Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Injector.DFS.Trojan and HomeNetworking.dll on Win 7 x 64


  • This topic is locked This topic is locked
37 replies to this topic

#1 londonliving

londonliving

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 14 October 2010 - 10:00 PM

IE9 (beta) was attempted to be installed which removed IE8 despite not recognising it.

Since then little niggles have crept in and Win 7 stalls now and again.

Just installed a social bookmarking tool which appeared to deposit extract.exe in:

C:\Users\USERNAME\AppData\Roaming\extract.exe

as Injector.DFS.Trojan

virustotal.com scan

GMER is not allowing me the options from the preparation tutorial.

Thanks for any help.

=================================================================================


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by Laptop at 3:27:47.95 on 15/10/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1918.175 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
D:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\vVX6000.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Process Lasso\ProcessLasso.exe
D:\Program Files\Process Lasso\processgovernor.exe
C:\Windows\PixArt\Pac207\Monitor.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
D:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
D:\Program Files\DellTPad\ApMsgFwd.exe
D:\Program Files\DellTPad\HidFind.exe
D:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Downloads\Ultimate Writing\Incansoft.SocialBot.v4.3-BCC\SocialBotSetup.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\explorer.exe
C:\Users\Laptop\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\System32\osk.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.bbc.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program

Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: EverProfitsAddOns: {1b08a88c-3083-4512-93dc-ce1321deb555} - C:\Program Files

(x86)\Ever Profits Toolbar\adxloader.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program

Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:

\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files

(x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:

\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO: Zemanta Plugin: {8e42a03a-34ed-46c4-8385-79e9534635fb} - D:\Program Files

(x86)\Zemanta\Zemanta for Internet Explorer 0.6.1\ZemantaBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Glide OS Internet Explorer Extension: {af2c997c-756f-49fd-a346-8e7f314f4495}

- D:\Program Files (x86)\Glide OS\Glide OS Internet Explorer Extension\glideos.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files

(x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:

\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program

Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files

(x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files

(x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Ever Profits Toolbar: {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - C:\Program

Files (x86)\Ever Profits Toolbar\adxloader.dll
TB: Glide OS Internet Explorer Toolbar: {bec6af57-0a09-4e4f-bf7f-c8e03d37e3c1} -

D:\Program Files (x86)\Glide OS\Glide OS Internet Explorer Extension\glideos.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files

(x86)\Ask.com\GenericAskToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SandboxieControl] "D:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [HomeNetworking] regsvr32 /s /u "C:\Users\Laptop\AppData\Local\Home

\HomeNetworking.dll"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboTaskBarIcon.exe"
uRun: [Win Logon] C:\Users\Laptop\AppData\Roaming\extract.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office

\Office12\GrooveMonitor.exe"
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager

8\MMReminderService.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare

\ATICustomerCare.exe"
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs

\Startup\MAGICD~1.LNK - D:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK

- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComFillForms.html
IE: Password Generator - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComPasswordGenerator.html
IE: RoboForm TaskBar Icon - file://C:\Program Files (x86)\Siber Systems\AI

RoboForm\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComSavePass.html
IE: Set Fields - file://C:\Program Files (x86)\Siber Systems\AI RoboForm

\RoboFormComSetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems

\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems

\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems

\AI RoboForm\RoboFormComShowToolbar.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-

5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer

\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-

29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager

8\Mm8InternetExplorer.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-

3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-

D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility

\FPServiceProvider.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files

(x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:

\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
uASetup: {55DAB3DA-E6D7-8F5C-3ECC-C0CEA4CED6B3} - C:\Users\Laptop\AppData\Roaming

\extract.exe
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:

\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:

\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

D:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files

(x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [VX6000] C:\Windows\vVX6000.exe
mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide

/waitservice
mRun-x64: [ProcessLassoManagementConsole] D:\Program Files\Process Lasso

\processlasso.exe
mRun-x64: [ProcessGovernor] D:\Program Files\Process Lasso\processgovernor.exe
mRun-x64: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
mRun-x64: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Apoint] D:\Program Files\DellTPad\Apoint.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles

\713xia3d.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL search
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib

\ff36\gears.dll
FF - component: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles

\713xia3d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components

\nstidy.dll
FF - component: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles

\713xia3d.default\extensions\keyscrambler@qfx.software.corporation\components

\KeyScramblerIE.dll
FF - component: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles

\713xia3d.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc

\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins

\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
FF - plugin: C:\Users\Laptop\AppData\Local\Google\Update

\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Users\Laptop\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins

\npybrowserplus_2.9.2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files

(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref

("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref

("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-19 55280]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-3-27 20456]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-9-11 123200]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows

\System32\drivers\b44amd64.sys [2009-6-10 87552]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4

-14 54824]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys

[2010-1-25 31216]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-2

-25 131184]
R3 SbieDrv;SbieDrv;D:\Program Files\Sandboxie\SbieDrv.sys [2010-4-1 135272]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13

740864]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities

2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2010-2-19 51120]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2010-5-4 23152]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-7-7 17464]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-10-15 01:39:32 -------- d-----w- D:\Program Files

(x86)\Incansoft
2010-10-15 00:45:40 3702784 ----a-w- C:\Users\Laptop\AppData\Roaming

\extract.exe
2010-10-13 21:38:31 -------- d-----w- D:\Program Files

(x86)\Market Samurai
2010-10-12 22:56:39 -------- d-----w- D:\Program Files

(x86)\KeywordBlueprint
2010-10-12 21:44:22 12625408 ----a-w- C:\Windows

\SysWow64\wmploc.DLL
2010-10-12 21:44:21 12625920 ----a-w- C:\Windows

\System32\wmploc.DLL
2010-10-12 21:44:11 483840 ----a-w- C:\Windows

\System32\StructuredQuery.dll
2010-10-12 21:44:11 363520 ----a-w- C:\Windows

\SysWow64\StructuredQuery.dll
2010-10-12 21:44:09 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-12 21:44:08 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-12 21:44:05 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-12 21:44:03 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-12 21:44:00 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-12 21:43:59 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-12 21:43:00 463360 ----a-w- C:\Windows\System32\drivers

\srv.sys
2010-10-12 21:42:59 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-12 21:42:59 402944 ----a-w- C:\Windows\System32\drivers

\srv2.sys
2010-10-12 21:42:59 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-12 21:42:59 161792 ----a-w- C:\Windows\System32\drivers

\srvnet.sys
2010-10-12 21:42:58 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-12 21:42:56 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-12 21:42:56 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-12 21:42:55 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-12 21:42:55 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-12 21:42:54 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-10-12 21:42:54 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-12 16:52:32 7935824 ----a-w- C:\PROGRA~3\Microsoft\Windows

