Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected..


  • This topic is locked This topic is locked
158 replies to this topic

#1 robspace

robspace

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 15 December 2011 - 04:26 AM

I have been getting redirected in search engines and cannot view Netflix or see many more than about 20 images when searching google images. I recently had the system fix malware but manually removed parts of it seeing how nothing else could detect it. I recently ran HiJackThis and this is the log I have received..


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:18:55 AM, on 12/15/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1108&m=aspire_4730z
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Media Scanner] "C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [XPosROXaNo] C:\ProgramData\XPosROXaNo.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [XPosROXaNo] C:\ProgramData\XPosROXaNo.exe (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} (HiDvrOcx Control) - http://192.168.1.100/HiDvrOcx.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google MediaServer - Google Inc. - C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe
O23 - Service: Google MediaServer (Google MediaServer32) - Unknown owner - C:\ProgramData\atmfd32.exe (file missing)
O23 - Service: Google Update Service (gupdate1c989c1b503c5f8) (gupdate1c989c1b503c5f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC32) - Unknown owner - C:\ProgramData\tsgqec32.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: @C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243 (NisSrv) - Unknown owner - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan3232) - Unknown owner - C:\ProgramData\RASMM32.exe (file missing)
O23 - Service: SAiAdmin - TODO: <Company name> - C:\Windows\System32\SAiAdmin.exe
O23 - Service: SAiDownloaderVista - TODO: <Company name> - C:\Windows\System32\SAiDownloaderVista.exe
O23 - Service: SAiLicSvr - SA International - C:\Windows\System32\SAiLicSvr.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime32) - Unknown owner - C:\ProgramData\msdmo32.exe (file missing)
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: User Privilege Service (usprserv32) - Unknown owner - C:\ProgramData\iprop32.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18550 bytes

BC AdBot (Login to Remove)

 


#2 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 17 December 2011 - 07:44 PM

And now my desktop completely goes away from time to time, don't even see the taskbar.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 18 December 2011 - 03:38 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 18 December 2011 - 06:04 PM

Okay, I ran defogger and it ran fine but then when I ran DDS 3 quarters of the way, I ended up with the blue screen of death.

Also I got the blue screen of death 2 times earlier and am getting pop ups and random windows are opening up, either a new tab in firefox or my computer opens up randomly.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 18 December 2011 - 08:14 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 18 December 2011 - 08:52 PM

OTL logfile created on: 12/18/2011 5:33:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 28.93% Memory free
4.10 Gb Paging File | 2.25 Gb Available in Paging File | 54.93% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 19.37 Gb Free Space | 17.38% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 29.98 Gb Free Space | 26.91% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 1.71 Gb Free Space | 91.32% Space Free | Partition Type: FAT

Computer Name: ROB-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe (Google Inc.)
PRC - C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe (Google Inc.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\System32\SAiLicSvr.exe (SA International)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\System32\SAiDownloaderVista.exe (TODO: <Company name>)
PRC - C:\Windows\System32\SAiAdmin.exe (TODO: <Company name>)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ce73262a893af528ab9fde7b033f6da2\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45aadcfa5a64d65be508b335cd7a729e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\653b1be0c33cfade02fb0a61f135e488\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2bc8bc432d91919ea0bbb2b803a4b6af\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d5100c24f083084e1d2556839904e987\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\45f10e36f25d92dd808caab75e45b8ae\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b2a5854682691830b9f62ec351c8b54e\mscorlib.ni.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


========== Win32 Services (SafeList) ==========

SRV - (usprserv32) -- File not found
SRV - (SentinelSecurityRuntime32) -- File not found
SRV - (RasMan3232) -- File not found
SRV - (NMIndexingService) -- File not found
SRV - (NisSrv) -- File not found
SRV - (IJPLMSVC32) -- File not found
SRV - (Google MediaServer32) -- File not found
SRV - (getPlusHelper) -- File not found
SRV - (Browser Defender Update Service) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelSecurityRuntime) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Google MediaServer) -- C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe (Google Inc.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (SAiLicSvr) -- C:\Windows\System32\SAiLicSvr.exe (SA International)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (SAiDownloaderVista) -- C:\Windows\System32\SAiDownloaderVista.exe (TODO: <Company name>)
SRV - (SAiAdmin) -- C:\Windows\System32\SAiAdmin.exe (TODO: <Company name>)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (P1110VID) -- C:\Windows\System32\drivers\P1110Vid.sys (Creative Technology Ltd.)
DRV - (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (Aspi32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 AD 6E 01 0C 0F A3 42 9D 2A 71 94 B9 A9 6A BC [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 AD 6E 01 0C 0F A3 42 9D 2A 71 94 B9 A9 6A BC [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 AD 6E 01 0C 0F A3 42 9D 2A 71 94 B9 A9 6A BC [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 AD 6E 01 0C 0F A3 42 9D 2A 71 94 B9 A9 6A BC [binary data]

IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B5 AD 6E 01 0C 0F A3 42 9D 2A 71 94 B9 A9 6A BC [binary data]
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=hp"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: spellbound@sourceforge.net:4.0.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {2f3f5e73-4970-4c78-8a61-95bb4fe27c01}:1.0
FF - prefs.js..extensions.enabledItems: {40148d7e-425d-488d-8fdd-fdb885f65237}:1.0
FF - prefs.js..extensions.enabledItems: {4483ff83-64e2-4f80-94ff-576240190d73}:1.0
FF - prefs.js..extensions.enabledItems: {85c7808b-086a-4530-8bec-02158799e998}:1.0
FF - prefs.js..extensions.enabledItems: {884bd093-2f63-4275-8c6e-9ea501f225f0}:1.0
FF - prefs.js..extensions.enabledItems: {a7eae058-2c1b-4dfd-bb60-3bfb6f813d8a}:1.0
FF - prefs.js..extensions.enabledItems: {ab0f5dda-029d-4a29-bb48-cf7ec3394a6a}:1.0
FF - prefs.js..extensions.enabledItems: {b67b69b1-1218-4caf-bcdc-c2c3fa96a190}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/03 12:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/03 12:44:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Administrator\AppData\Roaming\Move Networks [2010/01/26 09:58:30 | 000,000,000 | ---D | M]

