Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with virus and internet keeps redirecting me


  • This topic is locked This topic is locked
20 replies to this topic

#1 sabinrs

sabinrs

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 02 March 2011 - 06:45 PM

On my Windows 7 computer, I have been being redirected, by malware, to other advertisement or search engine sites. This has been going on for about one month now. I have not been opening any emails, nor going to any threatening websites. AVG Anti-Virus was not able to find it, even though it runs a scan every night. Everything else is working fine, but it's just the internet keeps redirecting me. It has not been going any slower, also. I don't know what caused this, and would like to get this removed. I was not able to find the specific name of it, because my software could not detect it.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Sabin at 17:32:27.97 on Wed 03/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1979.673 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\svchost.exe -k LPDService
C:\Windows\system32\lxeccoms.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Remote Mouse Server\RemoteMouse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Remote Mouse Server\RemoteMouse.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sabin\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REMOTE~1.LNK - C:\Program Files (x86)\Remote Mouse Server\RemoteMouse.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
mRun-x64: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
mRun-x64: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [lxecmon.exe] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-1-22 72216]
R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-9 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-27 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-27 1088544]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxecserv.exe [2010-12-29 45736]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-03-02 00:29:48 -------- d-----w- C:\Users\Sabin\AppData\Local\Graboid_Inc
2011-03-02 00:29:47 -------- d-----w- C:\Users\Sabin\AppData\Local\Graboid
2011-03-02 00:29:42 -------- d-----w- C:\Users\Sabin\AppData\Local\Geckofx
2011-03-02 00:27:55 -------- d-----w- C:\Users\Sabin\AppData\Local\Ilivid Player
2011-03-02 00:26:51 -------- d-----w- C:\Program Files (x86)\Search Toolbar
2011-03-02 00:26:40 -------- d-----w- C:\Program Files (x86)\ilivid
2011-03-02 00:25:09 -------- d-----w- C:\Program Files (x86)\Graboid
2011-03-02 00:10:28 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-03-02 00:10:28 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-03-02 00:10:28 -------- d-----w- C:\Program Files (x86)\Xvid
2011-02-23 09:02:14 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 09:02:14 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-22 23:31:17 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-22 23:31:17 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 23:31:17 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-22 23:31:17 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:25:10 -------- d-----w- C:\Users\Sabin\AppData\Roaming\AVG
2011-02-21 20:15:08 -------- d-----w- C:\Users\Sabin\AppData\Roaming\Registry Mechanic
2011-02-16 01:22:53 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2011-02-16 01:22:53 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2011-02-16 01:22:53 -------- d-----w- C:\PROGRA~3\ParetoLogic
2011-02-16 01:21:21 -------- d-----w- C:\PROGRA~3\Cached Installations
2011-02-13 19:41:16 -------- d-----w- C:\YouTubeDownload
2011-02-13 19:40:40 -------- d-----w- C:\ConverterOutput
2011-02-13 19:39:47 94650 ----a-w- C:\Windows\SysWow64\HKCU_GNU.reg
2011-02-13 19:39:47 6144 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2011-02-13 19:39:47 60273 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
2011-02-13 19:39:47 57344 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-02-13 19:39:47 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-02-13 19:39:47 2004 ----a-w- C:\Windows\SysWow64\HKLM_GNU.reg
2011-02-13 19:39:45 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2011-02-13 19:39:44 98304 ----a-w- C:\Windows\SysWow64\L3CODECX.AX
2011-02-13 19:39:44 14909 ----a-w- C:\Windows\SysWow64\A_reg.reg
2011-02-13 19:39:44 110592 ----a-w- C:\Windows\SysWow64\PropListCtrl.ocx
2011-02-13 19:39:42 -------- d-----w- C:\Program Files (x86)\Cucusoft
2011-02-10 01:01:57 3127808 ----a-w- C:\Windows\System32\win32k.sys
2011-02-05 02:17:43 -------- d-----w- C:\PROGRA~3\Lexmark Pro800-Pro900 Series
2011-02-03 23:22:02 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2011-02-03 22:30:25 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-12-08 19:12:30 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-12-08 19:12:18 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-12-08 19:12:16 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-12-08 10:12:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

============= FINISH: 17:34:37.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 04 March 2011 - 08:51 PM

Lets try resetting your router;

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to Start => Control Panel => Network and Internet => Double-click Network and Internet.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area Connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 05 March 2011 - 06:34 PM

When I type the address into my address bar, it says the server has timed out and will not go to the page.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 05 March 2011 - 06:41 PM

What's the make and model of your router?

