- C:\Users\Tanya\Desktop\CMP-2DTO3DCONV-240x240.jpg
[2012-01-18 16:07:02 | 586,645,338 | ---- | C] () -- C:\Users\Tanya\Desktop\0-5km.zip
[2012-01-18 15:56:52 | 000,000,237 | ---- | C] () -- C:\user.js
[2012-01-18 15:56:37 | 000,000,990 | ---- | C] () -- C:\Users\Tanya\Desktop\PDF Reader.lnk
[2012-01-18 15:55:54 | 000,561,672 | ---- | C] () -- C:\Users\Tanya\Desktop\PDFReaderSetup.exe
[2011-11-13 11:07:27 | 000,001,941 | ---- | C] () -- C:\Windows\RRK.INI
[2011-09-18 12:34:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\5c6d184d03d1988fb7e2b65740fa24ad_c
[2011-09-02 09:11:43 | 000,000,594 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2011-07-25 12:04:17 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\vxcode.dll
[2011-06-02 10:27:36 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2011-02-22 17:58:38 | 000,000,066 | ---- | C] () -- C:\Windows\Ahead DVD Ripper.INI
[2011-02-09 17:07:15 | 000,001,854 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\GhostObjGAFix.xml
[2011-01-18 14:30:13 | 000,050,271 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\GoldenVideos.dmp
[2011-01-18 14:14:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DVDEncoder.dll
[2011-01-11 16:55:04 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2011-01-10 12:03:51 | 000,000,333 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010-12-12 15:19:11 | 000,000,093 | ---- | C] () -- C:\Users\Tanya\AppData\Local\fusioncache.dat
[2010-11-27 09:32:57 | 000,000,000 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\wklnhst.dat
[2010-10-15 14:44:39 | 000,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2010-10-15 14:09:01 | 000,008,192 | ---- | C] () -- C:\Users\Tanya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-12 10:45:33 | 000,004,986 | ---- | C] () -- C:\ProgramData\hykdupte.isk
[2010-08-23 17:02:55 | 001,606,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-07-27 21:38:53 | 000,002,108 | ---- | C] () -- C:\Users\Tanya\AppData\Local\rx_audio.Cache
[2010-07-27 21:38:53 | 000,000,072 | ---- | C] () -- C:\Users\Tanya\AppData\Local\rx_image.Cache
[2010-06-30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010-05-14 17:05:58 | 000,007,859 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.cat
[2010-05-14 17:05:58 | 000,001,167 | ---- | C] () -- C:\Users\Tanya\AppData\Roaming\pcouffin.inf
[2010-02-15 20:25:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009-11-13 21:56:42 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009-10-15 01:23:49 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009-10-15 01:23:49 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009-08-27 17:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009-08-27 17:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009-08-27 17:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009-08-27 17:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Tanya\Documents\EasyBits Magic Desktop License Code.txt:Roxio EMC Stream
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF99298A

< End of report >

Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Ahead DVD Ripper 3.4.2
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
Auto Updater 1.0.0.4
AVS Video Converter 6
BitTorrent
Common
Compatibiliteitspakket voor het 2007 Microsoft Office system
Contents
ConvertXtoDVD 4.0.6.316
Corel VideoStudio Pro X4
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
D3DX10
Debut Video Capture Software
DeviceIO
DHTML Editing Component
DivX Plus Web Player
Dora Saves the Crystal Kingdom
DV to DVD Converter 1.00
DVD-CLONER V7.10 Build 992
EditPlus 3
Express Burn Disc Burning Software
Flash DVD Ripper
Free 3GP Video Converter version 3.7.15
Free DVD ISO Burner version 2.5
Golden Videos
Google Update Helper
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Quick Launch Buttons
HP Setup
HP Update
HP User Guides 0148
HP Wireless Assistant
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ICA
IDT Audio
ImagXpress
ImgBurn
Indeo® software
IPM_VS_Pro
ISCOM
Java Auto Updater
Java™ 6 Update 17
Java™ 6 Update 30
Junk Mail filter update
LabelPrint
LightScribe System Software
Magic Desktop
Manager for Skype
Manager for Voipbuster
MasterAdres 20.v3f
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (Dutch) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie DVD Maker 1.6.4
Mozilla Firefox 5.0.1 (x86 nl)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
muvee Reveal
NCH Toolbox
Nero 7 Ultra Edition
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
neroxml
OJOsoft Audio Converter
Partition Wizard Home Edition 5.0
PDF Reader
Power2Go
PowerDirector
Prism Video File Converter
PureHD
QLBCASL
QuickTime
Readon TV Movie Radio Player 7.2.0.0
Readon TV Movie Radio Player 7.5.0.0
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
ScreenShot V1.0.0.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Setup
Share
Skype™ 5.3
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SopCast 3.4.0
StarBurn Version 12r10 (Build 0x20091021)
swMSM
TomTom HOME 2.8.3.2458
TomTom HOME Visual Studio Merge Modules
Turbo Lister 2
Ulead VideoStudio 10
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update Installer for WildTangent Games App
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
UpdateMyDrivers
USB TV Device Driver
USB2.0 Capture Device
V 1.0.0.8
V 1.5
V 2.0
V 2.1
VC80CRTRedist - 8.0.50727.4053
Video X Converter 2.0
VIO
VLC media player 1.1.11
VoipBuster
VSClassic
vShare Plugin
VSPro
Vuze
WBFS Manager 3.0
Wi-Fi MediaConnect
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR archiver
Xilisoft AVI to DVD Converter
Xilisoft DVD to AVI Converter 6
Yahoo! Messenger

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


Adobe Reader 9.5.0 MUI
µTorrent
BitTorrent
Java™ 6 Update 17
Vuze

Please download and install Revo Uninstaller Free

• Double click Revo Uninstaller to run it.
  
• From the list of programs double click on The Program to remove
  
• When prompted if you want to uninstall click Yes.
  
• Be sure the Moderate option is selected then click Next.
  
• The program will run, If prompted again click Yes
  
• when the built-in uninstaller is finished click on Next.
  
• Once the program has searched for leftovers click Next.
  
• Check/tick the bolded items only on the list then click Delete
  
• when prompted click on Yes and then on next.
  
• put a check on any folders that are found and select delete
  
• when prompted select yes then on next
  
• Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.


• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
    
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following


• Log From MBAM
  
• report from Hijackthis
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Thanks for your help. My browser is doing good.
Thanks

we don't have allot to do to finish up so you should stay with me for a little while longer


gringo

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.