[2009/02/02 00:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/12/05 22:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions
[2009/07/06 18:32:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/24 00:51:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{2f3f5e73-4970-4c78-8a61-95bb4fe27c01}
[2011/06/24 01:43:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{40148d7e-425d-488d-8fdd-fdb885f65237}
[2011/07/30 14:09:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{4483ff83-64e2-4f80-94ff-576240190d73}
[2011/10/08 09:12:35 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/05/26 17:31:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(98)
[2011/12/05 22:36:38 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/11/20 09:05:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{85c7808b-086a-4530-8bec-02158799e998}
[2011/07/31 15:02:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{884bd093-2f63-4275-8c6e-9ea501f225f0}
[2011/07/20 23:56:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{a7eae058-2c1b-4dfd-bb60-3bfb6f813d8a}
[2011/06/23 22:38:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{ab0f5dda-029d-4a29-bb48-cf7ec3394a6a}
[2011/11/25 00:35:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{b67b69b1-1218-4caf-bcdc-c2c3fa96a190}
[2010/06/23 22:33:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/02 17:58:13 | 000,000,000 | ---D | M] (SpellCheck) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{F8DD2435-929E-40D0-9A00-C7E274F1CFE6}
[2009/05/26 01:27:32 | 000,000,000 | ---D | M] (Bingo - FB) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{fe2b2a82-83b6-4398-a17f-70a86b511f80}
[2011/03/26 21:06:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\firefox@tvunetworks.com
[2009/07/03 11:46:26 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\iaplayer@instantaction.com
[2011/01/11 17:39:35 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\searchtoolbar@zugo.com
[2010/09/17 20:03:16 | 000,000,000 | ---D | M] (SpellBound) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\spellbound@sourceforge.net
[2009/11/29 01:47:04 | 000,000,681 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\searchplugins\ask.xml
[2008/12/12 10:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\searchplugins\MySpace.xml
[2011/06/24 00:09:07 | 000,001,767 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\searchplugins\yahoo-1.xml
[2009/05/26 01:45:18 | 000,001,767 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\searchplugins\yahoo.xml
[2011/12/03 12:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/03 12:44:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/27 11:52:26 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/12/03 12:44:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/03 12:44:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-3026996596-601840235-2618289223-500..\Run: [Google Media Scanner] C:\Program Files\Google\Google Media Server\GoogleMediaScanner.exe (Google Inc.)
O4 - HKU\S-1-5-21-3026996596-601840235-2618289223-500..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3026996596-601840235-2618289223-500..\Run: [Spotify] C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3026996596-601840235-2618289223-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html File not found
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..Trusted Domains: myspace.com ([www] http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://192.168.1.100/HiDvrOcx.cab (HiDvrOcx Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFFE82C5-627F-4860-BCEB-7C7AB57E6BC1}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 14:40:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2011/12/17 19:21:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Grayson
[2011/12/16 08:24:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SanctionedMedia
[2011/12/15 04:03:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/15 02:37:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/15 02:37:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/15 02:37:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/15 02:36:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/15 02:33:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/15 02:31:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 01:05:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/15 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/10 23:28:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\30.Minutes.Or.Less.2011.DVDRip.XviD-ViP3R
[2011/12/10 14:20:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder
[2011/12/07 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Spotify
[2011/12/07 19:51:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2011/12/01 23:21:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\[ UsaBit.com ] - The.Hangover.2.2011.DVDRiP.XViD-FUSiON
[2011/12/01 00:56:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Rise of the Planet of the Apes (2011)
[2011/11/30 15:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/11/29 14:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/11/29 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/11/29 11:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/29 11:33:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/29 11:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/29 00:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/11/28 00:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/27 18:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/27 17:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/27 17:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/27 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/11/18 22:36:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Super 8[2011]BRRip XviD-ExtraTorrentRG
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008/08/18 18:18:26 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/18 17:32:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/18 17:26:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/12/18 17:25:24 | 000,007,728 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/12/18 17:25:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 17:25:00 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 17:24:59 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/18 17:24:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/18 17:24:46 | 2074,099,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 16:25:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 14:51:36 | 268,825,208 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/18 14:40:33 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2011/12/18 14:39:04 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011/12/18 14:37:06 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011/12/18 00:43:02 | 000,130,407 | ---- | M] () -- C:\Users\Administrator\Desktop\InkMeWindows.png
