Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect virus


  • This topic is locked This topic is locked
37 replies to this topic

#16 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 04 January 2012 - 11:23 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#17 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 05 January 2012 - 12:29 PM

Sorry for the delay. I found the RegClean Pro in the control panel delete programs list and removed the program. I didn't expect that to work because I know that malware usually keeps coming back. But it's been a few days, and Dad is saying his computer is not redirecting anymore and he can get onto all his sites again. I feel stupid for not trying that first, but I didn't even check to see if it would be listed in the remove program before I asked for help. Should we just call this quits, in your opinion? I hate to have you waste time on it if it isn't necessary.

#18 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 05 January 2012 - 12:42 PM

Hello


You are not wasting my time we have removed some very nasty viruses from this computer

run OTL and if I don't see anything I will start the ending process


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#19 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 08 January 2012 - 01:57 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#20 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 08 January 2012 - 09:38 AM

Sorry. Work has been picking up since the holidays are over. HEre are the two log files you requested.

OTL logfile created on: 1/8/2012 8:32:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jerry9947\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 71.86% Memory free
11.50 Gb Paging File | 9.62 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.57 Gb Total Space | 633.00 Gb Free Space | 92.20% Space Free | Partition Type: NTFS

Computer Name: JERRY9947-PC | User Name: jerry9947 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jerry9947\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Inbox\CToolbar.exe (Crawler.com)
PRC - c:\Program Files (x86)\Inbox\CMail.exe (Crawler.com)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Logitech\Harmony Remote\EasyZapperMonitor.exe (Intrigue Technologies Inc)
PRC - C:\Program Files (x86)\Logitech\Harmony Remote\EasyZapperManagerExe.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()
MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()
MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()
MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()
MOD - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Logitech\Harmony Remote\EasyZapperManagerExe.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=tst02&cd=2XzutAtN2Y1L1Qzu0Bzz0A0CyC0F0ByCtD0ByC0E0FtByEyBzztN0D0TzutBtDtCtBtDtCtDyB&cr=208930254
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=tst02&cd=2XzutAtN2Y1L1Qzu0Bzz0A0CyC0F0ByCtD0ByC0E0FtByEyBzztN0D0TzutBtDtCtBtDtCtDyB&cr=208930254
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001
IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=70001
IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Inbox\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jerry9947\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jerry9947\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/20 12:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4effxtbr@RadioPI_4e.com: C:\Program Files (x86)\RadioPI_4e\bar\1.bin [2011/11/23 15:20:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\jerry9947\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Inbox\firefox\ [2012/01/07 09:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/08 08:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/20 12:28:37 | 000,000,000 | ---D | M]