Try using this link: http://192.168.0.1 and see if that works.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 08 March 2011 - 06:51 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 09 March 2011 - 10:41 PM

This topic has been re-opened at the request of the person who originally posted.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 10 March 2011 - 10:16 PM

Sweet Tech,

The make of the router is: 2Wire
The model of the router is: 3800HGV

That was not shown on the link you gave me to find the passwords.
Also, since I am new to the laptop, and not very skilled in technology, I could not understand what you mean by get to the server.
My father was not successful also.

Another note, we have five computers on this router, and my laptop is the only one with the virus. Does that mean anything?

Could you please give us a more step-by-step process? Or is there an even better way?

Thanks.

Edited by sabinrs, 10 March 2011 - 10:28 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 11 March 2011 - 09:26 AM

sabinrs,

Another note, we have five computers on this router, and my laptop is the only one with the virus. Does that mean anything?

Yes, this does mean something to me, please do not worry about the router reset. We will do something different.

Running aswMBR.exe

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply.


NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 11 March 2011 - 05:54 PM

Sweet Tech,

Attached is the "aswMBR" from the first scan.
Here are the other two like requested.

1. OTL file

OTL logfile created on: 3/11/2011 4:38:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sabin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 169.87 Gb Free Space | 77.69% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.28% Space Free | Partition Type: FAT32

Computer Name: SABIN-PC | User Name: Sabin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 16:37:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sabin\Downloads\OTL(2).exe
PRC - [2011/03/08 17:49:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/10/29 20:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse Server\RemoteMouse.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/26 13:42:38 | 001,955,696 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2010/07/26 13:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2010/07/26 13:42:32 | 000,575,344 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2010/07/26 13:42:24 | 001,089,392 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2010/05/17 10:14:11 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2010/05/17 10:14:09 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/03/11 16:37:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sabin\Downloads\OTL(2).exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 16:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 16:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2011/02/03 16:30:33 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/08 13:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/26 13:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 13:12:30 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/12/08 04:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/12 13:19:38 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/02/05 18:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 19:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 19:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3555159992-741481355-40827985-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-3555159992-741481355-40827985-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-3555159992-741481355-40827985-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3555159992-741481355-40827985-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3555159992-741481355-40827985-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 13:41:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/12/31 17:18:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/03 17:18:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/08 17:49:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/08 17:49:17 | 000,000,000 | ---D | M]