Defender\Definition Updates\{902DBBDD-170B-454F-B447-E857FE0F29A7}\mpengine.dll
2010-10-06 09:49:42 -------- d-----w- D:\Program Files\DellTPad
2010-10-01 14:57:17 -------- d-----w- C:\Users\Laptop\AppData

\Roaming\KeywordGenius
2010-10-01 14:57:10 -------- d-----w- D:\Program Files

(x86)\KeywordSamuraiPremium
2010-09-30 04:17:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-30 04:17:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 09:38:27 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-21 19:10:13 -------- d-----w- D:\Program Files (x86)\BBC

iPlayer Desktop
2010-09-17 13:10:31 -------- d-----w- C:\PROGRA~3\{93E26451-

CD9A-43A5-A2FA-C42392EA4001}
2010-09-17 13:05:07 -------- d-----w- D:\Program Files\Bonjour
2010-09-17 10:43:23 -------- d-----w- D:\Program Files\Microsoft

IntelliPoint
2010-09-17 10:42:12 -------- d-----w- C:

\0e54a1f7adf3886dc2d796b5683e09
2010-09-16 03:03:03 94208 ----a-w- D:\Program Files (x86)\Internet

Explorer\en\iediag.resources.dll
2010-09-16 03:03:02 273208 ----a-w- D:\Program Files (x86)\Internet

Explorer\iediag.exe
2010-09-16 03:03:01 319488 ----a-w- D:\Program Files (x86)\Internet

Explorer\iediagDLL.dll
2010-09-16 03:03:01 289792 ----a-w- D:\Program Files (x86)\Internet

Explorer\networkinspection.dll
2010-09-16 03:03:01 108032 ----a-w- D:\Program Files (x86)\Internet

Explorer\iecleanup.exe
2010-09-16 03:02:59 437760 ----a-w- D:\Program Files\Internet

Explorer\networkinspection.dll
2010-09-16 03:02:59 122880 ----a-w- D:\Program Files\Internet

Explorer\iecleanup.exe
2010-09-15 21:34:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-15 21:26:43 1863680 ----a-w- C:\Windows

\System32\ExplorerFrame.dll
2010-09-15 21:26:43 1495040 ----a-w- C:\Windows

\SysWow64\ExplorerFrame.dll

==================== Find3M ====================

2010-10-14 13:40:24 472808 ----a-w- C:\Windows

\SysWow64\deployJava1.dll
2010-09-08 10:17:46 94208 ----a-w- C:\Windows

\SysWow64\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-08-31 23:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-08-31 23:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-08-31 23:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-08-31 23:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-08-31 23:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-08-31 23:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-08-31 23:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-08-31 23:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-08-31 23:43:10 76800 ----a-w- C:\Windows

\SysWow64\SetIEInstalledDate.exe
2010-08-31 23:43:10 74752 ----a-w- C:\Windows

\SysWow64\RegisterIEPKEYs.exe
2010-08-31 23:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-08-31 23:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-08-31 23:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-08-31 23:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-08-16 06:50:45 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-08-16 06:50:43 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-08-16 06:50:42 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-08-16 06:50:42 320512 ----a-w- C:\Windows

\System32\d3d10_1core.dll
2010-08-16 06:50:42 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-08-16 06:14:36 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- C:\Windows

\SysWow64\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-08-13 03:06:27 72080 ----a-w- C:\Users\Laptop\g2mdlhlpx.exe
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-27 17:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll
2010-07-27 17:55:50 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2010-07-27 17:55:50 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2010-07-27 17:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2010-07-27 17:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2010-07-27 17:44:10 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2010-07-27 17:44:10 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2010-07-27 17:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2010-07-23 03:44:07 468480 ----a-w- C:\Windows

\System32\deployJava1.dll
2010-07-21 15:59:28 1721576 ----a-w- C:\Windows

\System32\wdfcoinstaller01009.dll
2001-12-27 18:07:54 660992 ----a-r- D:\Program Files\FontViewer.exe

============= FINISH: 3:34:20.72 ===============


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 26 October 2010 - 11:35 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 29 October 2010 - 04:52 PM

Hi

Thanks for getting back to me :busy:

I'll run the scans tonight and post up the results tomorrow.

As ever thanks for all your help in advance, it really makes a difference :thumbsup:

#4 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 29 October 2010 - 05:10 PM

OTL logfile created on: 29/10/2010 22:08:03 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Laptop\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 15.00% Paging File free
Paging file location(s): c:\pagefile.sys 256 256 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 22.46 Gb Total Space | 0.47 Gb Free Space | 2.08% Space Free | Partition Type: NTFS
Drive D: | 48.96 Gb Total Space | 0.16 Gb Free Space | 0.32% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: computerName7X64 | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/29 21:56:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
PRC - [2010/10/22 22:08:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/17 22:00:08 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/17 16:48:56 | 000,016,184 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/07/14 02:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
PRC - [2009/06/30 22:24:56 | 000,764,256 | ---- | M] (Microsoft Corporation
) -- C:\Windows\vVX6000.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/11/14 04:35:22 | 000,037,656 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/10/29 21:56:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:17 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAutomationCore.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/01 19:55:16 | 000,095,464 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/02/20 15:53:02 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/12/18 00:09:00 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/12/01 21:45:18 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/04 13:26:41 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/24 09:55:30 | 002,430,304 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/12/18 00:13:58 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/12/18 00:08:54 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/11 08:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2009/07/24 16:04:54 | 000,199,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/14 21:40:24 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/07/07 15:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/05/28 05:17:37 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:55:14 | 000,135,272 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/03/10 18:19:32 | 000,020,456 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/01/25 17:12:40 | 000,031,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/12/10 15:48:44 | 000,051,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2009/10/10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/04 22:33:48 | 000,131,184 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2009/09/11 08:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/11 08:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/11 08:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/30 22:24:56 | 002,143,600 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/24 16:28:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/12/01 23:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2007/03/19 13:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/12/05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/01/29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/10/14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 0C 54 F9 7F B1 CA 01 [binary data]
IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.95
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.6.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.10
FF - prefs.js..extensions.enabledItems: 54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org:1.1.4
FF - prefs.js..extensions.enabledItems: {2e710e6b-5e9d-44ba-8f4e-09a040978b49}:1.2.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: ServerSpy@jacquet.eu.org:0.1.6
FF - prefs.js..extensions.enabledItems: {f36c6cd1-da73-491d-b290-8fc9115bfa55}:2.1.0
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.7
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: support@easy-hideip.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.70.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..network.proxy.share_proxy_settings: true