[2011/02/07 11:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Extensions
[2012/01/07 09:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions
[2011/12/12 20:00:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/23 15:20:41 | 000,000,000 | ---D | M] (RadioPI) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\4effxtbr@RadioPI_4e.com
[2012/01/02 12:12:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com
[2011/05/25 13:04:37 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com
[2012/01/02 17:17:21 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\wecarereminder@bryan
[2012/01/07 08:51:38 | 000,005,425 | ---- | M] () -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\searchplugins\Foxtab Web Search.xml
[2011/10/11 16:30:05 | 000,002,292 | ---- | M] () -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\searchplugins\inbox-search.xml
[2011/11/24 06:11:50 | 000,000,000 | ---- | M] () -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\searchplugins\RadioPI_4e.xml
[2011/03/25 08:57:37 | 000,001,742 | ---- | M] () -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\searchplugins\search-the-web.xml
[2011/04/19 18:14:36 | 000,002,394 | ---- | M] () -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\searchplugins\search.xml
[2012/01/08 08:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/08 08:29:21 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/18 08:18:46 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011/11/20 12:28:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\JERRY9947\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3MBASAIY.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI
[2012/01/08 08:29:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/08 08:29:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012/01/02 12:11:27 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/01/08 08:29:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: FoxTab Search (Enabled)
CHR - default_search_provider: search_url = http://search.foxtab.com/?q={searchTerms}&s=1&chnl=tst02&cd=2XzutAtN2Y1L1Qzu0Bzz0A0CyC0F0ByCtD0ByC0E0FtByEyBzztN0D0TzutBtDtCtBtDtCtDyB&cr=208930254
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jerry9947\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jerry9947\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jerry9947\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: YouTube Downloader = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhhaodpfpcgbgeddgddinialfofjkijm\11.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.10_0\
CHR - Extension: Yontoo Layers = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: Gmail = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/29 16:16:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2:64bit: - BHO: (FoxTab) - {9BCF56B3-CF14-4C78-A07D-35DD410A8C11} - Reg Error: Value error. File not found
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
O2 - BHO: (&Inbox.com Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Inbox\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (FoxTab) - {9BCF56B3-CF14-4C78-A07D-35DD410A8C11} - C:\Program Files (x86)\FoxTab\FoxTabTB.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (FoxTab) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (FoxTab) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\Program Files (x86)\FoxTab\FoxTabTB.dll File not found
O3 - HKLM\..\Toolbar: (&Inbox.com Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\..\Toolbar\WebBrowser: (&Inbox.com Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Inbox\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000..\Run: [CrawlerMail] c:\Program Files (x86)\Inbox\CMail.exe (Crawler.com)
O4 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - Startup: C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Inbox Search - tbr:iemenu File not found
O8 - Extra context menu item: Inbox Search - tbr:iemenu File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBD466E-29DF-47E1-854E-7FB1DF455457}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBD466E-29DF-47E1-854E-7FB1DF455457}: NameServer = 216.146.35.240,216.146.36.240,192.168.11.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Inbox\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 08:31:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\jerry9947\Desktop\OTL.exe
[2012/01/07 09:07:32 | 000,000,000 | R--D | C] -- C:\Users\jerry9947\Documents\Inbox.com Virtual Storage
[2012/01/07 09:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar
[2012/01/07 09:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inbox
[2012/01/07 08:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxTab
[2012/01/02 12:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sendori
[2012/01/02 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2012/01/02 12:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/01/02 12:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/01/02 12:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sendori
[2012/01/02 12:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sendori
[2012/01/02 12:08:41 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Creator
[2012/01/01 10:04:52 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\jerry9947\Desktop\FixTDSS.exe
[2011/12/30 09:22:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/29 16:45:05 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Users\jerry9947\Desktop\aswMBR.exe
[2011/12/29 16:39:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/29 15:09:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/29 12:04:50 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\jerry9947\Desktop\tdsskiller(1).exe
[2011/12/28 13:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/12/28 13:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2011/12/28 13:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2011/12/28 13:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/28 13:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/28 13:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/28 13:13:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/28 13:12:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/28 13:11:31 | 004,356,248 | R--- | C] (Swearware) -- C:\Users\jerry9947\Desktop\ComboFix.exe
[2011/12/23 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\Desktop\gmer
[2011/12/23 14:04:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\jerry9947\Desktop\dds.scr
[2011/12/23 11:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 11:13:10 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\Desktop\Malwarebytes' Anti-Malware
[2011/12/21 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\AppData\Roaming\Systweak
[2011/12/21 11:35:12 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2011/12/19 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security
[2011/12/19 09:11:37 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/12/19 09:11:35 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/12/19 09:11:35 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/12/19 09:11:35 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/12/19 08:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/19 08:32:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Trend_Micro