[2011/12/17 21:22:49 | 000,140,810 | ---- | M] () -- C:\Users\Administrator\Desktop\me4.png
[2011/12/17 21:07:23 | 000,061,728 | ---- | M] () -- C:\Users\Administrator\Desktop\me3.jpg
[2011/12/17 21:06:42 | 000,023,539 | ---- | M] () -- C:\Users\Administrator\Desktop\me2.jpg
[2011/12/17 21:06:11 | 000,031,827 | ---- | M] () -- C:\Users\Administrator\Desktop\me.jpg
[2011/12/17 19:22:01 | 000,217,425 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG02064-20111216-1453.jpg
[2011/12/17 15:00:07 | 000,240,058 | ---- | M] () -- C:\Users\Administrator\Desktop\hello.png
[2011/12/17 12:04:13 | 000,131,063 | ---- | M] () -- C:\Users\Administrator\Desktop\InkMeWindows2.png
[2011/12/17 03:26:29 | 004,396,785 | ---- | M] () -- C:\Users\Administrator\Desktop\Sparrow.ai
[2011/12/17 02:14:31 | 001,998,624 | ---- | M] () -- C:\Users\Administrator\Desktop\InkMeWindows.ai
[2011/12/16 20:06:20 | 000,018,142 | ---- | M] () -- C:\Users\Administrator\Desktop\thisbigdecal.jpg
[2011/12/16 03:39:51 | 008,487,008 | ---- | M] () -- C:\Users\Administrator\Desktop\MoonStone.ai
[2011/12/16 00:26:28 | 000,069,081 | ---- | M] () -- C:\Users\Administrator\Desktop\sparrow.png
[2011/12/15 22:38:23 | 000,423,655 | ---- | M] () -- C:\Users\Administrator\Desktop\sparrow.jpg
[2011/12/15 19:42:22 | 000,426,531 | ---- | M] () -- C:\Users\Administrator\Desktop\MoonStone.jpg
[2011/12/15 16:37:05 | 000,061,328 | ---- | M] () -- C:\Users\Administrator\Desktop\Installs.jpg
[2011/12/15 15:53:53 | 000,637,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/15 15:53:53 | 000,123,192 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/15 01:05:34 | 000,001,964 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011/12/15 00:34:33 | 000,000,942 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/14 21:35:44 | 000,058,749 | ---- | M] () -- C:\Users\Administrator\Desktop\ctrtemp.png
[2011/12/14 19:17:47 | 000,271,977 | ---- | M] () -- C:\Users\Administrator\Desktop\Picture 045.jpg
[2011/12/14 15:41:59 | 005,815,355 | ---- | M] () -- C:\Users\Administrator\Desktop\VID 00121-20111214-1146.3GP
[2011/12/14 14:14:08 | 004,235,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 00:27:51 | 002,045,358 | ---- | M] () -- C:\Users\Administrator\Desktop\InkMe.eps
[2011/12/13 16:57:46 | 001,324,085 | ---- | M] () -- C:\Users\Administrator\Desktop\InkMe.ai
[2011/12/12 20:15:59 | 000,184,119 | ---- | M] () -- C:\Users\Administrator\Desktop\HardcoreMM.ai
[2011/12/12 19:52:49 | 000,170,867 | ---- | M] () -- C:\Users\Administrator\Desktop\Metal_Mulisha for bobby.ai
[2011/12/12 19:49:27 | 000,141,041 | ---- | M] () -- C:\Users\Administrator\Desktop\MMWords.ai
[2011/12/12 19:20:27 | 003,708,294 | ---- | M] () -- C:\Users\Administrator\Desktop\cuppycake.ai
[2011/12/12 17:04:40 | 001,052,158 | ---- | M] () -- C:\Users\Administrator\Desktop\heartforeplay.ai
[2011/12/12 12:00:02 | 001,029,203 | ---- | M] () -- C:\Users\Administrator\Desktop\cuppycake.png
[2011/12/11 21:52:35 | 000,028,209 | ---- | M] () -- C:\Users\Administrator\Desktop\Fail.png
[2011/12/11 17:49:09 | 000,076,538 | ---- | M] () -- C:\Users\Administrator\Desktop\Metal_Mulisha-for-bobby.png
[2011/12/10 03:22:35 | 001,103,373 | ---- | M] () -- C:\Users\Administrator\Desktop\heartforeplay.png
[2011/12/10 03:20:44 | 000,054,762 | ---- | M] () -- C:\Users\Administrator\Desktop\heartforeplay2.png
[2011/12/10 03:05:30 | 367,180,072 | ---- | M] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E13.Face.Off.HDTV.XviD-FQM.avi
[2011/12/10 01:50:01 | 003,660,956 | ---- | M] () -- C:\Users\Administrator\Desktop\cuppycakepink.ai
[2011/12/10 00:17:39 | 366,985,548 | ---- | M] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E12.HDTV.XviD-ASAP.avi
[2011/12/09 15:31:35 | 005,578,021 | ---- | M] () -- C:\Users\Administrator\Desktop\MattStone.ai
[2011/12/09 15:15:59 | 000,095,232 | ---- | M] () -- C:\Users\Administrator\Desktop\Ink Me2.VE
[2011/12/08 23:37:10 | 000,396,155 | ---- | M] () -- C:\Users\Administrator\Desktop\cuppycake.jpg
[2011/12/08 23:36:55 | 000,396,155 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled.jpg
[2011/12/07 19:52:30 | 000,000,849 | ---- | M] () -- C:\Users\Administrator\Desktop\Spotify.lnk
[2011/12/07 16:24:17 | 000,071,979 | ---- | M] () -- C:\Users\Administrator\Desktop\upheaval(1).jpg
[2011/12/07 16:10:22 | 000,891,472 | ---- | M] () -- C:\Users\Administrator\Desktop\upheaval(1).eps
[2011/12/06 14:52:39 | 000,002,008 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/06 03:07:44 | 000,051,979 | ---- | M] () -- C:\Users\Administrator\Desktop\firedecal.jpg
[2011/12/05 23:10:18 | 000,559,787 | ---- | M] () -- C:\Users\Administrator\Desktop\rgi.png
[2011/12/05 12:31:23 | 001,444,933 | ---- | M] () -- C:\Users\Administrator\Desktop\AllFresh.ai
[2011/12/04 21:21:54 | 001,097,391 | ---- | M] () -- C:\Users\Administrator\Desktop\Ink Me2.ai
[2011/12/04 00:07:49 | 000,069,753 | ---- | M] () -- C:\Users\Administrator\Desktop\metal_mulisha.ai
[2011/12/03 21:37:16 | 000,028,514 | ---- | M] () -- C:\Users\Administrator\Desktop\Ink-Me4.png
[2011/12/03 21:33:07 | 000,027,792 | ---- | M] () -- C:\Users\Administrator\Desktop\Ink-Me3.png
[2011/12/03 21:14:38 | 000,079,613 | ---- | M] () -- C:\Users\Administrator\Desktop\Invoice_Oct-16-11_Nov-15-11.html
[2011/12/03 21:04:32 | 000,036,711 | ---- | M] () -- C:\Users\Administrator\Desktop\Ink-Me2.png
[2011/12/03 03:22:38 | 366,970,634 | ---- | M] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E11.HDTV.XviD-ASAP.avi
[2011/12/01 21:02:04 | 000,181,760 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 12:16:13 | 024,957,095 | ---- | M] () -- C:\Users\Administrator\Desktop\VID 00103-20111130-1144.3GP
[2011/11/29 23:20:56 | 000,043,279 | ---- | M] () -- C:\Users\Administrator\Desktop\meandbabygirl.jpg
[2011/11/29 14:15:54 | 000,001,752 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/29 14:15:54 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/29 11:33:10 | 000,000,934 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/29 11:33:10 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 05:10:08 | 000,017,192 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/11/29 00:56:04 | 000,001,776 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/11/28 16:34:41 | 000,000,320 | ---- | M] () -- C:\ProgramData\~qp93bCmDcCOEPD
[2011/11/28 16:34:41 | 000,000,224 | ---- | M] () -- C:\ProgramData\~qp93bCmDcCOEPDr
[2011/11/28 16:34:33 | 000,000,344 | ---- | M] () -- C:\ProgramData\qp93bCmDcCOEPD
[2011/11/28 13:49:47 | 000,512,992 | ---- | M] () -- C:\Users\Administrator\Desktop\sdsetup_revwire207.exe
[2011/11/28 13:22:16 | 000,000,320 | ---- | M] () -- C:\ProgramData\~1fm327XP4Qkd1k