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/13 17:24:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010/02/26 17:59:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/22 22:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/22 22:08:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/17 14:33:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins [2010/10/12 20:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/02/19 18:03:29 | 000,000,000 | ---D | M]

[2010/10/20 07:12:53 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Extensions
[2010/10/20 07:12:53 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/29 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions
[2010/10/13 22:52:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/09/10 21:52:37 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2010/03/30 14:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{2e710e6b-5e9d-44ba-8f4e-09a040978b49}
[2010/03/02 21:10:09 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/05/20 15:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/10/23 22:14:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/02 21:10:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/09/10 21:52:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/04 04:24:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/10/13 22:52:50 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}
[2010/03/02 21:09:41 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org
[2010/09/10 21:58:21 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\firebug@software.joehewitt.com
[2010/09/10 21:52:25 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\foxyproxy@eric.h.jung
[2010/02/25 04:58:41 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\keyscrambler@qfx.software.corporation
[2010/03/18 14:47:11 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\ServerSpy@jacquet.eu.org
[2010/04/05 05:44:34 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\support@easy-hideip.com
[2010/10/03 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\support@lastpass.com
[2010/10/18 19:57:27 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\toolbar@ask.com
[2010/03/06 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\toolbar@instantbuzz.com
[2010/09/26 00:59:12 | 000,000,000 | ---D | M] -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\713xia3d.default\extensions\zotero@chnm.gmu.edu
[2010/10/13 00:03:07 | 000,001,820 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\bing.xml
[2010/10/13 00:16:43 | 000,002,759 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\cpedia.xml
[2010/10/13 00:01:24 | 000,002,404 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\ebookpedianet.xml
[2010/10/13 00:03:22 | 000,005,471 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\googlecom-in-english.xml
[2010/10/13 00:04:06 | 000,001,549 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\scroogle-ssl-search.xml
[2010/10/13 00:50:15 | 000,003,974 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\the-wayback-machine.xml
[2010/10/13 00:01:43 | 000,004,140 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\FireFox\Profiles\713xia3d.default\searchplugins\youtube.xml

