Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Browser Hijacker


  • This topic is locked This topic is locked
12 replies to this topic

#1 aliefjoker

aliefjoker

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 19 November 2010 - 05:48 AM

I'm on Win7 os using Firefox as my browser and have been hit with a browser hijacker. I've ran the following programs:
AVG Internet Security 2011
Ad-Aware
HijackThis
CCleaner
and they all show that I don't have a problem. The browser redirects are random and it's hard to figure out who's behind it because I'm never sent to the same page. Sometimes I get sent to different websites, different search engines, and advertisement sites for local businesses.

I just went thru the prep guide and couldn't get the DDS to work but the Gmer did. I've attached my log.

I appreciate any and all help in resolving this issue!

Attached Files

  • Attached File  ark.txt   13.92KB   2 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 21 November 2010 - 11:00 AM

Hi

Please run the following:


  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 23 November 2010 - 11:05 PM

OTL logfile created on: 11/23/2010 9:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Documents\Downloads\Programs
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 141.59 Gb Free Space | 30.41% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.66 Mb Free Space | 61.66% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2010/11/23 20:16:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\My Documents\Downloads\Programs\OTL.exe
PRC - [2010/11/05 23:52:42 | 000,640,760 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010/11/05 23:52:42 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/05 23:52:41 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 16:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 16:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 16:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 00:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/09/07 02:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 02:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/05/26 10:16:20 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 20:16:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\My Documents\Downloads\Programs\OTL.exe
MOD - [2010/07/27 20:22:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/07/13 19:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/13 19:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2009/07/13 19:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/13 19:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2009/07/13 19:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/07/13 19:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009/07/13 19:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009/07/13 19:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/13 19:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009/07/13 19:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009/07/13 19:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009/07/13 19:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009/07/13 19:15:40 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009/07/13 19:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/13 19:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/07/13 19:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009/07/13 19:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 19:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 15:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/03/26 07:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/11/05 23:52:41 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 00:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2009/08/18 05:06:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\eamonm.sys -- (eamonm)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 03:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/05/23 19:54:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 09:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 15:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C A3 E5 ED E2 84 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/05 15:10:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 16:40:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/19 20:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/04/18 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/04/18 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/11/23 12:58:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions
[2010/11/06 03:13:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/28 15:01:41 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/11/05 01:58:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\keyscrambler@qfx.software.corporation
[2010/04/19 00:59:12 | 000,001,504 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\searchplugins\imdb.xml
[2009/09/25 12:54:03 | 000,004,140 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\searchplugins\youtube.xml
[2010/11/23 12:58:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/19 20:30:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/19 20:30:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe File not found
O4 - HKCU..\Run: [U36VRSFLG6] C:\Users\Owner\AppData\Local\Temp\Bff.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.217.126.81 207.217.77.82
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/18 05:09:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00319758-8bde-11de-a4cc-406186490d78}\Shell - "" = AutoRun
O33 - MountPoints2\{00319758-8bde-11de-a4cc-406186490d78}\Shell\AutoRun\command - "" = G:\launcher.exe -- File not found
O33 - MountPoints2\{95117df7-5ef8-11df-97ae-406186490d78}\Shell - "" = AutoRun
O33 - MountPoints2\{95117df7-5ef8-11df-97ae-406186490d78}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EF41710-7E57-E88C-4D51-04B95427B5DE} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FA04EEC-8323-93D7-BAAE-CDBE0011C68C} - Microsoft Windows Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {966A4C32-9367-A7E7-88E1-48E1EBB84782} - Internet Explorer
ActiveX: {98C8529C-7645-FECC-E9B7-2092C9D6D6FD} - Microsoft Windows Media Player 12.0
ActiveX: {A6709EDC-AEE0-B317-3374-66C55FCEA77B} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 360 Days ==========