[2011/11/28 13:22:16 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1fm327XP4Qkd1kr
[2011/11/28 01:28:09 | 000,000,336 | ---- | M] () -- C:\ProgramData\1fm327XP4Qkd1k
[2011/11/28 01:05:11 | 000,718,535 | ---- | M] () -- C:\Users\Administrator\Desktop\VID 00101-20111117-2208.3GP
[2011/11/28 01:04:50 | 002,912,584 | ---- | M] () -- C:\Users\Administrator\Desktop\VID 00102-20111128-0053.3GP
[2011/11/27 20:12:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/27 19:51:28 | 000,000,320 | ---- | M] () -- C:\ProgramData\~TrsidL6sNNn56Z
[2011/11/27 19:51:28 | 000,000,224 | ---- | M] () -- C:\ProgramData\~TrsidL6sNNn56Zr
[2011/11/27 18:23:08 | 000,001,083 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/27 18:23:08 | 000,001,059 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/11/27 16:32:31 | 000,000,440 | ---- | M] () -- C:\ProgramData\TrsidL6sNNn56Z
[2011/11/25 00:34:53 | 000,000,197 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
[2011/11/25 00:34:53 | 000,000,020 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2011/11/19 14:52:31 | 001,347,189 | ---- | M] () -- C:\Users\Administrator\Desktop\Untitled-1.ai
[2011/11/19 01:15:42 | 000,002,086 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/11/19 01:15:42 | 000,002,048 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 17:24:46 | 2074,099,712 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/18 14:39:04 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011/12/18 14:37:08 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011/12/18 00:43:00 | 000,130,407 | ---- | C] () -- C:\Users\Administrator\Desktop\InkMeWindows.png
[2011/12/17 21:22:47 | 000,140,810 | ---- | C] () -- C:\Users\Administrator\Desktop\me4.png
[2011/12/17 21:07:22 | 000,061,728 | ---- | C] () -- C:\Users\Administrator\Desktop\me3.jpg
[2011/12/17 21:06:42 | 000,023,539 | ---- | C] () -- C:\Users\Administrator\Desktop\me2.jpg
[2011/12/17 21:06:06 | 000,031,827 | ---- | C] () -- C:\Users\Administrator\Desktop\me.jpg
[2011/12/17 19:21:57 | 000,217,425 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG02064-20111216-1453.jpg
[2011/12/17 15:00:05 | 000,240,058 | ---- | C] () -- C:\Users\Administrator\Desktop\hello.png
[2011/12/17 12:04:10 | 000,131,063 | ---- | C] () -- C:\Users\Administrator\Desktop\InkMeWindows2.png
[2011/12/16 20:06:15 | 000,018,142 | ---- | C] () -- C:\Users\Administrator\Desktop\thisbigdecal.jpg
[2011/12/16 03:39:38 | 008,487,008 | ---- | C] () -- C:\Users\Administrator\Desktop\MoonStone.ai
[2011/12/16 00:26:26 | 000,069,081 | ---- | C] () -- C:\Users\Administrator\Desktop\sparrow.png
[2011/12/15 22:38:20 | 000,423,655 | ---- | C] () -- C:\Users\Administrator\Desktop\sparrow.jpg
[2011/12/15 19:42:20 | 000,426,531 | ---- | C] () -- C:\Users\Administrator\Desktop\MoonStone.jpg
[2011/12/15 16:36:58 | 000,061,328 | ---- | C] () -- C:\Users\Administrator\Desktop\Installs.jpg
[2011/12/15 15:41:36 | 268,825,208 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/15 02:37:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 02:37:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 02:37:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 02:37:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 02:37:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/15 01:05:34 | 000,001,964 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2011/12/14 21:35:43 | 000,058,749 | ---- | C] () -- C:\Users\Administrator\Desktop\ctrtemp.png
[2011/12/14 19:17:54 | 000,271,977 | ---- | C] () -- C:\Users\Administrator\Desktop\Picture 045.jpg
[2011/12/14 15:40:47 | 005,815,355 | ---- | C] () -- C:\Users\Administrator\Desktop\VID 00121-20111214-1146.3GP
[2011/12/14 00:29:47 | 001,998,624 | ---- | C] () -- C:\Users\Administrator\Desktop\InkMeWindows.ai
[2011/12/13 19:48:56 | 000,186,584 | ---- | C] () -- C:\Users\Administrator\Desktop\BraceletVictorian.ttf
[2011/12/13 19:38:34 | 002,045,358 | ---- | C] () -- C:\Users\Administrator\Desktop\InkMe.eps
[2011/12/13 16:57:39 | 001,324,085 | ---- | C] () -- C:\Users\Administrator\Desktop\InkMe.ai
[2011/12/13 16:12:36 | 001,136,753 | ---- | C] () -- C:\Users\Administrator\Desktop\DirtyLove2 - Copy.png
[2011/12/13 16:12:36 | 000,045,888 | ---- | C] () -- C:\Users\Administrator\Desktop\5150 - Copy.png
[2011/12/13 16:12:36 | 000,037,738 | ---- | C] () -- C:\Users\Administrator\Desktop\Dopest2 - Copy.png
[2011/12/13 16:12:36 | 000,013,161 | ---- | C] () -- C:\Users\Administrator\Desktop\ACDCbcknblack - Copy.png
[2011/12/13 16:12:36 | 000,011,231 | ---- | C] () -- C:\Users\Administrator\Desktop\DJ-WILD - Copy.png
[2011/12/12 11:59:57 | 001,029,203 | ---- | C] () -- C:\Users\Administrator\Desktop\cuppycake.png
[2011/12/11 21:52:34 | 000,028,209 | ---- | C] () -- C:\Users\Administrator\Desktop\Fail.png
[2011/12/11 17:49:07 | 000,076,538 | ---- | C] () -- C:\Users\Administrator\Desktop\Metal_Mulisha-for-bobby.png
[2011/12/10 22:47:10 | 000,141,041 | ---- | C] () -- C:\Users\Administrator\Desktop\MMWords.ai
[2011/12/10 14:20:04 | 000,312,360 | ---- | C] () -- C:\Users\Administrator\Desktop\Romantiques.ttf
[2011/12/10 03:22:32 | 001,103,373 | ---- | C] () -- C:\Users\Administrator\Desktop\heartforeplay.png
[2011/12/10 03:20:43 | 000,054,762 | ---- | C] () -- C:\Users\Administrator\Desktop\heartforeplay2.png
[2011/12/10 02:45:12 | 367,180,072 | ---- | C] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E13.Face.Off.HDTV.XviD-FQM.avi
[2011/12/10 01:50:01 | 003,660,956 | ---- | C] () -- C:\Users\Administrator\Desktop\cuppycakepink.ai
[2011/12/09 23:56:54 | 366,985,548 | ---- | C] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E12.HDTV.XviD-ASAP.avi
[2011/12/09 18:31:30 | 001,052,158 | ---- | C] () -- C:\Users\Administrator\Desktop\heartforeplay.ai
[2011/12/09 15:31:35 | 005,578,021 | ---- | C] () -- C:\Users\Administrator\Desktop\MattStone.ai
[2011/12/09 00:36:32 | 003,708,294 | ---- | C] () -- C:\Users\Administrator\Desktop\cuppycake.ai
[2011/12/08 23:37:08 | 000,396,155 | ---- | C] () -- C:\Users\Administrator\Desktop\cuppycake.jpg
[2011/12/08 23:36:53 | 000,396,155 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled.jpg
[2011/12/08 23:21:09 | 001,456,285 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1282.JPG
[2011/12/08 10:17:25 | 000,184,119 | ---- | C] () -- C:\Users\Administrator\Desktop\HardcoreMM.ai
[2011/12/07 19:52:30 | 000,000,849 | ---- | C] () -- C:\Users\Administrator\Desktop\Spotify.lnk
[2011/12/07 19:52:30 | 000,000,835 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/12/07 16:24:12 | 000,071,979 | ---- | C] () -- C:\Users\Administrator\Desktop\upheaval(1).jpg
[2011/12/07 16:10:09 | 000,891,472 | ---- | C] () -- C:\Users\Administrator\Desktop\upheaval(1).eps
[2011/12/06 03:07:40 | 000,051,979 | ---- | C] () -- C:\Users\Administrator\Desktop\firedecal.jpg
[2011/12/05 23:10:14 | 000,559,787 | ---- | C] () -- C:\Users\Administrator\Desktop\rgi.png