O1 HOSTS File: ([2010/09/11 23:01:47 | 000,001,568 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (EverProfitsAddOns) - {1b08a88c-3083-4512-93dc-ce1321deb555} - C:\Program Files (x86)\Ever Profits Toolbar\adxloader.dll (Add-in Express Ltd)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Zemanta Plugin) - {8E42A03A-34ED-46C4-8385-79E9534635FB} - D:\Program Files (x86)\Zemanta\Zemanta for Internet Explorer 0.6.1\ZemantaBHO.dll (Zemanta)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Glide OS Internet Explorer Extension) - {AF2C997C-756F-49FD-A346-8E7F314F4495} - D:\Program Files (x86)\Glide OS\Glide OS Internet Explorer Extension\glideos.dll (TransMedia)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Ever Profits Toolbar) - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - C:\Program Files (x86)\Ever Profits Toolbar\adxloader.dll (Add-in Express Ltd)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Glide OS Internet Explorer Toolbar) - {BEC6AF57-0A09-4E4F-BF7F-C8E03D37E3C1} - D:\Program Files (x86)\Glide OS\Glide OS Internet Explorer Extension\glideos.dll (TransMedia)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Apoint] D:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] D:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [ProcessGovernor] D:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum Technologies)
O4:64bit: - HKLM..\Run: [ProcessLassoManagementConsole] D:\Program Files\Process Lasso\ProcessLasso.exe (Bitsum Technologies)
O4:64bit: - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Win Logon] C:\Users\Laptop\AppData\Roaming\extract.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [HomeNetworking] File not found
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Win Logon = C:\Users\Laptop\AppData\Roaming\extract.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8:64bit: - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Password Generator - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Set Fields - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSetFields.html ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\LeahScape\FoxyProxy Video Utility\FPServiceProvider.dll ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /k:C /k:D *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/29 21:55:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2010/10/29 06:54:52 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/29 06:54:52 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/29 06:54:52 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/29 06:54:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/29 06:54:51 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/29 06:54:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/29 06:54:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/29 06:54:19 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/22 23:20:36 | 000,021,480 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys
[2010/10/22 22:28:29 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Market Samurai
[2010/10/20 07:08:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\SEO PowerSuite
[2010/10/17 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\TweetTank
[2010/10/15 03:39:57 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\gmer
[2010/10/15 02:39:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Incansoft
[2010/10/14 14:41:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/14 14:41:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/14 14:41:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/12 23:56:39 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\KeywordBlueprint
[2010/10/12 22:44:31 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/12 22:44:24 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/12 22:44:22 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/12 22:44:21 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/12 22:44:11 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/12 22:44:09 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/12 22:44:08 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/12 22:44:05 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/12 22:44:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/12 22:42:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/12 22:42:56 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/12 22:42:56 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/12 22:42:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/12 22:42:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/06 10:49:42 | 000,000,000 | ---D | C] -- D:\Program Files\DellTPad
[2010/10/01 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\KeywordGenius
[2010/10/01 15:57:10 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\KeywordSamuraiPremium
[2010/09/21 20:10:13 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BBC iPlayer Desktop
[2010/09/19 01:16:49 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\Online Magazines 2010
[2010/09/17 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\vlc
[2010/09/17 16:37:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/17 14:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/17 14:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/09/17 14:05:30 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Apple
[2010/09/17 14:05:07 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/09/17 11:43:23 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft IntelliPoint
[2010/09/17 11:42:12 | 000,000,000 | ---D | C] -- C:\0e54a1f7adf3886dc2d796b5683e09
[2010/09/16 04:01:08 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/16 04:01:08 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/16 04:01:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/09/16 04:01:08 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/09/16 04:01:07 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/09/16 04:01:07 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/09/16 04:01:07 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/09/16 04:01:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/16 04:01:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/16 04:01:06 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/09/16 04:01:06 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/16 04:01:06 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/16 04:01:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/16 04:01:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/16 04:01:06 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/09/16 04:01:06 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/09/16 04:01:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/09/16 04:01:06 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/16 04:01:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/09/16 04:01:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/09/16 04:01:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/09/16 04:01:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/09/16 04:01:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/09/16 04:01:05 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/16 04:01:05 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/09/16 04:01:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/09/16 04:01:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/16 04:01:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/16 04:01:04 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/09/16 04:01:04 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/09/16 04:01:04 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/09/16 04:01:04 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/09/16 04:01:04 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/09/16 04:01:04 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/09/16 04:01:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/09/16 04:01:04 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/09/16 04:01:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/16 04:01:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/09/16 04:01:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/09/16 04:01:04 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/09/16 04:01:04 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/16 04:01:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/09/16 04:01:04 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/16 04:01:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/09/16 04:01:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/09/16 04:01:04 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/09/16 04:01:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/09/16 04:01:03 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/09/16 04:01:03 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/09/16 04:01:03 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/09/16 04:01:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/09/16 04:01:03 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/16 04:01:03 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/09/16 04:01:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/16 04:01:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/09/16 04:01:01 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/09/16 04:01:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/09/16 04:01:01 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/09/16 04:01:01 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/09/16 04:01:01 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/09/16 04:01:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/09/16 04:01:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/09/16 04:01:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/09/16 04:01:01 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/09/16 04:01:00 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/09/16 04:01:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/09/16 04:01:00 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/09/16 04:01:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/09/16 04:01:00 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/09/16 04:01:00 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/09/16 04:01:00 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/09/16 04:01:00 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/16 04:01:00 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/09/16 04:01:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/09/16 04:01:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/09/16 04:01:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/09/16 04:01:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/09/16 04:01:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/09/15 22:26:43 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2010/09/15 22:26:43 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2010/09/11 01:34:13 | 000,466,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2010/09/11 01:34:13 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2010/09/11 01:34:13 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2010/09/11 01:34:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2010/09/11 01:33:41 | 001,844,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/09/11 01:33:41 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/09/11 01:33:41 | 000,899,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/09/11 01:33:41 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/09/11 01:33:41 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/09/11 01:33:41 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/09/11 01:33:40 | 001,543,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/09/11 01:33:40 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/09/11 01:32:57 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/09/11 01:32:57 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/09/11 01:32:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/09/11 01:32:57 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/09/11 01:32:56 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/09/11 01:32:56 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010/09/11 01:32:55 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/09/08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/05 05:21:35 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Home