[2010/11/26 07:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Extensions
[2011/03/10 19:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions
[2010/12/05 18:03:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/27 08:18:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/12/15 19:41:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/27 08:18:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\engine@conduit.com
[2011/01/22 19:38:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\LogMeInClient@logmein.com
[2011/03/01 18:27:19 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\searchtoolbar@zugo.com
[2011/03/01 18:27:20 | 000,001,919 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\searchplugins\bing-zugo.xml
[2011/03/01 18:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/26 08:25:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/26 11:56:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/03 17:18:43 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010/12/31 17:18:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX
[2010/03/24 13:41:23 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/09 13:11:25 | 000,428,601 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14755 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3555159992-741481355-40827985-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3555159992-741481355-40827985-1002\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3555159992-741481355-40827985-1002\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3555159992-741481355-40827985-1002..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3555159992-741481355-40827985-1002..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 17:55:29 | 000,000,000 | ---D | C] -- C:\Users\Sabin\.mypoint
[2011/03/08 17:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Didonai
[2011/03/08 17:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPoint
[2011/03/08 17:41:42 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/08 17:41:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/08 17:41:42 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/08 17:41:42 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/08 17:41:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 17:41:40 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/08 17:41:40 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 17:41:40 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/08 17:41:40 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 17:41:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 17:41:39 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 17:41:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 17:41:38 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 17:41:38 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 17:41:37 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 17:41:37 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/08 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Senstic
[2011/03/08 17:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic
[2011/03/08 17:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Senstic
[2011/03/06 10:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/06 10:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/06 10:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/06 10:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/03/06 10:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/06 10:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/03/06 10:05:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/06 10:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/06 10:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/03/04 18:46:12 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/03/04 18:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamView Pro Test Generator
[2011/03/04 18:45:59 | 000,000,000 | ---D | C] -- C:\ExamView
[2011/03/02 19:03:06 | 000,115,056 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Windows\SysNative\gotomon_x64.dll
[2011/03/02 19:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CitrixLogs
[2011/03/02 19:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
[2011/03/02 19:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011/03/02 19:00:08 | 007,053,264 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sabin\gosetup.exe
[2011/03/01 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\vlc
[2011/03/01 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Sabin\Documents\Graboid
[2011/03/01 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Graboid_Inc
[2011/03/01 18:29:47 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Graboid
[2011/03/01 18:29:42 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Geckofx
[2011/03/01 18:28:32 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2011/03/01 18:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
[2011/03/01 18:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/03/01 18:27:55 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Ilivid Player
[2011/03/01 18:27:46 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ilivid
[2011/03/01 18:27:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/03/01 18:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2011/03/01 18:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ilivid
[2011/03/01 18:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid
[2011/03/01 18:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/03/01 18:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/02/22 17:31:17 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 17:31:17 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 17:31:17 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 17:31:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/21 14:25:10 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\AVG
[2011/02/21 14:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/02/21 14:15:08 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Registry Mechanic
[2011/02/21 14:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011/02/15 19:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/02/15 19:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2011/02/15 19:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/02/15 19:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2011/02/15 19:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/02/15 19:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2011/02/13 13:41:16 | 000,000,000 | ---D | C] -- C:\YouTubeDownload
[2011/02/13 13:40:40 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2011/02/13 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\Sabin\Documents\Cucusoft
[2011/02/13 13:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft YouTube Mate
[2011/02/13 13:39:47 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2011/02/13 13:39:47 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/02/13 13:39:44 | 000,110,592 | ---- | C] (Cucusoft Inc.) -- C:\Windows\SysWow64\PropListCtrl.ocx
[2011/02/13 13:39:44 | 000,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\L3CODECX.AX
[2011/02/13 13:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cucusoft
[2011/02/09 19:02:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/09 19:02:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/09 19:02:19 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/09 19:02:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/09 19:02:19 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/09 19:02:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/09 19:02:19 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/09 19:02:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/09 19:02:18 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/09 19:02:18 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/09 19:02:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/09 19:02:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/09 19:01:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/09 19:01:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/09 19:01:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/09 19:01:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/09 19:01:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/09 19:01:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/09 19:01:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/09 19:01:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/09 19:01:42 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/02/09 19:01:42 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/02/09 19:01:41 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/02/09 19:01:40 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/02/09 19:01:39 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/02/09 19:01:38 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/02/09 19:01:37 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/02/09 19:01:37 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/02/09 19:01:37 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/02/09 19:01:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/02/09 19:01:36 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/02/09 19:01:36 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/02/09 19:01:36 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/02/09 19:01:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/02/09 19:01:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/02/09 19:01:36 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/02/09 19:01:36 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/02/09 19:01:35 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/02/09 19:01:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/02/09 19:01:34 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/09 19:01:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/09 19:01:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/09 19:01:33 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/09 19:01:30 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 19:01:29 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 19:01:29 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 19:01:29 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 19:01:27 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 19:01:27 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 19:01:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 19:01:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/29 21:01:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2010/12/29 21:01:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2010/12/29 21:01:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2010/12/29 21:01:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2010/12/29 21:01:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2010/12/29 21:01:22 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2010/12/29 21:01:21 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2010/12/29 21:01:21 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2010/12/29 21:01:21 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2010/12/29 21:01:21 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2010/12/29 21:01:21 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2010/12/29 21:01:21 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe

========== Files - Modified Within 30 Days ==========

[2011/03/11 16:36:14 | 000,000,512 | ---- | M] () -- C:\Users\Sabin\Desktop\MBR.dat
[2011/03/11 08:30:42 | 108,375,991 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/03/11 04:10:47 | 000,000,000 | ---- | M] () -- C:\Users\Sabin\AppData\Local\prvlcl.dat
[2011/03/11 03:29:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 03:29:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/11 03:21:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSabin.job
[2011/03/11 03:20:44 | 000,440,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/11 03:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/11 03:20:13 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/10 18:00:05 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/03/07 04:50:06 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/03/06 10:11:13 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/06 10:01:23 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/04 19:51:59 | 000,008,714 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evpro32.prf
[2011/03/04 19:51:33 | 000,000,074 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evplay.prf
[2011/03/04 19:26:52 | 000,001,169 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evmanage.prf
[2011/03/04 18:49:34 | 000,000,012 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\examview.tlx
[2011/03/03 19:13:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/03 19:13:46 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/03 19:13:46 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/02 19:00:26 | 007,053,264 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sabin\gosetup.exe
[2011/03/02 17:26:32 | 000,000,000 | ---- | M] () -- C:\Users\Sabin\defogger_reenable
[2011/03/01 18:28:33 | 000,001,336 | ---- | M] () -- C:\Users\Sabin\Desktop\Graboid Video.lnk
[2011/03/01 18:28:12 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/26 17:35:51 | 603,155,153 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/22 20:22:37 | 000,072,939 | ---- | M] () -- C:\Users\Sabin\Desktop\Permission Slip Master.pdf
[2011/02/21 14:19:37 | 000,001,233 | ---- | M] () -- C:\Users\Sabin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/19 16:15:36 | 000,051,607 | ---- | M] () -- C:\Users\Sabin\Desktop\Website Content Administration.pdf
[2011/02/19 00:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/19 00:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/18 23:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/18 23:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/02/15 19:28:40 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf
[2011/02/13 14:04:29 | 000,003,584 | ---- | M] () -- C:\Users\Sabin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/03/11 16:36:14 | 000,000,512 | ---- | C] () -- C:\Users\Sabin\Desktop\MBR.dat
[2011/03/06 10:11:13 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/06 10:01:23 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/04 19:51:59 | 000,008,714 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evpro32.prf
[2011/03/04 19:51:33 | 000,000,074 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evplay.prf
[2011/03/04 19:26:52 | 000,001,169 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evmanage.prf
[2011/03/04 18:49:34 | 000,000,012 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\examview.tlx
[2011/03/02 17:26:32 | 000,000,000 | ---- | C] () -- C:\Users\Sabin\defogger_reenable
[2011/03/01 18:28:33 | 000,001,336 | ---- | C] () -- C:\Users\Sabin\Desktop\Graboid Video.lnk
[2011/03/01 18:28:12 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/01 18:10:28 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/01 18:10:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 17:33:04 | 000,072,939 | ---- | C] () -- C:\Users\Sabin\Desktop\Permission Slip Master.pdf
[2011/02/21 14:19:37 | 000,001,233 | ---- | C] () -- C:\Users\Sabin\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/02/15 19:28:40 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf
[2011/02/15 19:23:27 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/02/15 19:23:06 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/02/15 19:22:50 | 000,000,000 | ---- | C] () -- C:\Users\Sabin\AppData\Local\prvlcl.dat
[2011/02/13 14:04:29 | 000,003,584 | ---- | C] () -- C:\Users\Sabin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/13 13:39:47 | 000,094,650 | ---- | C] () -- C:\Windows\SysWow64\HKCU_GNU.reg
[2011/02/13 13:39:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/13 13:39:47 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm
[2011/02/13 13:39:47 | 000,002,004 | ---- | C] () -- C:\Windows\SysWow64\HKLM_GNU.reg
[2011/02/13 13:39:45 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/02/13 13:39:44 | 000,014,909 | ---- | C] () -- C:\Windows\SysWow64\A_reg.reg
[2010/12/29 21:01:22 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2010/12/29 21:01:22 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2010/12/29 21:01:22 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2010/12/29 21:01:22 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2010/12/29 21:01:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2010/12/29 21:01:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2010/12/29 21:01:22 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2010/12/29 21:01:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2010/12/29 21:01:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2010/12/29 21:00:53 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2010/12/29 21:00:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2010/11/26 08:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 07:56:52 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/27 13:40:11 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/04/27 13:36:04 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/27 13:36:04 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/05 13:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/03/05 13:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 13:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/03/05 13:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 13:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

2. Extras

OTL Extras logfile created on: 3/11/2011 4:38:17 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sabin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 169.87 Gb Free Space | 77.69% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.28% Space Free | Partition Type: FAT32