[2010/11/21 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Seen.WBZ
[2010/11/20 03:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/20 03:19:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/11/20 03:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/19 21:25:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/19 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\.android
[2010/11/19 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.netbeans
[2010/11/19 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\.netbeans-registration
[2010/11/19 20:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.9.1
[2010/11/19 20:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/11/19 20:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\.nbi
[2010/11/19 20:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/19 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/19 20:30:14 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/19 20:30:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/19 20:30:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/19 20:30:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/19 20:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/19 03:14:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Android Apps
[2010/11/19 01:39:42 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/11/15 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/08 20:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/06 16:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 23:52:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/11/05 23:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/05 23:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/05 23:50:37 | 034,543,112 | ---- | C] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-AwareAE.exe
[2010/11/05 01:44:38 | 000,114,952 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2010/11/05 01:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2010/11/04 16:36:26 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/04 09:00:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/11/04 08:59:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/04 08:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/04 08:58:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/04 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/04 08:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/04 01:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/11/01 14:05:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\N.E.R.D.-Nothing_(Deluxe_Edition)-2010-DOH
[2010/10/28 05:04:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Journey - Greatest Hits DVD 1978.-1997 (2004)
[2010/10/13 20:00:48 | 000,215,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msadds32.ax
[2010/10/13 20:00:47 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMV9VCM.DLL
[2010/10/13 20:00:46 | 000,000,000 | ---D | C] -- C:\TESTOUT
[2010/10/13 17:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/13 17:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/05 10:38:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Storm8
[2010/09/28 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Downloads
[2010/09/28 15:01:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Megaupload
[2010/09/28 15:00:30 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/09/28 15:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Megaupload
[2010/09/26 01:34:09 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/09/26 01:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/09/26 01:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/09/26 01:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/26 01:31:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/26 01:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/26 01:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/09/26 01:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/26 01:28:41 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/17 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Microsoft Office Professional 2007
[2010/09/13 15:27:54 | 000,025,680 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2010/09/12 13:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/09/09 10:55:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2010/09/08 10:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/09/08 10:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/09/07 02:49:00 | 000,298,448 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/07 02:48:56 | 000,034,384 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/07 02:48:54 | 000,249,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/07 02:48:50 | 000,026,064 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/08/31 10:51:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Relmtech
[2010/08/31 10:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\Relmtech
[2010/08/31 10:44:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
[2010/08/19 20:42:38 | 000,123,472 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2010/08/19 20:42:38 | 000,030,288 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSFilter.sys
[2010/08/19 20:42:36 | 000,021,072 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2010/08/18 05:52:55 | 000,000,000 | -H-D | C] -- C:\Users\Owner\Documents\OY
[2010/08/17 03:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/08/05 02:03:28 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2010/08/05 02:03:28 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2010/08/05 02:03:28 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2010/08/05 02:03:28 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2010/08/05 02:03:28 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicMgr.dll
[2010/08/05 02:03:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\InstallShield
[2010/08/05 01:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/08/05 01:59:39 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\System32\esdevapp.exe
[2010/08/05 01:59:39 | 000,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2010/08/05 01:59:39 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escdev.dll
[2010/08/05 01:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/07/30 05:50:22 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\MameUI32_0.132
[2010/07/30 03:28:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Classic.80's.Games.Pack.by.itsandy
[2010/07/27 20:30:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Adobe Scripts
[2010/07/27 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/27 17:44:10 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010/07/27 17:44:10 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010/07/22 23:31:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\IDM
[2010/07/22 23:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2010/07/19 17:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/07/19 17:34:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PhotoshopPortable
[2010/07/12 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Coby Media Manager
[2010/07/12 21:38:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Coby
[2010/07/12 03:34:02 | 000,054,112 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/07 22:04:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Thinstall
[2010/07/04 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DOSBox
[2010/07/04 15:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/07/01 01:25:26 | 000,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\Windows\System32\GplMpgDec.ax
[2010/07/01 01:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
[2010/06/29 00:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/06/29 00:14:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2010/06/26 13:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/06/26 13:34:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2010/06/09 16:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/06/07 23:43:50 | 000,046,928 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/06/07 10:10:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2010/06/07 09:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/05/30 09:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\CDisplay
[2010/05/26 06:57:42 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\idmmbc.dll
[2010/05/23 19:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010/05/23 19:54:30 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/05/23 19:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/23 19:53:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
[2010/05/23 19:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/05/23 19:04:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Allok 3GP PSP MP4 iPod Video Converter BY MEGAFAWKES
[2010/05/16 15:05:33 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Shapes
[2010/05/16 15:02:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft Help
[2010/05/16 15:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/15 18:33:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/05/15 18:33:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2010/05/15 18:33:06 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/15 18:33:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/15 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/15 18:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/15 18:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/15 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/15 17:42:34 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents\Systema Gunpoint Supremacy (DVD)
[2010/05/03 09:43:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/05/03 09:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/29 07:49:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Diagnostics
[2010/04/27 04:12:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dvdcss
[2010/04/21 22:40:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2010/04/21 13:58:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ConvertXToDVD
[2010/04/21 12:36:10 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2010/04/21 12:36:10 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2010/04/21 12:36:10 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2010/04/21 12:36:10 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2010/04/21 12:36:10 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2010/04/21 12:36:10 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2010/04/21 12:36:10 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2010/04/21 12:36:10 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2010/04/21 12:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/04/20 02:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/19 19:47:44 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010/04/18 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/04/18 15:15:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\TomTom
[2010/04/18 15:15:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TomTom
[2010/04/18 15:15:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\TomTom
[2009/08/18 04:38:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 360 Days ==========