[2010/09/05 03:32:34 | 000,000,000 | ---D | C] -- C:\Users\Laptop\7067E219F48C4AC6AD2FF90CB23C3616.TMP
[2010/09/01 15:41:05 | 000,000,000 | ---D | C] -- D:\Program Files\ATI
[2010/09/01 15:38:11 | 000,000,000 | ---D | C] -- C:\ATI
[2010/08/26 07:35:48 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\VideoLAN
[2010/08/25 08:07:52 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\WinDirStat
[2010/08/25 08:06:30 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/19 17:20:16 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Sigil
[2010/08/12 13:55:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010/08/12 12:34:20 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010/08/12 12:34:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010/08/12 12:30:01 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/12 12:29:57 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/08/12 12:29:55 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/08/12 12:28:08 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010/08/12 09:15:53 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\Five Minute Writer
[2010/08/08 03:52:08 | 000,000,000 | ---D | C] -- D:\My Kindle Content
[2010/08/08 03:52:08 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Amazon
[2010/08/08 03:51:54 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Amazon
[2010/08/06 17:12:42 | 000,000,000 | ---D | C] -- D:\Program Files\WinHTTrack
[2010/08/06 17:11:56 | 000,000,000 | ---D | C] -- C:\Users\Laptop\Desktop\httrack-noinst-3.43-9C
[2010/05/28 05:17:37 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Laptop\AppData\Roaming\pcouffin.sys
[2008/05/06 11:41:10 | 000,660,992 | R--- | C] (Alberto Martínez Pérez) -- D:\Program Files\FontViewer.exe
[3 C:\Users\Laptop\*.tmp files -> C:\Users\Laptop\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/29 22:05:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/29 22:05:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/29 21:56:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2010/10/29 21:55:50 | 000,133,632 | ---- | M] () -- C:\Users\Laptop\Desktop\RKUnhookerLE.EXE
[2010/10/29 21:43:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-335727221-1544579737-4212433366-1001UA.job
[2010/10/29 21:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 07:31:03 | 000,000,852 | ---- | M] () -- C:\Users\Laptop\Desktop\Traffic Travis.lnk
[2010/10/29 06:49:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 06:49:59 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 04:02:21 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-335727221-1544579737-4212433366-1001Core.job
[2010/10/23 20:54:18 | 000,002,605 | ---- | M] () -- C:\Users\Public\Desktop\ABS-UserManual.pdf.lnk
[2010/10/17 22:40:53 | 000,001,646 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/10/17 15:04:10 | 000,004,592 | ---- | M] () -- C:\Users\Laptop\Desktop\sitemap.xml
[2010/10/15 03:39:47 | 000,002,992 | ---- | M] () -- C:\Users\Laptop\Desktop\Attach.zip
[2010/10/15 03:31:06 | 000,285,168 | ---- | M] () -- C:\Users\Laptop\Desktop\gmer.zip
[2010/10/15 03:26:32 | 000,544,768 | ---- | M] () -- C:\Users\Laptop\Desktop\dds.scr
[2010/10/14 15:32:54 | 000,001,270 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/10/14 15:02:06 | 000,000,792 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/14 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/10/14 14:40:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/10/14 14:40:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/10/14 14:40:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/13 22:59:45 | 000,010,240 | ---- | M] () -- C:\Users\Laptop\Desktop\headphone-20101113-tt.csv
[2010/10/12 23:39:30 | 002,383,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/09 22:22:49 | 000,001,141 | ---- | M] () -- C:\Users\Laptop\Desktop\Artisteer 2.lnk
[2010/10/09 21:41:01 | 000,117,812 | ---- | M] () -- C:\Users\Laptop\Desktop\M&S Product List 08 2010.pdf
[2010/10/06 10:49:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/10/06 00:22:37 | 000,026,782 | ---- | M] () -- D:\aeron chair reseach.csv
[2010/10/02 21:37:39 | 000,002,069 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\UEStudio '10.lnk
[2010/10/02 21:37:39 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2010/10/01 15:59:48 | 000,001,192 | ---- | M] () -- C:\Users\Laptop\Desktop\DW CS5 and WP.lnk
[2010/10/01 15:57:11 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Keyword Samurai Premium.lnk
[2010/10/01 13:48:18 | 002,255,786 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/10/01 13:48:18 | 002,252,548 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010/10/01 13:48:18 | 002,237,314 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010/10/01 13:48:18 | 002,205,192 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/10/01 13:48:18 | 002,177,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/01 13:48:18 | 001,949,874 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2010/10/01 13:48:18 | 000,919,848 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010/10/01 13:48:18 | 000,919,424 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010/10/01 13:48:18 | 000,917,048 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/10/01 13:48:18 | 000,916,448 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/10/01 13:48:18 | 000,893,296 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2010/10/01 13:48:18 | 000,893,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/01 13:48:18 | 000,005,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/28 22:24:09 | 000,064,728 | ---- | M] () -- C:\Users\Laptop\Desktop\cat-kitten-sink.jpg
[2010/09/25 04:33:40 | 000,018,820 | ---- | M] () -- C:\Users\Laptop\Desktop\OSU-html-draft.HTML
[2010/09/21 20:10:13 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2010/09/21 14:06:02 | 000,005,120 | ---- | M] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 04:23:02 | 001,694,231 | ---- | M] () -- C:\Users\Laptop\Desktop\thepublicdomain1.pdf
[2010/09/17 19:37:36 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/17 13:10:02 | 000,001,979 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/17 11:44:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/09/17 02:15:30 | 000,001,922 | ---- | M] () -- C:\Users\Laptop\Desktop\XanaduSpace.lnk
[2010/09/16 04:10:56 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/16 04:06:33 | 000,001,262 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/16 03:53:50 | 000,000,134 | ---- | M] () -- C:\Users\Laptop\Desktop\Internet Explorer Troubleshooting.url
[2010/09/11 01:34:25 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/09/11 01:13:49 | 000,002,171 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 23:07:53 | 000,001,041 | ---- | M] () -- C:\Users\Laptop\Desktop\artisteer.2.4.0.26594-loader - Shortcut.lnk
[2010/09/08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010/09/08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010/09/05 03:31:20 | 000,002,067 | ---- | M] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk
[2010/09/03 15:56:27 | 000,014,009 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\settings.dat
[2010/09/03 15:21:42 | 000,278,912 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\farm.bmp
[2010/09/01 06:21:46 | 014,627,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/09/01 06:12:09 | 012,625,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/09/01 05:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/09/01 05:23:49 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/09/01 00:46:36 | 001,355,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010/09/01 00:44:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/09/01 00:44:30 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/09/01 00:44:22 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010/09/01 00:43:26 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/09/01 00:43:24 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010/09/01 00:43:22 | 000,109,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010/09/01 00:43:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/09/01 00:43:12 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/09/01 00:43:12 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/09/01 00:43:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010/09/01 00:43:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010/09/01 00:43:04 | 000,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010/09/01 00:43:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010/09/01 00:43:02 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/09/01 00:43:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010/09/01 00:42:58 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/09/01 00:42:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010/09/01 00:42:58 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010/09/01 00:42:54 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/09/01 00:42:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010/09/01 00:42:50 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/09/01 00:42:48 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010/09/01 00:42:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/09/01 00:42:42 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010/09/01 00:42:42 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010/09/01 00:42:36 | 