Computer Name: SABIN-PC | User Name: Sabin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3555159992-741481355-40827985-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{783F453E-529D-487E-BCFA-6BD7511338DF}" = AVG 2011
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E92F43E9-D190-474E-8EAC-769E804D36C7}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C1A236B4-A41B-4EAB-8758-973B13960519}" = BlingClock Timer
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EC84905A-0293-4AC3-8AD7-018F662036B7}" = i-Clickr
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse Server version 1.05
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"conduitEngine" = Conduit Engine
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.17
"ExamView Pro" = ExamView Assessment Suite
"Graboid Video" = Graboid Video 2.03
"HP Smart Web Printing" = HP Smart Web Printing
"iLivid Download Manager" = iLivid Download Manager
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"My HP Game Console" = HP Game Console
"MyPoint Connector_is1" = MyPoint Connector 1.2.2
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Search Toolbar" = Search Toolbar
"TubeDownloader" = TubeDownloader
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2011 8:50:32 PM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/22/2011 8:50:33 PM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 1/23/2011 12:04:09 AM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Sabin\Downloads\SoftonicDownloader_for_utorrent.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 1/23/2011 10:17:25 AM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/24/2011 7:09:36 PM | Computer Name = Sabin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 14.0.4756.1000, time
stamp: 0x4b9c08e8 Faulting module name: EXCEL.EXE, version: 14.0.4756.1000, time
stamp: 0x4b9c08e8 Exception code: 0xc0000005 Fault offset: 0x00663dbc Faulting process
id: 0x1104 Faulting application start time: 0x01cbbc12237d3815 Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Faulting module
path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Report Id: 02e3cea2-280f-11e0-bdf5-c80aa9a4a3df

Error - 1/24/2011 7:11:56 PM | Computer Name = Sabin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 14.0.4756.1000, time
stamp: 0x4b9c08e8 Faulting module name: EXCEL.EXE, version: 14.0.4756.1000, time
stamp: 0x4b9c08e8 Exception code: 0xc0000005 Fault offset: 0x005345fc Faulting process
id: 0x10f8 Faulting application start time: 0x01cbbc1bc9a7490c Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Faulting module
path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE Report Id: 56483a0a-280f-11e0-bdf5-c80aa9a4a3df

Error - 1/26/2011 6:09:28 PM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/27/2011 2:31:54 AM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/28/2011 11:05:16 PM | Computer Name = Sabin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/29/2011 11:07:36 AM | Computer Name = Sabin-PC | Source = Application Hang | ID = 1002
Description = The program SynTPEnh.exe version 15.0.7.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 42c Start
Time: 01cbbf56ea6f4d9d Termination Time: 8 Application Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Report
Id: 515672f0-2bb9-11e0-9b23-c80aa9a4a3df

[ Hewlett-Packard Events ]
Error - 12/11/2010 11:18:25 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/11/2010 11:18:25 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/28/2010 11:22:56 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/28/2010 11:22:57 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 1/21/2011 9:43:24 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 1/21/2011 9:43:26 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/19/2011 11:46:22 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/19/2011 11:46:22 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/27/2011 1:55:20 PM | Computer Name = Sabin-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ System Events ]
Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The Multimedia Class Scheduler service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The System Event Notification Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 2/18/2011 7:06:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 2/18/2011 7:06:34 PM | Computer Name = Sabin-PC | Source = DCOM | ID = 10010
Description =

Error - 2/18/2011 7:07:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 2/18/2011 7:08:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 2/18/2011 7:08:05 PM | Computer Name = Sabin-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Computer Browser service,
but this action failed with the following error: %%1056


< End of report >

I hope this helps. Thanks.

Attached Files



#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 11 March 2011 - 08:24 PM

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 12 March 2011 - 05:10 PM

I don't think Combofix.exe will work on my computer. Whenever I download it, here is how it normally goes after I open it:
1. This little load bar shows up in the middle of the screen showing that it's downloading or doing something else.
2. It goes away and nothing happens
3. My computer either gets a blue screen or shuts down
4. Boots back up and tells me that it's recovered from an unexpected crash

I'm confused. Thanks.

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 12 March 2011 - 07:37 PM

Please run these scans:


Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 13 March 2011 - 08:29 PM

Here are the contents of the three scans in this order: 1) MalwareBytes 2) ESET 3) Security Check

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6046

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/13/2011 5:30:28 PM
mbam-log-2011-03-13 (17-30-28).txt

Scan type: Quick scan
Objects scanned: 174429
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Sabin\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

2. ESET Scan
C:\Users\Sabin\Downloads\registrybooster.exe multiple threats

3. Security Check
Results of screen317's Security Check version 0.99.9
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:34 PM

Posted 13 March 2011 - 09:01 PM

Hello,

We will deal with this shortly.

C:\Users\Sabin\Downloads\registrybooster.exe multiple threats



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Users\Sabin\Downloads\registrybooster.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Please be sure to provide an update on how things are currently running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 sabinrs

sabinrs
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 15 March 2011 - 03:55 PM

So far, things have been the same. I have been redirected about five times just go get to this site, and have had numerous extra pop-ups or tabs come up that have prizes, search engines, or other useless material.

Is this worrisome that we've seen no improvement? Here are the reports:



All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

========== REGISTRY ==========

========== FILES ==========

C:\Users\Sabin\Downloads\registrybooster.exe moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Sabin\Downloads\cmd.bat deleted successfully.