[2010/11/23 21:19:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/23 21:06:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/23 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 17:37:55 | 099,967,159 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/23 13:45:34 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/23 13:45:34 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/23 12:55:02 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 12:55:02 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 12:47:46 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 12:47:40 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\phuvqwlwr.job
[2010/11/23 12:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/23 12:47:35 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 00:52:17 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/20 03:24:05 | 000,001,456 | ---- | M] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/19 20:33:39 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010/11/19 20:30:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/19 20:30:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/19 20:30:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/19 20:30:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/19 20:21:48 | 000,632,241 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/19 04:05:04 | 000,000,176 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/11/17 11:03:27 | 000,001,189 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2010/11/17 08:27:28 | 942,358,528 | ---- | M] () -- C:\Users\Owner\Desktop\LET.THE.RIGHT.ONE.IN.ENGLISH.DVDRIP.XVID.TFE.AVI
[2010/11/17 07:49:12 | 734,052,352 | ---- | M] () -- C:\Users\Owner\Desktop\Superbad.avi
[2010/11/17 01:59:07 | 944,013,312 | ---- | M] () -- C:\Users\Owner\Desktop\Pirates of The Caribbean At Worlds End.avi
[2010/11/16 22:02:20 | 1589,078,698 | ---- | M] () -- C:\Users\Owner\Desktop\Buried.avi
[2010/11/16 13:26:09 | 000,004,314 | ---- | M] () -- C:\All Star Comedy Jam.mds
[2010/11/16 13:26:03 | 097,648,639 | ---- | M] () -- C:\All Star Comedy Jam.iso
[2010/11/15 16:11:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 20:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.exe
[2010/11/06 23:12:16 | 3937,035,200 | ---- | M] () -- C:\Users\Owner\Desktop\Eat Pray Love.avi
[2010/11/06 16:24:33 | 000,002,963 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/11/05 23:52:55 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/11/05 23:52:00 | 000,001,124 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/05 23:52:00 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/05 15:10:55 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/04 08:46:14 | 000,000,000 | ---- | M] () -- C:\ClientRegistry.blob
[2010/11/04 06:58:16 | 000,105,984 | RHS- | M] () -- C:\Windows\System32\KBDAZEY.dll
[2010/11/04 01:20:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/10/27 22:42:32 | 000,001,186 | ---- | M] () -- C:\Users\Owner\Desktop\ConvertXtoDVD 4.lnk
[2010/10/20 08:35:49 | 000,004,314 | ---- | M] () -- C:\Users\Owner\Documents\Jonah Hex.mds
[2010/10/20 08:35:45 | 1647,116,288 | ---- | M] () -- C:\Users\Owner\Documents\Jonah Hex.iso
[2010/10/06 11:18:07 | 000,028,672 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 15:00:43 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Mega Manager.lnk
[2010/09/26 06:32:21 | 003,779,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/24 09:47:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/21 17:35:36 | 000,001,811 | ---- | M] () -- C:\Users\Owner\Desktop\ImgBurn.lnk
[2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2010/09/09 10:54:11 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/09/08 10:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/09/08 10:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSDriver.sys
[2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSFilter.sys
[2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSShim.sys
[2010/08/01 01:00:28 | 000,028,630 | ---- | M] () -- C:\Users\Owner\Documents\YouMail Voicemail Greeting - No one wants to buy your bleep (for solicitors).mp3
[2010/07/27 17:44:10 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2010/07/27 17:44:10 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2010/07/12 03:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/07 22:09:08 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/07/01 01:25:26 | 000,001,237 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Allok 3GP PSP MP4 iPod Video Converter.lnk
[2010/07/01 01:25:26 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Allok 3GP PSP MP4 iPod Video Converter.lnk
[2010/06/26 01:58:24 | 000,000,000 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\chrtmp
[2010/06/07 09:48:03 | 000,001,106 | ---- | M] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2010/05/25 21:19:45 | 034,546,116 | ---- | M] () -- C:\Users\Owner\Documents\Penthouse 2010-06 US.pdf
[2010/05/25 12:29:48 | 366,758,040 | ---- | M] () -- C:\Users\Owner\Desktop\NCIS - [07x24] - Rule Fifty-One.avi
[2010/05/23 19:54:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/04/21 12:36:14 | 000,087,608 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2010/04/21 12:36:14 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[2010/04/21 12:36:14 | 000,007,887 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2010/04/21 12:36:14 | 000,001,144 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2010/04/21 12:36:13 | 000,001,178 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/19 19:47:44 | 003,062,048 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2010/04/18 15:17:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/18 14:34:54 | 000,001,003 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Download Manager.lnk
[2010/03/08 20:52:49 | 000,015,872 | ---- | M] () -- C:\Users\Owner\Desktop\UnlockerAssistant.exe
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/11 09:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys

========== Files Created - No Company Name ==========

[2010/11/23 17:37:55 | 099,967,159 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/19 20:33:39 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010/11/19 20:21:48 | 000,632,241 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/19 04:49:59 | 000,068,692 | ---- | C] () -- C:\Users\Owner\Desktop\The Pianist.srt
[2010/11/19 04:49:24 | 736,638,976 | ---- | C] () -- C:\Users\Owner\Desktop\The Pianist.avi
[2010/11/19 04:17:33 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.exe
[2010/11/19 04:04:53 | 000,000,176 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/11/18 02:55:33 | 1589,078,698 | ---- | C] () -- C:\Users\Owner\Desktop\Buried.avi
[2010/11/17 08:51:54 | 1045,315,413 | ---- | C] () -- C:\Users\Owner\Desktop\The Hangover.mkv
[2010/11/17 07:32:44 | 942,358,528 | ---- | C] () -- C:\Users\Owner\Desktop\LET.THE.RIGHT.ONE.IN.ENGLISH.DVDRIP.XVID.TFE.AVI
[2010/11/17 07:28:23 | 734,052,352 | ---- | C] () -- C:\Users\Owner\Desktop\Superbad.avi
[2010/11/17 01:39:11 | 944,013,312 | ---- | C] () -- C:\Users\Owner\Desktop\Pirates of The Caribbean At Worlds End.avi
[2010/11/16 13:26:09 | 000,004,314 | ---- | C] () -- C:\All Star Comedy Jam.mds
[2010/11/16 13:21:16 | 097,648,639 | ---- | C] () -- C:\All Star Comedy Jam.iso
[2010/11/16 13:02:27 | 3937,035,200 | ---- | C] () -- C:\Users\Owner\Desktop\Eat Pray Love.avi
[2010/11/15 16:11:51 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 20:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/06 23:55:47 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/06 16:24:33 | 000,002,963 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/11/06 03:12:41 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/11/05 23:52:00 | 000,001,124 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/05 23:52:00 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/04 08:59:25 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/04 08:46:14 | 000,000,000 | ---- | C] () -- C:\ClientRegistry.blob
[2010/11/04 06:59:23 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/11/04 06:59:19 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/11/04 06:58:16 | 000,105,984 | RHS- | C] () -- C:\Windows\System32\KBDAZEY.dll
[2010/11/04 06:58:16 | 000,000,310 | -HS- | C] () -- C:\Windows\tasks\phuvqwlwr.job
[2010/10/20 08:35:49 | 000,004,314 | ---- | C] () -- C:\Users\Owner\Documents\Jonah Hex.mds
[2010/10/20 08:33:23 | 1647,116,288 | ---- | C] () -- C:\Users\Owner\Documents\Jonah Hex.iso
[2010/10/15 23:58:47 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/15 23:58:46 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/28 15:00:43 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Mega Manager.lnk
[2010/09/24 09:47:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/09/21 17:35:36 | 000,001,811 | ---- | C] () -- C:\Users\Owner\Desktop\ImgBurn.lnk
[2010/09/16 16:57:25 | 004,807,803 | ---- | C] () -- C:\Users\Owner\Desktop\Renegade Training for Football- The Ultimate Guide to Developing Maximum Strength, Maximum Speed and Maximum Power(AvaxH).pdf
[2010/09/14 22:24:38 | 366,758,040 | ---- | C] () -- C:\Users\Owner\Desktop\NCIS - [07x24] - Rule Fifty-One.avi
[2010/09/09 10:54:11 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/08/05 02:03:28 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/08/05 02:03:28 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/08/05 02:03:28 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/08/05 02:03:28 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/08/05 02:03:28 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/08/05 02:03:28 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/08/05 02:03:28 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/08/05 02:03:28 | 000,012,669 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/08/05 02:03:28 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/08/05 02:03:28 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/08/05 02:03:28 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/08/05 02:03:28 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/08/05 02:03:28 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/08/05 02:03:28 | 000,006,226 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/08/05 02:03:28 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/08/05 02:03:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/08/05 02:03:28 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/08/05 02:03:28 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/08/05 02:03:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/08/05 02:03:28 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/08/05 02:03:28 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/08/05 02:03:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/08/01 01:00:50 | 000,028,630 | ---- | C] () -- C:\Users\Owner\Documents\YouMail Voicemail Greeting - No one wants to buy your bleep (for solicitors).mp3
[2010/07/19 17:39:58 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/01 01:25:26 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/07/01 01:25:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/07/01 01:25:26 | 000,001,237 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Allok 3GP PSP MP4 iPod Video Converter.lnk
[2010/07/01 01:25:26 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Allok 3GP PSP MP4 iPod Video Converter.lnk
[2010/06/26 01:58:24 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\chrtmp
[2010/06/17 19:00:25 | 026,606,512 | ---- | C] () -- C:\Users\Owner\Documents\streammedias.com.PME200912.pdf
[2010/06/15 18:35:56 | 000,028,672 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 09:48:03 | 000,001,106 | ---- | C] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2010/05/30 04:18:04 | 001,041,668 | ---- | C] () -- C:\Users\Owner\Documents\7_Super_Supplements.pdf
[2010/05/30 04:18:04 | 000,824,186 | ---- | C] () -- C:\Users\Owner\Documents\111_Egg_Recipes.pdf
[2010/05/30 04:18:04 | 000,646,383 | ---- | C] () -- C:\Users\Owner\Documents\The_Best_Natural_Ways_to_Raise_Testosterone_Levels.pdf
[2010/05/30 04:18:04 | 000,631,579 | ---- | C] () -- C:\Users\Owner\Documents\LOW_CARB_RECIPES.pdf
[2010/05/30 04:18:04 | 000,541,724 | ---- | C] () -- C:\Users\Owner\Documents\Fish_Recipes.pdf
[2010/05/30 04:18:04 | 000,516,164 | ---- | C] () -- C:\Users\Owner\Documents\Chicken_Recipes.pdf
[2010/05/30 04:18:04 | 000,128,419 | ---- | C] () -- C:\Users\Owner\Documents\hm_supp_bonus_pre-workout.pdf
[2010/05/30 04:18:04 | 000,083,058 | ---- | C] () -- C:\Users\Owner\Documents\_Protein_Shake_Recipes.pdf
[2010/05/30 04:18:04 | 000,036,184 | ---- | C] () -- C:\Users\Owner\Documents\PROTEIN_BAR_RECIPES.pdf
[2010/05/30 04:18:04 | 000,027,870 | ---- | C] () -- C:\Users\Owner\Documents\Protein_Shake_Recipes-02.pdf
[2010/05/30 04:18:04 | 000,021,345 | ---- | C] () -- C:\Users\Owner\Documents\High_Protein_Snacks_HFL.pdf
[2010/05/30 04:04:59 | 034,546,116 | ---- | C] () -- C:\Users\Owner\Documents\Penthouse 2010-06 US.pdf
[2010/05/16 15:03:21 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/22 14:36:06 | 000,001,186 | ---- | C] () -- C:\Users\Owner\Desktop\ConvertXtoDVD 4.lnk
[2010/04/21 21:58:54 | 000,350,720 | ---- | C] () -- C:\Users\Owner\Desktop\hjsplit.exe
[2010/04/21 12:36:13 | 000,001,178 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/04/21 12:32:24 | 000,001,189 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2010/04/20 02:45:45 | 000,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2010/04/18 15:17:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/18 14:34:54 | 000,001,003 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Download Manager.lnk
[2010/03/08 20:52:49 | 000,015,872 | ---- | C] () -- C:\Users\Owner\Desktop\UnlockerAssistant.exe
[2009/08/18 04:39:08 | 000,000,034 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.log
[2009/08/18 04:38:54 | 000,087,608 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2009/08/18 04:38:54 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2009/08/18 04:38:54 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2009/08/18 04:35:24 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\monFDE.log
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >

OTL Extras logfile created on: 11/23/2010 9:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Documents\Downloads\Programs
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 141.59 Gb Free Space | 30.41% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.66 Mb Free Space | 61.66% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UACDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{ADFBA869-0359-4C24-8CEF-DB0FBE90B987}" = Mega Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC73BB64-DC02-4ECA-9616-7133BAA4D104}" = Unified Remote
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.4.338
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ImgBurn" = ImgBurn
"Internet Download Manager" = Internet Download Manager
"KeyScrambler" = KeyScrambler
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Unlocker" = Unlocker 1.9.0
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Winrar 3.93" = Winrar 3.93
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2010 1:46:44 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:46:44 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:46:44 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 328: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:47:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 10.1.0.54, time stamp:
0x4cdba448 Faulting module name: CoreAudioToolbox.dll, version: 7.9.4.0, time stamp:
0x4cd1b043 Exception code: 0xc000001d Fault offset: 0x000b2f84 Faulting process id:
0x708 Faulting application start time: 0x01cb874893e6723c Faulting application path:
C:\Program Files\iTunes\iTunes.exe Faulting module path: C:\Program Files\Common
Files\Apple\Apple Application Support\CoreAudioToolbox.dll Report Id: d8acae9f-f33b-11df-afac-406186490d78

Error - 11/18/2010 1:47:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program iTunes because of this error. Program: iTunes File: The error
value is listed in the Additional Data section. User Action 1. Open the file again.
This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 328: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 2:26:09 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 2:26:09 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 9/4/2010 8:39:45 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 1:18:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 5:52:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 10:16:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/5/2010 8:24:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/5/2010 3:47:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/6/2010 6:51:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/6/2010 2:33:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/7/2010 2:11:47 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/7/2010 7:14:49 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2


< End of report >

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 23 November 2010 - 11:34 PM

Hi

Please do the following:

This next program, ComboFix, is needed to remove the malware entries I see. However...AVG incorrectly targets ComboFix's embedded files. ComboFix will not run with AVG installed. Please uninstall AVG before continuing. You can reinstall it, or another antivirus such as Microsoft Security Essentials, Avira or avast!, after we've used ComboFix to clear the remaining infection.

After uninstalling AVG from the Control Panel, also run the AVG remover from their site.

http://www.avg.com/us-en/download-tools

direct link to the AVG Remover:

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1149.exe

You may also use this tool to uninstall AVG:
http://www.appremover.com/appremover/avg/AppRemover.exe

Instructions:
http://www.appremover.com/about/using-appremover.html


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 24 November 2010 - 08:24 PM

ComboFix 10-11-24.01 - Owner 11/24/2010 19:17:47.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.2230 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Roaming\chrtmp
c:\users\Owner\AppData\Roaming\inst.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf

.
((((((((((((((((((((((((( Files Created from 2010-10-25 to 2010-11-25 )))))))))))))))))))))))))))))))
.

2010-11-25 01:21 . 2010-11-25 01:22 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-11-25 01:21 . 2010-11-25 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 10:01 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-11-20 09:19 . 2010-11-24 19:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-20 09:19 . 2010-11-24 09:49 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2010-11-20 03:25 . 2010-11-20 03:25 -------- d-----w- c:\windows\Sun
2010-11-20 02:44 . 2010-11-20 07:03 -------- d-----w- c:\users\Owner\.android
2010-11-20 02:34 . 2010-11-20 02:42 -------- d-----w- c:\users\Owner\.netbeans
2010-11-20 02:34 . 2010-11-20 02:34 -------- d-----w- c:\users\Owner\.netbeans-registration
2010-11-20 02:32 . 2010-11-20 02:34 -------- d-----w- c:\program files\NetBeans 6.9.1
2010-11-20 02:32 . 2010-11-20 02:32 -------- d-----w- c:\program files\Sun
2010-11-20 02:30 . 2010-11-20 02:37 -------- d-----w- c:\users\Owner\.nbi
2010-11-20 02:30 . 2010-11-20 02:30 -------- d-----w- c:\program files\Common Files\Java
2010-11-20 02:30 . 2010-11-20 02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-20 02:30 . 2010-11-20 02:30 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-20 02:30 . 2010-11-20 02:31 -------- d-----w- c:\program files\Java
2010-11-15 22:11 . 2010-11-15 22:11 -------- d-----w- c:\program files\iTunes
2010-11-15 22:11 . 2010-11-15 22:11 -------- d-----w- c:\program files\iPod
2010-11-09 02:16 . 2010-11-09 02:16 -------- d-----w- c:\program files\CCleaner
2010-11-06 22:24 . 2010-11-06 22:24 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-06 22:24 . 2010-11-06 22:24 -------- d-----w- c:\program files\Trend Micro
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 09:12 . 2010-11-06 05:52 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-06 05:52 . 2010-11-06 05:52 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-11-06 05:51 . 2010-11-06 05:51 -------- d-----w- c:\program files\Lavasoft
2010-11-06 05:51 . 2010-11-06 05:52 -------- d-----w- c:\programdata\Lavasoft
2010-11-05 07:44 . 2010-11-05 07:58 -------- d-----w- c:\program files\KeyScrambler
2010-11-05 07:44 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-11-04 14:59 . 2010-11-04 14:59 -------- d--h--w- c:\programdata\Common Files
2010-11-04 14:54 . 2010-11-04 14:58 -------- d-----w- c:\programdata\MFAData
2010-11-04 12:58 . 2010-11-04 12:58 105984 --sha-r- c:\windows\system32\KBDAZEY.dll
2010-11-04 07:19 . 2010-11-04 14:55 -------- d-----w- c:\programdata\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-06 524632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-06 1029456]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-24 691696]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:52]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 05:58]