001,633,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010/09/01 00:42:34 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/09/01 00:42:26 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010/09/01 00:42:26 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/09/01 00:42:22 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010/09/01 00:42:20 | 001,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/09/01 00:42:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010/09/01 00:42:20 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010/09/01 00:42:20 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/09/01 00:42:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010/09/01 00:42:18 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/09/01 00:42:18 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010/09/01 00:42:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010/09/01 00:42:04 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/09/01 00:42:04 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010/09/01 00:42:04 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010/09/01 00:42:04 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/09/01 00:42:00 | 000,819,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/09/01 00:41:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/09/01 00:41:54 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/09/01 00:41:54 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/09/01 00:41:52 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010/09/01 00:41:50 | 000,090,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010/09/01 00:41:48 | 000,263,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010/09/01 00:41:48 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/09/01 00:41:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/09/01 00:41:46 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010/09/01 00:41:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010/09/01 00:41:44 | 000,157,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010/09/01 00:41:44 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010/09/01 00:41:40 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/09/01 00:41:38 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010/09/01 00:41:38 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010/09/01 00:41:38 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/09/01 00:41:36 | 000,690,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/09/01 00:41:34 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010/09/01 00:41:34 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010/09/01 00:41:26 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010/09/01 00:41:24 | 000,313,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010/09/01 00:41:22 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/09/01 00:41:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/09/01 00:41:14 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/09/01 00:41:14 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010/09/01 00:41:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010/09/01 00:41:12 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010/09/01 00:41:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010/09/01 00:41:04 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010/09/01 00:40:56 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010/09/01 00:40:46 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/09/01 00:40:40 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010/09/01 00:36:52 | 000,072,533 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/01 00:36:48 | 000,072,533 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2010/08/31 05:32:30 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/08/31 05:32:30 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/08/27 06:46:48 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/08/26 06:27:28 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/08/26 05:39:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/08/25 08:31:54 | 000,000,890 | ---- | M] () -- C:\Users\Laptop\Desktop\WinDirStat.lnk
[2010/08/21 07:38:47 | 001,024,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/08/21 07:31:06 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/08/21 06:36:33 | 000,738,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/08/19 17:29:13 | 000,000,842 | ---- | M] () -- C:\Users\Laptop\Desktop\Sigil.lnk
[2010/08/17 23:06:44 | 000,004,354 | ---- | M] () -- C:\Users\Laptop\Desktop\BBC.English.Lessons.MP3.BBC.co.uk.BWXP.lnk
[2010/08/16 07:50:43 | 001,543,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2010/08/16 07:50:42 | 001,844,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2010/08/16 07:50:42 | 000,899,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2010/08/16 07:50:42 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2010/08/16 07:14:36 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2010/08/16 07:14:24 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2010/08/16 07:14:24 | 000,737,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2010/08/16 07:14:24 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2010/08/13 04:06:27 | 000,072,080 | ---- | M] () -- C:\Users\Laptop\g2mdlhlpx.exe
[2010/08/11 09:21:20 | 000,000,106 | ---- | M] () -- C:\Users\Laptop\Desktop\0MCMXXXII.html
[2010/08/11 09:17:43 | 000,000,106 | ---- | M] () -- C:\Users\Laptop\Desktop\MCMXXXII.HTML
[2010/08/08 03:49:50 | 010,295,328 | ---- | M] () -- C:\Users\Laptop\Desktop\mobiperl-win-0.0.43.zip
[2010/08/05 11:08:08 | 000,360,227 | ---- | M] () -- C:\Users\Laptop\Desktop\InfoProdigyReport.pdf
[2010/08/04 08:07:13 | 000,961,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/08/04 08:07:11 | 000,552,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/08/04 08:05:42 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/08/04 08:05:42 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/08/04 07:18:45 | 000,641,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/08/04 07:15:03 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/08/04 07:15:03 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/08/02 17:08:52 | 003,695,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010/08/02 14:50:00 | 003,695,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010/08/02 03:56:56 | 001,572,636 | ---- | M] () -- C:\Users\Laptop\Desktop\authoritycodes.pdf
[3 C:\Users\Laptop\*.tmp files -> C:\Users\Laptop\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 21:55:20 | 000,133,632 | ---- | C] () -- C:\Users\Laptop\Desktop\RKUnhookerLE.EXE
[2010/10/29 07:31:03 | 000,000,852 | ---- | C] () -- C:\Users\Laptop\Desktop\Traffic Travis.lnk
[2010/10/23 20:54:18 | 000,002,605 | ---- | C] () -- C:\Users\Public\Desktop\ABS-UserManual.pdf.lnk
[2010/10/17 15:04:10 | 000,004,592 | ---- | C] () -- C:\Users\Laptop\Desktop\sitemap.xml
[2010/10/15 03:39:47 | 000,002,992 | ---- | C] () -- C:\Users\Laptop\Desktop\Attach.zip
[2010/10/15 03:30:45 | 000,285,168 | ---- | C] () -- C:\Users\Laptop\Desktop\gmer.zip
[2010/10/15 03:25:42 | 000,544,768 | ---- | C] () -- C:\Users\Laptop\Desktop\dds.scr
[2010/10/13 22:59:45 | 000,010,240 | ---- | C] () -- C:\Users\Laptop\Desktop\headphone-20101113-tt.csv
[2010/10/09 21:41:00 | 000,117,812 | ---- | C] () -- C:\Users\Laptop\Desktop\M&S Product List 08 2010.pdf
[2010/10/06 10:49:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/10/06 00:22:36 | 000,026,782 | ---- | C] () -- D:\aeron chair reseach.csv
[2010/10/03 07:30:12 | 000,001,141 | ---- | C] () -- C:\Users\Laptop\Desktop\Artisteer 2.lnk
[2010/10/02 21:37:39 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\UEStudio '10.lnk
[2010/10/01 15:57:11 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Keyword Samurai Premium.lnk
[2010/09/28 22:24:09 | 000,064,728 | ---- | C] () -- C:\Users\Laptop\Desktop\cat-kitten-sink.jpg
[2010/09/25 04:33:38 | 000,018,820 | ---- | C] () -- C:\Users\Laptop\Desktop\OSU-html-draft.HTML
[2010/09/19 04:22:45 | 001,694,231 | ---- | C] () -- C:\Users\Laptop\Desktop\thepublicdomain1.pdf
[2010/09/17 19:37:36 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/17 11:44:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/09/17 02:13:27 | 000,001,922 | ---- | C] () -- C:\Users\Laptop\Desktop\XanaduSpace.lnk
[2010/09/16 15:44:22 | 000,001,192 | ---- | C] () -- C:\Users\Laptop\Desktop\DW CS5 and WP.lnk
[2010/09/16 04:01:07 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010/09/16 04:01:07 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010/09/15 22:24:05 | 000,000,134 | ---- | C] () -- C:\Users\Laptop\Desktop\Internet Explorer Troubleshooting.url
[2010/09/11 01:34:25 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/09/11 01:09:07 | 000,002,171 | ---- | C] () -- C:\Users\Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/11 01:09:07 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/08/25 08:07:54 | 000,000,890 | ---- | C] () -- C:\Users\Laptop\Desktop\WinDirStat.lnk
[2010/08/19 17:29:13 | 000,000,842 | ---- | C] () -- C:\Users\Laptop\Desktop\Sigil.lnk
[2010/08/17 23:06:44 | 000,004,354 | ---- | C] () -- C:\Users\Laptop\Desktop\BBC.English.Lessons.MP3.BBC.co.uk.BWXP.lnk
[2010/08/11 09:21:20 | 000,000,106 | ---- | C] () -- C:\Users\Laptop\Desktop\0MCMXXXII.html
[2010/08/11 09:17:43 | 000,000,106 | ---- | C] () -- C:\Users\Laptop\Desktop\MCMXXXII.HTML
[2010/08/08 03:49:41 | 010,295,328 | ---- | C] () -- C:\Users\Laptop\Desktop\mobiperl-win-0.0.43.zip
[2010/08/05 11:08:04 | 000,360,227 | ---- | C] () -- C:\Users\Laptop\Desktop\InfoProdigyReport.pdf
[2010/08/02 03:56:51 | 001,572,636 | ---- | C] () -- C:\Users\Laptop\Desktop\authoritycodes.pdf
[2010/05/28 05:19:34 | 000,001,041 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\vso_ts_preview.xml
[2010/05/28 05:18:53 | 000,000,034 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\pcouffin.log
[2010/05/28 05:17:37 | 000,099,384 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\inst.exe
[2010/05/28 05:17:37 | 000,007,859 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\pcouffin.cat
[2010/05/28 05:17:37 | 000,001,167 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\pcouffin.inf
[2010/04/27 04:46:38 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010/04/15 09:19:23 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010/04/07 11:48:19 | 000,001,646 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/03/18 12:27:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/13 15:22:10 | 000,014,009 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\settings.dat
[2010/03/13 15:08:00 | 000,278,912 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\farm.bmp
[2010/02/27 05:25:34 | 000,007,598 | ---- | C] () -- C:\Users\Laptop\AppData\Local\resmon.resmoncfg
[2010/02/20 22:53:04 | 000,005,120 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 18:24:18 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