C:\Users\Sabin\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: Sabin

->Temp folder emptied: 182886925 bytes

->Temporary Internet Files folder emptied: 78023263 bytes

->Java cache emptied: 104217 bytes

->FireFox cache emptied: 100359947 bytes

->Flash cache emptied: 3168 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 714455 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84659 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 136521388 bytes

Total Files Cleaned = 476.00 mb



[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: Public

User: Sabin

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03142011_184403



Files\Folders moved on Reboot...

C:\Users\Sabin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A53B7287-B1F1-41EB-BE12-B22662EBF453}.tmp not found!

C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHUOV624\rss[3].xml moved successfully.

C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHUOV624\rss[4].xml moved successfully.

C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHUOV624\rss[5].xml moved successfully.

C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IHUOV624\updates[2].xml moved successfully.

C:\Users\Sabin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A7RH72A1\FAQs[1].xml moved successfully.



Registry entries deleted on Reboot...





OTL logfile created on: 3/14/2011 6:54:32 PM - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sabin\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 218.65 Gb Total Space | 174.33 Gb Free Space | 79.73% Space Free | Partition Type: NTFS

Drive D: | 13.94 Gb Total Space | 2.30 Gb Free Space | 16.54% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.52 Mb Free Space | 93.28% Space Free | Partition Type: FAT32

Computer Name: SABIN-PC | User Name: Sabin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/11 17:36:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sabin\Downloads\OTL.exe

PRC - [2011/03/08 18:49:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/10/29 21:07:46 | 007,647,203 | ---- | M] () -- C:\Program Files (x86)\Remote Mouse Server\RemoteMouse.exe

PRC - [2010/07/26 14:42:38 | 001,955,696 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe

PRC - [2010/07/26 14:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

PRC - [2010/07/26 14:42:32 | 000,575,344 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe

PRC - [2010/07/26 14:42:24 | 001,089,392 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe

PRC - [2010/05/17 11:14:11 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

PRC - [2010/05/17 11:14:09 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe



========== Modules (SafeList) ==========

MOD - [2011/03/11 17:36:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sabin\Downloads\OTL.exe

MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

MOD - [2009/07/13 20:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mssprxy.dll

MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll



========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/14 17:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)

SRV:64bit: - [2010/04/14 17:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)

SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)

SRV - [2011/02/03 17:30:33 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)

SRV - [2010/12/08 14:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2010/12/08 14:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2010/11/29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/11/08 13:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2010/07/26 14:42:36 | 000,557,424 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2010/04/14 17:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxeccoms.exe -- (lxec_device)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)



========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/08 14:12:30 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2010/09/17 16:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2010/09/17 16:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2010/09/17 16:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.3.3

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97

FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 14:41:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/08 18:49:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/13 10:30:47 | 000,000,000 | ---D | M]

[2010/11/26 08:15:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Extensions

[2011/03/14 10:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions

[2010/12/05 19:03:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/11/27 09:18:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2010/12/15 20:41:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010/11/27 09:18:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\engine@conduit.com

[2011/01/22 20:38:30 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\LogMeInClient@logmein.com

[2011/03/01 19:27:19 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\extensions\searchtoolbar@zugo.com

[2011/03/01 19:27:20 | 000,001,919 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\Mozilla\Firefox\Profiles\uxeqnbvh.default\searchplugins\bing-zugo.xml

[2011/03/01 19:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/11/26 09:25:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/03/24 14:41:23 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/14 18:44:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] File not found

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{f10a5b5e-f994-11df-8c13-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 18:44:03 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/03/13 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011/03/13 17:25:48 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Malwarebytes

[2011/03/13 17:25:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/03/13 17:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/13 17:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/03/13 17:25:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/03/13 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/03/13 10:30:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/03/12 23:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic

[2011/03/12 16:46:26 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2011/03/11 21:41:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/03/08 18:55:29 | 000,000,000 | ---D | C] -- C:\Users\Sabin\.mypoint

[2011/03/08 18:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Didonai

[2011/03/08 18:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPoint

[2011/03/08 18:36:12 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Senstic

[2011/03/08 18:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Senstic

[2011/03/06 11:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/03/06 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/03/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/03/06 11:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011/03/06 11:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/03/06 11:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011/03/06 11:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/03/06 11:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2011/03/04 19:46:12 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe

[2011/03/04 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamView Pro Test Generator