2010-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 05:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\users\Owner\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
HKLM-Run-Adobe_ID0ENQBO - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
HKLM-Run-AdobeAAMUpdater-1.0 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
HKLM-Run-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-Run-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
AddRemove-Adobe_b2d6abde968e6f277ddbfd501383e02 - c:\program files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2195242472-1211443076-45756462-1000_Classes\CLSID\{198fef06-ac7d-4366-bae9-f4d12121345e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000cd
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_USERS\S-1-5-21-2195242472-1211443076-45756462-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4d,0f,ac,91,9a,87,0a,8b,b2,a3,0d,ad,79,82,93,e1,f6,9f,53,e6,20,
2a,4f,73,1f,c4,5e,fd,e6,98,58,ee,c7,52,3e,d3,33,39,c4,34,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-11-24 19:22:54
ComboFix-quarantined-files.txt 2010-11-25 01:22

Pre-Run: 149,946,351,616 bytes free
Post-Run: 151,238,979,584 bytes free

- - End Of File - - 4EDA21936F0578DB110CDAE4EE7AEF63

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 24 November 2010 - 10:50 PM

Hi

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 26 November 2010 - 07:58 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5195

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/26/2010 6:57:46 PM
mbam-log-2010-11-26 (18-57-46).txt

Scan type: Quick scan
Objects scanned: 145449
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 26 November 2010 - 10:29 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5608298aaa19bf48961dd056ae85311d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-27 03:14:49
# local_time=2010-11-26 09:14:49 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 1651321 1651321 0 0
# compatibility_mode=768 16777215 100 0 1036890 1036890 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 18842545 42364784 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=236703
# found=2
# cleaned=0
# scan_time=7695
C:\Users\Owner\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE probably a variant of Win32/Agent.KRKACQZ trojan 00000000000000000000000000000000 I
C:\Users\Owner\Videos\Certs\Hack.Training.Video.Course\Hack Training Video Course CD1.iso multiple threats 00000000000000000000000000000000 I

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 26 November 2010 - 11:54 PM

those items found by ESET appear to be false positives

how is the computer running now?

Are there any outstanding issues?

please post a fresh OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 28 November 2010 - 02:26 AM

Yes those are false positives. There haven't been any problems with the browser since I ran combofix and no outstanding issues that I'm aware of.