[2011/12/05 22:23:59 | 000,310,235 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1267.JPG
[2011/12/05 21:59:44 | 001,849,386 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1273.JPG
[2011/12/05 21:59:40 | 001,866,385 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1272.JPG
[2011/12/05 21:59:33 | 001,782,158 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1271.JPG
[2011/12/05 21:58:58 | 002,066,096 | ---- | C] () -- C:\Users\Administrator\Desktop\100_1274.JPG
[2011/12/05 12:28:50 | 004,396,785 | ---- | C] () -- C:\Users\Administrator\Desktop\Sparrow.ai
[2011/12/05 12:18:13 | 000,095,232 | ---- | C] () -- C:\Users\Administrator\Desktop\Ink Me2.VE
[2011/12/04 13:31:08 | 001,444,933 | ---- | C] () -- C:\Users\Administrator\Desktop\AllFresh.ai
[2011/12/04 00:07:39 | 000,069,753 | ---- | C] () -- C:\Users\Administrator\Desktop\metal_mulisha.ai
[2011/12/03 22:00:11 | 001,097,391 | ---- | C] () -- C:\Users\Administrator\Desktop\Ink Me2.ai
[2011/12/03 21:37:15 | 000,028,514 | ---- | C] () -- C:\Users\Administrator\Desktop\Ink-Me4.png
[2011/12/03 21:33:06 | 000,027,792 | ---- | C] () -- C:\Users\Administrator\Desktop\Ink-Me3.png
[2011/12/03 21:04:30 | 000,036,711 | ---- | C] () -- C:\Users\Administrator\Desktop\Ink-Me2.png
[2011/12/03 16:52:23 | 000,170,867 | ---- | C] () -- C:\Users\Administrator\Desktop\Metal_Mulisha for bobby.ai
[2011/12/03 13:15:16 | 000,079,613 | ---- | C] () -- C:\Users\Administrator\Desktop\Invoice_Oct-16-11_Nov-15-11.html
[2011/12/03 03:03:34 | 366,970,634 | ---- | C] () -- C:\Users\Administrator\Desktop\Breaking.Bad.S04E11.HDTV.XviD-ASAP.avi
[2011/11/30 15:59:40 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/11/30 12:11:07 | 024,957,095 | ---- | C] () -- C:\Users\Administrator\Desktop\VID 00103-20111130-1144.3GP
[2011/11/29 23:20:45 | 000,043,279 | ---- | C] () -- C:\Users\Administrator\Desktop\meandbabygirl.jpg
[2011/11/29 11:33:10 | 000,000,934 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/29 11:33:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 00:52:59 | 000,001,776 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2011/11/29 00:51:52 | 000,017,192 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/11/28 16:34:41 | 000,000,320 | ---- | C] () -- C:\ProgramData\~qp93bCmDcCOEPD
[2011/11/28 16:34:41 | 000,000,224 | ---- | C] () -- C:\ProgramData\~qp93bCmDcCOEPDr
[2011/11/28 16:34:33 | 000,000,344 | ---- | C] () -- C:\ProgramData\qp93bCmDcCOEPD
[2011/11/28 13:50:25 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup_revwire207.exe
[2011/11/28 01:28:20 | 000,000,320 | ---- | C] () -- C:\ProgramData\~1fm327XP4Qkd1k
[2011/11/28 01:28:20 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1fm327XP4Qkd1kr
[2011/11/28 01:28:08 | 000,000,336 | ---- | C] () -- C:\ProgramData\1fm327XP4Qkd1k
[2011/11/28 01:05:00 | 000,718,535 | ---- | C] () -- C:\Users\Administrator\Desktop\VID 00101-20111117-2208.3GP
[2011/11/28 01:04:14 | 002,912,584 | ---- | C] () -- C:\Users\Administrator\Desktop\VID 00102-20111128-0053.3GP
[2011/11/28 00:58:34 | 000,002,757 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2011/11/28 00:58:34 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Apprentice 10.0.2.lnk
[2011/11/28 00:58:34 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.0.2.lnk
[2011/11/28 00:58:34 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/28 00:58:34 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/28 00:58:34 | 000,001,723 | ---- | C] () -- C:\Users\Public\Desktop\Timez Attack.lnk
[2011/11/28 00:58:34 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/28 00:58:34 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/11/28 00:58:34 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/11/28 00:58:34 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\Pandora.lnk
[2011/11/28 00:58:33 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2011/11/28 00:58:33 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
[2011/11/28 00:58:33 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/11/28 00:58:33 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\Acer Store.lnk
[2011/11/28 00:58:30 | 000,001,637 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/11/28 00:58:30 | 000,000,970 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/11/28 00:58:30 | 000,000,942 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/28 00:58:30 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/11/28 00:58:29 | 000,002,255 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/11/28 00:58:29 | 000,002,048 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/28 00:58:29 | 000,001,752 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/28 00:58:29 | 000,001,083 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 00:58:29 | 000,000,947 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/28 00:58:29 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/11/28 00:58:15 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/28 00:58:15 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/11/28 00:58:15 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/11/28 00:58:15 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/28 00:58:15 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/11/28 00:58:15 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/28 00:58:15 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/11/28 00:58:15 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/11/28 00:58:15 | 000,001,738 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Journal.lnk
[2011/11/28 00:58:15 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/11/28 00:58:15 | 000,001,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes.lnk
[2011/11/28 00:58:15 | 000,001,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/11/28 00:58:15 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/28 00:58:15 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/28 00:58:15 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/28 00:58:15 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/28 00:58:15 | 000,000,754 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
[2011/11/28 00:58:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/11/28 00:58:14 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/11/28 00:58:14 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
[2011/11/28 00:58:14 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/11/28 00:58:14 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/28 00:58:14 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/28 00:58:14 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/28 00:58:14 | 000,001,292 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