[2011/03/04 19:45:59 | 000,000,000 | ---D | C] -- C:\ExamView

[2011/03/02 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CitrixLogs

[2011/03/02 20:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

[2011/03/02 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix

[2011/03/02 20:00:08 | 007,053,264 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Sabin\gosetup.exe

[2011/03/01 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\vlc

[2011/03/01 19:31:33 | 000,000,000 | ---D | C] -- C:\Users\Sabin\Documents\Graboid

[2011/03/01 19:29:48 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Graboid_Inc

[2011/03/01 19:29:47 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Graboid

[2011/03/01 19:29:42 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Geckofx

[2011/03/01 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Graboid Video

[2011/03/01 19:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video

[2011/03/01 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011/03/01 19:27:55 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Local\Ilivid Player

[2011/03/01 19:27:46 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ilivid

[2011/03/01 19:27:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2011/03/01 19:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar

[2011/03/01 19:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ilivid

[2011/03/01 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graboid

[2011/03/01 19:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid

[2011/03/01 19:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid

[2011/02/21 15:25:10 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\AVG

[2011/02/21 15:15:08 | 000,000,000 | ---D | C] -- C:\Users\Sabin\AppData\Roaming\Registry Mechanic

[2011/02/21 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic

[2011/02/15 20:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

[2011/02/15 20:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic

[2011/02/15 20:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic

[2011/02/15 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic

[2011/02/15 20:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic

[2011/02/15 20:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations

[2011/02/13 14:41:16 | 000,000,000 | ---D | C] -- C:\YouTubeDownload

[2011/02/13 14:40:40 | 000,000,000 | ---D | C] -- C:\ConverterOutput

[2011/02/13 14:40:35 | 000,000,000 | ---D | C] -- C:\Users\Sabin\Documents\Cucusoft

[2011/02/13 14:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cucusoft YouTube Mate

[2011/02/13 14:39:47 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll

[2011/02/13 14:39:44 | 000,110,592 | ---- | C] (Cucusoft Inc.) -- C:\Windows\SysWow64\PropListCtrl.ocx

[2011/02/13 14:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cucusoft

[2010/12/29 22:01:22 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll

[2010/12/29 22:01:22 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll

[2010/12/29 22:01:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll

[2010/12/29 22:01:22 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll

[2010/12/29 22:01:22 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll

[2010/12/29 22:01:22 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll

[2010/12/29 22:01:21 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll

[2010/12/29 22:01:21 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll

[2010/12/29 22:01:21 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe

[2010/12/29 22:01:21 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe

[2010/12/29 22:01:21 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll

[2010/12/29 22:01:21 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe

========== Files - Modified Within 30 Days ==========

[2011/03/14 18:57:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/03/14 18:57:08 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/03/14 18:57:08 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/03/14 18:48:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSabin.job

[2011/03/14 18:48:00 | 000,440,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/03/14 18:47:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/03/14 18:47:29 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys

[2011/03/14 18:44:06 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011/03/14 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/03/14 04:50:27 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2011/03/14 00:44:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/14 00:44:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/13 17:25:31 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/13 09:42:20 | 000,064,570 | ---- | M] () -- C:\Users\Sabin\Desktop\Laser Tag P.S.pdf

[2011/03/11 22:07:55 | 416,455,121 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/03/11 17:36:14 | 000,000,512 | ---- | M] () -- C:\Users\Sabin\Desktop\MBR.dat

[2011/03/11 05:10:47 | 000,000,000 | ---- | M] () -- C:\Users\Sabin\AppData\Local\prvlcl.dat

[2011/03/06 11:11:13 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/03/06 11:01:23 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/03/04 20:51:59 | 000,008,714 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evpro32.prf

[2011/03/04 20:51:33 | 000,000,074 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evplay.prf

[2011/03/04 20:26:52 | 000,001,169 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\evmanage.prf

[2011/03/04 19:49:34 | 000,000,012 | ---- | M] () -- C:\Users\Sabin\AppData\Roaming\examview.tlx

[2011/03/02 18:26:32 | 000,000,000 | ---- | M] () -- C:\Users\Sabin\defogger_reenable

[2011/03/01 19:28:33 | 000,001,336 | ---- | M] () -- C:\Users\Sabin\Desktop\Graboid Video.lnk

[2011/03/01 19:28:12 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/02/22 21:22:37 | 000,072,939 | ---- | M] () -- C:\Users\Sabin\Desktop\Permission Slip Master.pdf