OTL logfile created on: 11/28/2010 1:23:51 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Documents\Downloads\Programs
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 135.03 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.66 Mb Free Space | 61.66% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/23 20:16:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\My Documents\Downloads\Programs\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/09 22:22:16 | 003,229,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/11/05 23:52:42 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/05 23:52:41 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/28 16:40:57 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/05/26 10:16:20 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 19:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010/11/23 20:16:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\My Documents\Downloads\Programs\OTL.exe
MOD - [2010/07/27 20:22:00 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/07/13 19:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/07/13 19:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/07/13 19:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009/07/13 19:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009/07/13 19:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 19:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009/07/13 19:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009/07/13 19:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009/07/13 19:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 19:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 19:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 19:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/07/13 19:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 19:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 19:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/07/13 19:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 19:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 19:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009/07/13 19:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 19:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/07/13 19:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 19:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009/07/13 19:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 15:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/03/26 07:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/09 22:22:16 | 003,229,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/05 23:52:41 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/18 05:06:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 19:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 19:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 19:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 19:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 19:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 19:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 19:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 19:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 19:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 19:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 19:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 19:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 19:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 19:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 19:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 19:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Windows\System32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/05/23 19:54:31 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 09:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/07/13 19:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 19:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 19:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 19:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 19:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 19:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 19:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 19:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 19:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 19:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 19:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 19:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 19:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 19:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 19:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 19:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 19:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 19:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 19:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 19:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 19:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 19:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 19:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 19:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 19:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 19:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 19:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 19:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 19:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 19:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 19:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 19:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 19:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 19:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 19:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 19:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 19:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 18:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 18:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 18:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 17:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 17:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 17:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 17:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 17:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 17:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 17:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 17:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 17:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 17:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 17:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 17:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 17:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 16:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 16:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 16:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 16:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 16:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 16:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 16:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 16:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 16:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 16:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 15:19:30 | 004,756,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A EC AA 79 CE 8D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.4
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8
FF - prefs.js..extensions.enabledItems: {40a1f5d7-afc2-498f-b264-02668d616ff6}:1.1
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 19:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 08:34:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/19 20:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/04/18 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/04/18 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/11/28 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions
[2010/11/06 03:13:30 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/28 15:01:41 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010/11/05 01:58:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\keyscrambler@qfx.software.corporation
[2010/11/25 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\extensions\vshareus@toolbar
[2010/04/19 00:59:12 | 000,001,504 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\searchplugins\imdb.xml
[2009/09/25 12:54:03 | 000,004,140 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\kmneqerv.default\searchplugins\youtube.xml
[2010/11/28 00:59:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/19 20:30:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/19 20:30:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/24 19:21:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.217.126.81 207.217.77.82
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/18 05:09:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {111D4224-B193-B07A-EF04-4539BB9364BA} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EF41710-7E57-E88C-4D51-04B95427B5DE} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FA04EEC-8323-93D7-BAAE-CDBE0011C68C} - Microsoft Windows Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {966A4C32-9367-A7E7-88E1-48E1EBB84782} - Internet Explorer
ActiveX: {98C8529C-7645-FECC-E9B7-2092C9D6D6FD} - Microsoft Windows Media Player 12.0
ActiveX: {A6709EDC-AEE0-B317-3374-66C55FCEA77B} - Themes Setup
ActiveX: {C8F43541-1DEA-4ADA-1FB1-D273F6F54943} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 06:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/11/27 06:16:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Plants vs. Zombies Game Of The Year Edition
[2010/11/26 21:33:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/26 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/26 18:57:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/26 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2010/11/26 18:22:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/26 18:22:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/26 18:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/26 18:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/26 08:27:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/26 04:36:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/11/26 04:36:45 | 000,000,000 | R--D | C] -- C:\Users\Owner\Podcasts
[2010/11/26 04:26:36 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/11/24 19:48:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/11/24 19:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/24 19:46:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/24 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/24 19:22:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/24 19:22:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/24 19:22:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2010/11/24 19:16:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/24 19:16:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/24 19:16:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/24 19:16:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/24 19:15:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/24 19:15:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/24 19:15:33 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/11/24 04:01:10 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/11/20 03:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/20 03:19:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/11/20 03:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/19 21:25:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/19 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\.android
[2010/11/19 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.netbeans
[2010/11/19 20:34:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\.netbeans-registration
[2010/11/19 20:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 6.9.1
[2010/11/19 20:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/11/19 20:30:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\.nbi
[2010/11/19 20:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/19 20:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/19 20:30:14 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/19 20:30:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/19 20:30:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/19 20:30:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/19 20:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/19 03:14:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Android Apps
[2010/11/15 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/15 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/09 22:20:58 | 000,299,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/11/08 20:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/06 16:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/05 23:52:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/11/05 23:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/05 23:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/05 23:50:37 | 034,543,112 | ---- | C] (Lavasoft ) -- C:\Users\Owner\Desktop\Ad-AwareAE.exe
[2010/11/05 01:44:38 | 000,114,952 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2010/11/05 01:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2010/11/04 08:59:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/04 08:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/04 01:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2009/08/18 04:38:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/28 01:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/28 01:03:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/27 23:09:42 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 23:09:42 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 23:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 23:01:26 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 20:32:44 | 100,372,435 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/27 15:51:06 | 000,001,189 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2010/11/27 12:09:06 | 000,004,314 | ---- | M] () -- C:\Mirrors.mds
[2010/11/27 12:09:00 | 4046,454,784 | ---- | M] () -- C:\Mirrors.iso
[2010/11/27 02:02:02 | 000,001,406 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2010/11/27 00:58:39 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/27 00:58:39 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/27 00:52:20 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/26 18:22:51 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 18:03:00 | 000,634,718 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/26 08:26:55 | 231,417,772 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/26 04:08:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/11/26 04:08:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/11/24 19:47:26 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/24 19:21:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/24 19:10:59 | 003,914,871 | R--- | M] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/24 14:59:09 | 987,516,208 | ---- | M] () -- C:\Users\Owner\Desktop\The.Next.Three.Days.2010.Cam.XviD.Feel-Free.avi
[2010/11/20 03:24:05 | 000,001,456 | ---- | M] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/19 20:33:39 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010/11/19 20:30:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/19 20:30:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/19 20:30:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/19 20:30:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/19 04:05:04 | 000,000,176 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/11/16 13:26:09 | 000,004,314 | ---- | M] () -- C:\All Star Comedy Jam.mds
[2010/11/16 13:26:03 | 097,648,639 | ---- | M] () -- C:\All Star Comedy Jam.iso
[2010/11/15 16:11:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/11/08 20:16:41 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/06 16:24:33 | 000,002,963 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/11/05 23:52:55 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/11/05 23:52:00 | 000,001,124 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/05 23:52:00 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/04 08:46:14 | 000,000,000 | ---- | M] () -- C:\ClientRegistry.blob
[2010/11/04 01:20:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2010/11/27 20:32:44 | 100,372,435 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/27 12:09:06 | 000,004,314 | ---- | C] () -- C:\Mirrors.mds
[2010/11/27 12:04:31 | 4046,454,784 | ---- | C] () -- C:\Mirrors.iso
[2010/11/27 02:42:59 | 001,084,072 | ---- | C] () -- C:\Users\Owner\Desktop\2000520_PM_EN.pdf
[2010/11/27 02:02:02 | 000,001,406 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2010/11/26 18:22:51 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/26 18:03:00 | 000,634,718 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/26 08:26:55 | 231,417,772 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/26 04:19:27 | 987,516,208 | ---- | C] () -- C:\Users\Owner\Desktop\The.Next.Three.Days.2010.Cam.XviD.Feel-Free.avi
[2010/11/26 04:08:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/11/26 04:08:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2010/11/24 19:47:26 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/24 19:16:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/24 19:16:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/24 19:16:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/24 19:16:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/24 19:16:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/24 19:10:56 | 003,914,871 | R--- | C] () -- C:\Users\Owner\Desktop\ComboFix.exe
[2010/11/19 20:33:39 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010/11/19 04:17:33 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.exe
[2010/11/19 04:04:53 | 000,000,176 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/11/16 13:26:09 | 000,004,314 | ---- | C] () -- C:\All Star Comedy Jam.mds
[2010/11/16 13:21:16 | 097,648,639 | ---- | C] () -- C:\All Star Comedy Jam.iso
[2010/11/15 16:11:51 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/08 20:16:41 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/06 23:55:47 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/06 16:24:33 | 000,002,963 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2010/11/06 03:12:41 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/11/05 23:52:00 | 000,001,124 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/05 23:52:00 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/04 08:46:14 | 000,000,000 | ---- | C] () -- C:\ClientRegistry.blob
[2010/08/05 02:03:28 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/07/19 17:39:58 | 000,001,456 | ---- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/01 01:25:26 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2010/07/01 01:25:26 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010/06/15 18:35:56 | 000,028,672 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/16 15:03:21 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/21 12:32:24 | 000,001,189 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2009/08/18 04:39:08 | 000,000,034 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.log
[2009/08/18 04:38:54 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2009/08/18 04:38:54 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2009/08/18 04:35:24 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\monFDE.log
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