[2011/11/28 00:58:14 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/11/28 00:58:14 | 000,000,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/27 18:23:08 | 000,001,059 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011/11/27 16:30:15 | 000,000,224 | ---- | C] () -- C:\ProgramData\~TrsidL6sNNn56Zr
[2011/11/27 16:30:14 | 000,000,320 | ---- | C] () -- C:\ProgramData\~TrsidL6sNNn56Z
[2011/11/27 16:30:04 | 000,000,440 | ---- | C] () -- C:\ProgramData\TrsidL6sNNn56Z
[2011/11/22 14:43:49 | 000,100,444 | ---- | C] () -- C:\Users\Administrator\Desktop\WalkDaWalkTwo.ttf
[2011/11/19 14:52:22 | 001,347,189 | ---- | C] () -- C:\Users\Administrator\Desktop\Untitled-1.ai
[2011/09/18 00:14:45 | 000,000,197 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/09/18 00:14:45 | 000,000,020 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2011/07/06 12:09:37 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/06/23 23:27:09 | 000,000,225 | ---- | C] () -- C:\ProgramData\505dfcf4
[2011/06/23 17:07:38 | 000,010,194 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\ne5p8cmch0wc
[2011/06/23 17:07:38 | 000,010,194 | -HS- | C] () -- C:\ProgramData\ne5p8cmch0wc
[2011/06/22 01:37:50 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2011/06/20 15:29:07 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2011/06/20 15:27:10 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/06/07 17:57:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/16 12:30:52 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/03/16 17:48:02 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHT.dll
[2011/03/16 17:48:02 | 000,048,128 | ---- | C] () -- C:\Windows\System32\HiDvrOcxCHS.dll
[2010/08/29 22:59:31 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wklnhst.dat
[2010/06/08 11:42:03 | 000,122,798 | ---- | C] () -- C:\Windows\hpoins14.dat.temp
[2010/06/08 11:42:02 | 000,001,996 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp
[2010/04/21 17:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/21 17:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/21 17:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/21 16:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/03/17 22:32:47 | 000,000,617 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/03 09:51:36 | 000,148,971 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2009/12/03 09:51:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2009/10/20 13:08:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 13:08:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 13:07:31 | 000,072,192 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2009/06/10 00:42:43 | 000,235,088 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/05/28 16:38:53 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/03/17 01:49:08 | 000,148,395 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/02/11 02:25:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/02/02 00:25:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/30 04:25:07 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2009/01/27 07:51:32 | 000,007,728 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/01/24 03:00:59 | 000,181,760 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 23:00:44 | 000,013,136 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2009/01/23 22:53:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/18 18:25:44 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/08/18 18:25:44 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/08/18 18:16:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/08/18 18:06:18 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/08/18 18:00:26 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/08/18 18:00:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/08/18 18:00:26 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/08/18 18:00:26 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/08/15 10:15:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008/08/15 10:15:09 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/01/20 18:25:15 | 000,418,304 | ---- | C] () -- C:\Windows\System32\wmdrmdev.dll
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/03/13 12:01:59 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 004,235,168 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,637,616 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,123,192 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009/01/23 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
[2009/12/27 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer GameZone Console
[2011/12/12 00:09:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/06/21 22:59:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010/02/19 20:29:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.ExMan
[2011/08/05 03:52:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1
[2011/07/20 05:27:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.w3i.fliptoast
[2009/02/05 04:08:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2009/12/27 11:20:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\eSobi
[2009/10/19 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Image Zone Express
[2010/01/06 15:13:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\inkscape
[2011/11/30 15:59:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2009/01/23 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2011/07/24 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MAGIX
[2010/01/19 09:56:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Memeo
[2009/01/23 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2009/10/19 21:15:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Printer Info Cache
[2011/06/20 15:26:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2011/05/17 11:45:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SmartPCTools
[2011/12/18 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2011/05/17 20:38:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/08/29 22:59:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Template
[2011/05/06 01:24:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TP
[2009/06/20 15:33:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2011/05/01 18:21:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/03/10 00:31:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2011/07/20 05:26:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\W3i, LLC
[2011/12/14 22:49:55 | 000,000,000 | ---D | M] -- C:\Users\OverDrive\AppData\Roaming\Acer
[2011/12/14 22:49:51 | 000,000,000 | ---D | M] -- C:\Users\OverDrive\AppData\Roaming\Leadertech
[2011/12/15 04:14:56 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:7CACEF61
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F3176E45
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:73933431
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:753F86A9