< End of report >

===================================================================================

OTL Extras logfile created on: 29/10/2010 22:08:03 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Laptop\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 16.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 15.00% Paging File free
Paging file location(s): c:\pagefile.sys 256 256 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 22.46 Gb Total Space | 0.47 Gb Free Space | 2.08% Space Free | Partition Type: NTFS
Drive D: | 48.96 Gb Total Space | 0.16 Gb Free Space | 0.32% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: computerName7x64 | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Classes\<extension>]
.txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Downloads\Ultimate Writing\Incansoft.SocialBot.v4.3-BCC\SocialBotSetup.exe" = D:\Downloads\Ultimate Writing\Incansoft.SocialBot.v4.3-BCC\SocialBotSetup.exe:*:Enabled:Windows Messanger -- (AWdOT5uqSMXdO4ZCsO)
"C:\Users\Laptop\AppData\Roaming\extract.exe" = C:\Users\Laptop\AppData\Roaming\extract.exe:*:Enabled:Windows Messanger -- File not found
"D:\Downloads\Ultimate Writing\Incansoft.SocialBot.v4.3-BCC\SocialBotSetup.exe" = D:\Downloads\Ultimate Writing\Incansoft.SocialBot.v4.3-BCC\SocialBotSetup.exe:*:Enabled:Windows Messanger -- (AWdOT5uqSMXdO4ZCsO)
"C:\Users\Laptop\AppData\Roaming\extract.exe" = C:\Users\Laptop\AppData\Roaming\extract.exe:*:Enabled:Windows Messanger -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{67B17AC6-4840-4910-8A4C-72BF85302918}" = ESET NOD32 Antivirus
"{67D477F8-E9A9-40EE-8036-3C7B4AAEE664}" = Diskeeper 2010
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9D4D34B3-1A99-40D9-A967-F5B8690F176A}" = Desk Drive
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF-XChange 3_is1" = PDF-XChange 3
"Sandboxie" = Sandboxie 3.45.05 (64-bit)
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C (x64)
"WinRAR archiver" = WinRAR archiver
"XSitePro2" = XSitePro2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{04B699F0-7B34-295C-2541-A9D63CA34371}" = Market Samurai
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09E074A1-2ACF-476C-9351-B4A6B07890E2}" = FoxyProxy Video Utility
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13228AA7-9DD0-7774-9143-DAE4AA73DC12}" = BBC iPlayer Desktop
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17555A4D-EEEB-3205-F0C6-11F103629374}" = OfferEvaluator
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{32932FE5-BE1C-4768-8CEA-8215FCB8949F}" = UltraCompare v7.10
"{38700C90-0536-4240-8B08-3F83E2CD8AAD}" = Windows Internet Explorer Platform Preview
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F8C52F6-FE88-4276-B514-1AA8ABD1CA41}" = UEStudio '10.20
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5BE1D9EC-3674-4690-BB84-A5A2E012F026}" = KeywordCorral
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{683A6E29-A80A-4260-BBD8-016538456601}" = Glide OS Internet Explorer Extension
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A3F090-76D6-E50A-5A18-1595EDE185F3}" = KeywordBlueprint
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{861601BF-B60A-4e17-9DC0-0E34FE2170F3}" = Great Dialogue (Registered Version)
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DAF0960-F991-4B7C-B7ED-2609FECBB22D}" = TweetTank
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9FAA58AE-9D37-42B3-90D6-267E40C15E5E}" = Zemanta for Internet Explorer 0.6.1
"{A1E11080-828B-4E58-8951-442C78AB7186}" = CommentKahuna
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
"{AFD1A786-7B43-991B-A55E-68247B95C09B}" = TweetGlide
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}" = UltraEdit 16.20
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Auto Blog Samurai
"{C78743AF-F8FA-17E0-B638-DC615E132CE3}" = AuthorityHub
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.3.313
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EC47A816-645F-C11E-8B56-C255E704A272}" = AdOptimizer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"7620-0758-4357-2556" = Woopra 1.4
"A24B23EB-0632-4D92-B087-011CAE348023" = Sigil
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Artisteer 2" = Artisteer 2
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor" = Belarc Advisor 8.1
"BlueprintMarketing.AuthorityHub.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = AuthorityHub
"CB Import" = CB Import
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CommissionBlueprint.AdOptimizer.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = AdOptimizer
"CommissionBlueprint.KeywordBlueprint.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = KeywordBlueprint
"CommissionBlueprint.OfferEvaluator.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1" = OfferEvaluator
"EmailGenerator Platinum_is1" = EmailGenerator Platinum 11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Ever Profits Toolbar_is1" = Ever Profits Toolbar 1.9.5026 (Beta)
"FairUse Wizard 2" = FairUse Wizard 2
"Foxit Reader" = Foxit Reader
"HideIPEasy" = Hide IP Easy
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"iZotope Ozone 4_is1" = iZotope Ozone 4
"KeyScrambler" = KeyScrambler
"Keyword Samurai Premium_is1" = Keyword Samurai Premium v1.01
"LHTTSENG" = L&H TTS3000 British English
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Polipo" = Polipo 1.0.4.1
"PremiumSoft Navicat for MySQL_is1" = PremiumSoft Navicat 9.0 for MySQL
"PremiumSoft Navicat for SQLite_is1" = PremiumSoft Navicat 9.0 for SQLite
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 9.0
"ProcessLasso" = Process Lasso
"Secunia PSI" = Secunia PSI
"SENuke_is1" = SENuke
"seopowersuite" = Rank Tracker
"Spotify" = Spotify
"TheSage" = TheSage
"Tor" = Tor 0.2.1.26
"Traffic Travis_is1" = Traffic Travis 3.3.4
"TuneUp Utilities" = TuneUp Utilities
"TweetGlide.4C2CA0B91861599E32033FE57CA969D1117C4915.1" = TweetGlide
"UltraISO_is1" = UltraISO Premium V9.36
"Vidalia" = Vidalia 0.2.9
"VLC media player" = VLC media player 1.1.4
"WampServer 2_is1" = WampServer 2.0
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XanaduSpace" = XanaduSpace
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-335727221-1544579737-4212433366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"c6b847ce69ac7a91" = Feed My Tweeter
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Time and Date 1.32" = Time and Date 1.32
"WinDirStat" = WinDirStat 1.1.2
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/10/2010 00:05:23 | Computer Name = computerName | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23203797

Error - 20/10/2010 06:16:47 | Computer Name = computerName | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: ntdll.dll, version: 6.1.7600.16559,
time stamp: 0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00022262 Faulting
process id: 0x1014 Faulting application start time: 0x01cb6fc8594c816b Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 24afcb48-dc33-11df-876f-001986001b91

Error - 20/10/2010 12:02:08 | Computer Name = computerName | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3909,
time stamp: 0x4c8fdc89 Faulting module name: NPSWF32.dll, version: 10.1.85.3, time
stamp: 0x4c900e20 Exception code: 0xc0000005 Fault offset: 0x0016c18d Faulting process
id: 0x6c4 Faulting application start time: 0x01cb706f6ad28a1f Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module
path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll Report Id: 63d0a964-dc63-11df-ac8c-001986001b91

Error - 20/10/2010 18:05:13 | Computer Name = computerName | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4c98293e Faulting module name: gcswf32.dll, version: 10.1.85.3, time stamp: 0x4c91ad25
Exception
code: 0xc0000005 Fault offset: 0x0037796c Faulting process id: 0x914 Faulting application
start time: 0x01cb70a24ce9b232 Faulting application path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\6.0.472.63\gcswf32.dll
Report
Id: 1c2ce0b4-dc96-11df-af96-001986001b91

Error - 20/10/2010 18:20:34 | Computer Name = computerName | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1354 Start Time:
01cb70a22235031b Termination Time: 38 Application Path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 37dd9cf6-dc98-11df-af96-001986001b91

Error - 21/10/2010 06:17:57 | Computer Name = computerName | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4c98293e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xcf8 Faulting application
start time: 0x01cb7105223ae771 Faulting application path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 78dae45e-dcfc-11df-af96-001986001b91

Error - 21/10/2010 12:10:43 | Computer Name = computerName | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4c98293e Faulting module name: chrome.dll, version: 6.0.472.63, time stamp: 0x4c982907
Exception
code: 0x80000003 Fault offset: 0x00003329 Faulting process id: 0xc3c Faulting application
start time: 0x01cb711909b0923b Faulting application path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Laptop\AppData\Local\Google\Chrome\Application\6.0.472.63\chrome.dll
Report
Id: c1021673-dd2d-11df-af96-001986001b91

Error - 21/10/2010 14:31:20 | Computer Name = computerName | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 21/10/2010 14:34:21 | Computer Name = computerName | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()
failed. System Error: 0xC0000039 (unresolvable).