< End of report >

OTL Extras logfile created on: 11/28/2010 1:23:51 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Documents\Downloads\Programs
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 135.03 Gb Free Space | 29.00% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.66 Mb Free Space | 61.66% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
"{ADFBA869-0359-4C24-8CEF-DB0FBE90B987}" = Mega Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC73BB64-DC02-4ECA-9616-7133BAA4D104}" = Unified Remote
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.4.338
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allok 3GP PSP MP4 iPod Video Converter_is1" = Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ImgBurn" = ImgBurn
"Internet Download Manager" = Internet Download Manager
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Unlocker" = Unlocker 1.9.0
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Winrar 3.93" = Winrar 3.93
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2010 1:47:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunes.exe, version: 10.1.0.54, time stamp:
0x4cdba448 Faulting module name: CoreAudioToolbox.dll, version: 7.9.4.0, time stamp:
0x4cd1b043 Exception code: 0xc000001d Fault offset: 0x000b2f84 Faulting process id:
0x708 Faulting application start time: 0x01cb874893e6723c Faulting application path:
C:\Program Files\iTunes\iTunes.exe Faulting module path: C:\Program Files\Common
Files\Apple\Apple Application Support\CoreAudioToolbox.dll Report Id: d8acae9f-f33b-11df-afac-406186490d78

Error - 11/18/2010 1:47:01 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program iTunes because of this error. Program: iTunes File: The error
value is listed in the Additional Data section. User Action 1. Open the file again.
This
situation might be a temporary problem that corrects itself when the program runs
again. 2. If the file still cannot be accessed and - It is on the network, your network
administrator should verify that there is not a problem with the network and that
the server can be contacted. - It is on a removable disk, for example, a floppy
disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check
and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
press ENTER. 4. If the problem persists, restore the file from a backup copy. 5.
Determine whether other files on the same disk can be opened. If not, the disk might
be damaged. If it is a hard disk, contact your administrator or computer hardware
vendor for further assistance. Additional Data Error value: 00000000 Disk type: 0

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 328: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 1:47:12 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 2:26:09 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/18/2010 2:26:09 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/23/2010 3:58:41 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/24/2010 5:33:39 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: plugin-container.exe, version: 1.9.2.3951,
time stamp: 0x4cc7add9 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x00046b90 Faulting
process id: 0x1168 Faulting application start time: 0x01cb8c0cbb4f69ec Faulting application
path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 7fe75ab7-f812-11df-9c68-406186490d78

Error - 11/27/2010 3:56:46 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IDMan.exe, version: 5.19.3.1, time stamp:
0x4bfd1b8e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x008bf9b8 Faulting process id: 0xa0c Faulting application
start time: 0x01cb8e2c445cae35 Faulting application path: C:\Program Files\Internet
Download Manager\IDMan.exe Faulting module path: unknown Report Id: 764793c3-fa60-11df-bae6-406186490d78

[ System Events ]
Error - 9/4/2010 8:39:45 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 1:18:02 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 5:52:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/4/2010 10:16:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/5/2010 8:24:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/5/2010 3:47:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/6/2010 6:51:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/6/2010 2:33:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/7/2010 2:11:47 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2

Error - 9/7/2010 7:14:49 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The eamonm service failed to start due to the following error: %%2


< End of report >

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 28 November 2010 - 11:00 AM

Hi

Just housekeeping to do now,

Please do the following:

You can delete the DDS and GMER logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image



NEXT


Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.



If there are any logs/tools remaining > right click and delete them.



NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Should you wish to contribute to my ongoing fight against malware, donations are being accepted >>Here<<


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 aliefjoker

aliefjoker
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 03 December 2010 - 02:32 PM

Sorry for the delayed response. Thank you for your help! I actually found out what happened since I share this computer with a friend. We're making sure to never do what he did again (opened a corrupt file without reading).

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:21 AM

Posted 03 December 2010 - 08:50 PM

You are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users