[2011/02/19 17:15:36 | 000,051,607 | ---- | M] () -- C:\Users\Sabin\Desktop\Website Content Administration.pdf

[2011/02/15 20:28:40 | 000,000,224 | ---- | M] () -- C:\Windows\SysWow64\9B13A86D.plf

[2011/02/13 15:04:29 | 000,003,584 | ---- | M] () -- C:\Users\Sabin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/03/13 17:25:31 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/13 09:42:20 | 000,064,570 | ---- | C] () -- C:\Users\Sabin\Desktop\Laser Tag P.S.pdf

[2011/03/11 17:36:14 | 000,000,512 | ---- | C] () -- C:\Users\Sabin\Desktop\MBR.dat

[2011/03/06 11:11:13 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/03/06 11:01:23 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/03/04 20:51:59 | 000,008,714 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evpro32.prf

[2011/03/04 20:51:33 | 000,000,074 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evplay.prf

[2011/03/04 20:26:52 | 000,001,169 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\evmanage.prf

[2011/03/04 19:49:34 | 000,000,012 | ---- | C] () -- C:\Users\Sabin\AppData\Roaming\examview.tlx

[2011/03/02 18:26:32 | 000,000,000 | ---- | C] () -- C:\Users\Sabin\defogger_reenable

[2011/03/01 19:28:33 | 000,001,336 | ---- | C] () -- C:\Users\Sabin\Desktop\Graboid Video.lnk

[2011/03/01 19:28:12 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011/03/01 19:10:28 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/03/01 19:10:28 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/02/22 18:33:04 | 000,072,939 | ---- | C] () -- C:\Users\Sabin\Desktop\Permission Slip Master.pdf

[2011/02/15 20:28:40 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\9B13A86D.plf

[2011/02/15 20:23:27 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job

[2011/02/15 20:23:06 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job

[2011/02/15 20:22:50 | 000,000,000 | ---- | C] () -- C:\Users\Sabin\AppData\Local\prvlcl.dat

[2011/02/13 15:04:29 | 000,003,584 | ---- | C] () -- C:\Users\Sabin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/13 14:39:47 | 000,094,650 | ---- | C] () -- C:\Windows\SysWow64\HKCU_GNU.reg

[2011/02/13 14:39:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/02/13 14:39:47 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_acm.acm

[2011/02/13 14:39:47 | 000,002,004 | ---- | C] () -- C:\Windows\SysWow64\HKLM_GNU.reg

[2011/02/13 14:39:45 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax

[2011/02/13 14:39:44 | 000,014,909 | ---- | C] () -- C:\Windows\SysWow64\A_reg.reg

[2010/12/29 22:01:22 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll

[2010/12/29 22:01:22 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll

[2010/12/29 22:01:22 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll

[2010/12/29 22:01:22 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll

[2010/12/29 22:01:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll

[2010/12/29 22:01:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll

[2010/12/29 22:01:22 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll

[2010/12/29 22:01:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll

[2010/12/29 22:01:22 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll

[2010/12/29 22:00:53 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll

[2010/12/29 22:00:53 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll

[2010/11/26 09:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/26 08:56:52 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/04/27 14:40:11 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2010/04/27 14:36:04 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/04/27 14:36:04 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2010/03/05 14:57:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/03/05 14:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/03/05 14:57:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/03/05 14:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/03/05 14:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009/09/29 17:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/11 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\AVG

[2010/11/28 14:38:01 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\AVG10

[2010/12/17 22:05:54 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\Chief Architect Interiors X3 Trial Version

[2010/12/17 23:49:16 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\Chief Architect Premier X3 Trial Version

[2010/12/17 22:49:53 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\GetRightToGo

[2011/02/21 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\Registry Mechanic

[2010/12/29 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\SoftGrid Client

[2010/11/28 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\TP

[2010/12/06 00:07:33 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\uTorrent

[2010/11/27 18:24:49 | 000,000,000 | ---D | M] -- C:\Users\Sabin\AppData\Roaming\WildTangent

[2011/03/14 18:00:01 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job

[2011/03/14 04:50:27 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job

[2011/02/23 06:40:39 | 000,021,688 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========





========== Custom Scans ==========



< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1



< End of report >

Some new things have been coming up. First, I cannot reply with the infected computer. I get a "Connection was reset" error from Firefox. Also, I have been getting some blue screens when I reboot computer.
Again, thanks for all your assistance.

Edited by sabinrs, 15 March 2011 - 03:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users