< End of report >

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 19 December 2011 - 07:14 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html File not found
    O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:7CACEF61
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F3176E45
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:ECF54A0E
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:73933431
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:753F86A9
    IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
    FF - prefs.js..extensions.enabledItems: {2f3f5e73-4970-4c78-8a61-95bb4fe27c01}:1.0
    FF - prefs.js..extensions.enabledItems: {40148d7e-425d-488d-8fdd-fdb885f65237}:1.0
    FF - prefs.js..extensions.enabledItems: {4483ff83-64e2-4f80-94ff-576240190d73}:1.0
    FF - prefs.js..extensions.enabledItems: {85c7808b-086a-4530-8bec-02158799e998}:1.0
    FF - prefs.js..extensions.enabledItems: {884bd093-2f63-4275-8c6e-9ea501f225f0}:1.0
    FF - prefs.js..extensions.enabledItems: {a7eae058-2c1b-4dfd-bb60-3bfb6f813d8a}:1.0
    FF - prefs.js..extensions.enabledItems: {ab0f5dda-029d-4a29-bb48-cf7ec3394a6a}:1.0
    FF - prefs.js..extensions.enabledItems: {b67b69b1-1218-4caf-bcdc-c2c3fa96a190}:1.0
    [2011/06/24 00:51:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{2f3f5e73-4970-4c78-8a61-95bb4fe27c01}
    [2011/06/24 01:43:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{40148d7e-425d-488d-8fdd-fdb885f65237}
    [2011/07/30 14:09:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{4483ff83-64e2-4f80-94ff-576240190d73}
    [2011/11/20 09:05:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{85c7808b-086a-4530-8bec-02158799e998}
    [2011/07/31 15:02:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{884bd093-2f63-4275-8c6e-9ea501f225f0}
    [2011/07/20 23:56:15 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{a7eae058-2c1b-4dfd-bb60-3bfb6f813d8a}
    [2011/06/23 22:38:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{ab0f5dda-029d-4a29-bb48-cf7ec3394a6a}
    [2011/11/25 00:35:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\extensions\{b67b69b1-1218-4caf-bcdc-c2c3fa96a190}
    [2009/11/29 01:47:04 | 000,000,681 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\oahoqesd.default\searchplugins\ask.xml
    O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3026996596-601840235-2618289223-500\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Program Files\Mininova-Vuze\tbMin1.dll (Conduit Ltd.)
    [2011/11/27 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
    [2011/11/28 16:34:41 | 000,000,320 | ---- | M] () -- C:\ProgramData\~qp93bCmDcCOEPD
    [2011/11/28 16:34:41 | 000,000,224 | ---- | M] () -- C:\ProgramData\~qp93bCmDcCOEPDr
    [2011/11/28 16:34:33 | 000,000,344 | ---- | M] () -- C:\ProgramData\qp93bCmDcCOEPD
    [2011/11/28 13:22:16 | 000,000,320 | ---- | M] () -- C:\ProgramData\~1fm327XP4Qkd1k
    [2011/11/28 13:22:16 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1fm327XP4Qkd1kr
    [2011/11/28 01:28:09 | 000,000,336 | ---- | M] () -- C:\ProgramData\1fm327XP4Qkd1k
    [2011/11/27 19:51:28 | 000,000,320 | ---- | M] () -- C:\ProgramData\~TrsidL6sNNn56Z
    [2011/11/27 19:51:28 | 000,000,224 | ---- | M] () -- C:\ProgramData\~TrsidL6sNNn56Zr
    [2011/06/23 17:07:38 | 000,010,194 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\ne5p8cmch0wc
    [2011/06/23 17:07:38 | 000,010,194 | -HS- | C] () -- C:\ProgramData\ne5p8cmch0wc
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 19 December 2011 - 08:20 AM

Okay during the fix I got an error that said "Couldn't create file Drivers/Host (is all I caught of the file)" And then the blue screen of death. Upon restarting I got a white screen then went and started task manager and one of the processes PING.EXE was taking all the memory and running for about an hour so I stopped it and restarted and got a lot of pop ups in Firefox so far.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 19 December 2011 - 01:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 19 December 2011 - 06:56 PM

Okay so, as I was downloading it I got the blue screen of death saying "Memory Management" so, I redownloaded and got it. Did a scan and it stopped within 5 minutes and I got another blue screen of death saying "IQL_NOT_LESS_O_EQUAL" and since have done two more scans each taking about two hours and my computer restarts (Don't know if it was a blue screen of death because I wasn't around to see) and at as it shows my desktop both times it has said "The Recycle Bin on C:\ corrupted do you want to empty Recycle Bin for this drive?" and I hit yes both times but still no report. I have also noticed a Explorer internet icon on my desk top but the name is "The Internet" which I think is something other than explorer. Still getting random tabs opening in firefox. Want shall I do next?

#11 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 19 December 2011 - 08:44 PM

Okay so, as I was downloading it I got the blue screen of death saying "Memory Management" so, I redownloaded and got it. Did a scan and it stopped within 5 minutes and I got another blue screen of death saying "IQL_NOT_LESS_O_EQUAL" and since have done two more scans each taking about two hours and my computer restarts (Don't know if it was a blue screen of death because I wasn't around to see) and at as it shows my desktop both times it has said "The Recycle Bin on C:\ corrupted do you want to empty Recycle Bin for this drive?" and I hit yes both times but still no report. I have also noticed a Explorer internet icon on my desk top but the name is "The Internet" which I think is something other than explorer. Still getting random tabs opening in firefox. Want shall I do next?

Also noticed that "PING.EXE" is still taking most of my CPU up in processes.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 20 December 2011 - 12:33 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 20 December 2011 - 12:40 AM

When I click on tdsskiller icon nothing happens.

#14 robspace

robspace
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 20 December 2011 - 02:09 AM

I even re downloaded and still nothing. So I don't know what to do. :/

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:05 AM

Posted 20 December 2011 - 02:22 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users