Error - 21/10/2010 14:34:23 | Computer Name = computerName | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path()
failed. System Error: 0xC0000039 (unresolvable).

[ OSession Events ]
Error - 15/03/2010 12:11:28 | Computer Name = computerName | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/07/2010 07:07:56 | Computer Name = computerName | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:06:32 on ?03/?07/?2010 was unexpected.

Error - 03/07/2010 07:26:08 | Computer Name = computerName | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 03/07/2010 07:28:54 | Computer Name = computerName | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 03/07/2010 07:28:54 | Computer Name = computerName | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume H: encountered
a non-retryable error and could not start. The data contains the error code.

Error - 03/07/2010 07:28:57 | Computer Name = computerName | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

Error - 03/07/2010 08:58:39 | Computer Name = computerName | Source = bowser | ID = 8003
Description =

Error - 03/07/2010 11:13:13 | Computer Name = computerName | Source = Service Control Manager | ID = 7034
Description = The Ati External Event Utility service terminated unexpectedly. It
has done this 1 time(s).

Error - 03/07/2010 12:01:50 | Computer Name = computerName | Source = EventLog | ID = 6008
Description = The previous system shutdown at 16:28:15 on ?03/?07/?2010 was unexpected.

Error - 03/07/2010 13:37:08 | Computer Name = computerName | Source = Service Control Manager | ID = 7034
Description = The Ati External Event Utility service terminated unexpectedly. It
has done this 1 time(s).

Error - 03/07/2010 14:26:48 | Computer Name = computerName | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

[ TuneUp Events ]
Error - 13/08/2010 00:13:58 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 13/08/2010 00:13:58 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 13/08/2010 00:13:58 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21/08/2010 07:44:15 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21/08/2010 13:11:06 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21/08/2010 13:11:07 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21/08/2010 13:11:07 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 24/08/2010 18:06:22 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 24/08/2010 18:06:22 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 24/08/2010 18:06:22 | Computer Name = computerName | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >


==============================================================

Please download Rootkit Unhooker and save it to your Desktop

* Double-click on RKUnhookerLE to run it


Then I get the error:

Posted Image



=================================
One Microsoft update I cannot get rid of is Live Essentials 2011 :crazy: :

Posted Image


Edited by londonliving, 29 October 2010 - 05:33 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 30 October 2010 - 03:51 AM

Hi there, please let me know how things running after the following fix.

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    O4 - HKLM..\Run: [Win Logon] C:\Users\Laptop\AppData\Roaming\extract.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Win Logon = C:\Users\Laptop\AppData\Roaming\extract.exe File not found
    
    :commands
    [emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 30 October 2010 - 06:17 AM

Hi thanks for the quick reply.


Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


The OTL program ran through and when it came to the
[emptytemp]
command it ran through, but the green bar didn't stop, so I manually selected restart which generated the report.

I will try to use the RKUnhook as your first post.

UPDATE: No success, same error message as above.

Error loading driver, NTSTATUS code: 0xC00036B

Ran OTL again and left it for around 10 minutes, got the OK to Restart screen.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Win Logon not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\Win Logon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Laptop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 389210734 bytes
->Java cache emptied: 2348526 bytes
->FireFox cache emptied: 65247283 bytes
->Google Chrome cache emptied: 19829530 bytes
->Opera cache emptied: 23654426 bytes
->Flash cache emptied: 296272 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 383525446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 121085 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 843.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10302010_122247

Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


RKUnhook still returns the same error

Edited by londonliving, 30 October 2010 - 06:40 AM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 30 October 2010 - 06:51 AM

Sorry for not clarifying, rootkit unhooker does not run well on 64 bit systems.

Please let me know how things are running now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 30 October 2010 - 03:21 PM

Rootkit Unhooker is not working, so I am no further forward.

As you can see from my NOD32 log, HomeNetworking.dll is still a real problem:

Posted Image


As Internet Explorer 8 does not funtion either, there are certain features I cannot turn off in the automatic updates.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 30 October 2010 - 03:31 PM

Hi, the latest HomeNetworking entry there is from 29 october. Your log shows the file is gone. We can delete the attached startup entry.

Please run the following as an OTL fix (instructions the same as before.
:otl
O4 - HKU\S-1-5-21-335727221-1544579737-4212433366-1001..\Run: [HomeNetworking] File not found

:commands
[emptytemp]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 30 October 2010 - 07:03 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-335727221-1544579737-4212433366-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HomeNetworking deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Laptop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3941190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82433935 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 984 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10312010_004708

Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

===================================================================

Seems to have done the trick on HomeNetworking.dll (not to be confused with homenetworking.log from Norton / Symantec - for those who read this later :) )

No report from NOD32 :clapping:

IE8 still fires up and disappears, I can see the window appear and immediately vanish.

RKUnhook still gives the same error, despite trying in different modes.

Edited by londonliving, 30 October 2010 - 07:05 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 31 October 2010 - 02:39 AM

Hi, see a previous post, RKU doesn't run on 64 bit systems. :)

Please reset IE8 and see if that fixes the problem.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 31 October 2010 - 05:17 AM

I've tried the IE reset before, but am still left with the same window popping up and disappearing.

The 'Fix It For Me' on Microsoft's site does not run on Windows 7 :wacko:

If I try to install IE8 again from Internet Explorer Downloads Page the Windows 7 x64 option is not there :huh:

Posted Image


When I do choose any to reinstall the error message is that I have a newer version already installed :thumbdown:

That is not true as IE9 beta never completed and this too says I have a newer version if I try that again! :killcomp:

ANy suggestions?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 31 October 2010 - 05:52 AM

Did you try to uninstall your version first from Add/Remove programs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 londonliving

londonliving
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:05 AM

Posted 31 October 2010 - 04:20 PM

Yes, but it simply does not appear in the list :crazy:

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,821 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:05 PM

Posted 01 November 2010 - 02:45 AM

Please click Start > Control Panel > Programs and Features > Turn Windows Features ON/OFF.

Disabled IE8, restart your computer, then re-enable it and see if the problem is still there.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users