[2011/12/18 08:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/12/18 08:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011/12/18 08:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/12/15 04:07:32 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 04:07:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 04:07:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 04:07:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 04:07:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 04:07:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 04:07:27 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 04:07:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 04:07:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 04:07:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 04:07:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/14 17:09:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 17:09:22 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 17:09:22 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 19:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/13 19:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/13 19:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/12/13 19:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/13 07:09:34 | 000,000,000 | ---D | C] -- C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Media Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 08:31:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jerry9947\Desktop\OTL.exe
[2012/01/08 08:29:27 | 000,002,054 | ---- | M] () -- C:\Users\jerry9947\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/08 08:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/08 07:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4079007757-3302140481-631283217-1000UA.job
[2012/01/08 07:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 07:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/08 06:49:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 06:49:55 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 06:46:30 | 000,743,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/08 06:46:30 | 000,636,126 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/08 06:46:30 | 000,110,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 06:44:10 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 06:42:25 | 000,000,438 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/01/08 06:42:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 06:42:01 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 21:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/07 20:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/07 19:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/07 18:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/07 17:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/07 16:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/07 15:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/07 14:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/07 13:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/07 12:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/07 11:45:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4079007757-3302140481-631283217-1000Core.job
[2012/01/07 11:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/07 10:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/07 09:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/07 06:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/07 05:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/07 04:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/07 03:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/07 02:46:53 | 000,002,441 | ---- | M] () -- C:\Users\jerry9947\Desktop\Google Chrome.lnk
[2012/01/07 02:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/06 07:14:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/02 12:12:44 | 000,001,033 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sendori Tray Icon.lnk
[2012/01/02 11:41:37 | 000,003,747 | ---- | M] () -- C:\Users\jerry9947\Desktop\Display Printer Driver - Shortcut (2).lnk
[2012/01/01 10:32:26 | 000,000,512 | ---- | M] () -- C:\Users\jerry9947\Desktop\MBR.dat
[2012/01/01 10:04:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\jerry9947\Desktop\FixTDSS.exe
[2012/01/01 01:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/01 00:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/31 23:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/31 22:04:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/29 16:45:31 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Users\jerry9947\Desktop\aswMBR.exe
[2011/12/29 16:16:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/29 14:55:41 | 000,002,025 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Harmony Monitor.lnk
[2011/12/29 13:42:44 | 004,356,248 | R--- | M] (Swearware) -- C:\Users\jerry9947\Desktop\ComboFix.exe
[2011/12/29 13:29:50 | 000,009,774 | -HS- | M] () -- C:\Users\jerry9947\AppData\Local\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
[2011/12/29 13:29:50 | 000,009,774 | -HS- | M] () -- C:\ProgramData\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
[2011/12/29 12:04:53 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\jerry9947\Desktop\tdsskiller(1).exe
[2011/12/29 09:18:46 | 518,129,760 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/23 14:46:10 | 000,294,216 | ---- | M] () -- C:\Users\jerry9947\Desktop\gmer.zip
[2011/12/23 14:35:45 | 000,302,592 | ---- | M] () -- C:\Users\jerry9947\Desktop\sk4eto12.exe
[2011/12/23 14:04:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\jerry9947\Desktop\dds.scr
[2011/12/23 14:03:33 | 000,000,000 | ---- | M] () -- C:\Users\jerry9947\defogger_reenable
[2011/12/23 14:01:35 | 000,050,477 | ---- | M] () -- C:\Users\jerry9947\Desktop\Defogger.exe
[2011/12/23 11:13:14 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 10:59:58 | 000,395,875 | ---- | M] () -- C:\Users\jerry9947\Desktop\MiniToolBox.exe
[2011/12/23 10:48:40 | 000,869,194 | ---- | M] () -- C:\Users\jerry9947\Desktop\SecurityCheck.exe
[2011/12/19 09:16:48 | 000,001,371 | ---- | M] () -- C:\Users\jerry9947\Desktop\Trend Micro Titanium Internet Security.lnk
[2011/12/19 08:58:41 | 000,144,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2011/12/19 08:58:41 | 000,105,552 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011/12/19 08:58:41 | 000,090,704 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2011/12/19 08:58:41 | 000,067,664 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2011/12/15 04:26:02 | 000,294,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 19:21:15 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 12:12:44 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sendori Tray Icon.lnk
[2012/01/02 11:41:37 | 000,003,747 | ---- | C] () -- C:\Users\jerry9947\Desktop\Display Printer Driver - Shortcut (2).lnk
[2011/12/29 16:54:31 | 000,000,512 | ---- | C] () -- C:\Users\jerry9947\Desktop\MBR.dat
[2011/12/29 13:06:46 | 000,009,774 | -HS- | C] () -- C:\Users\jerry9947\AppData\Local\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
[2011/12/29 13:06:46 | 000,009,774 | -HS- | C] () -- C:\ProgramData\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
[2011/12/28 13:38:35 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/28 13:14:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/28 13:14:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/28 13:14:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/28 13:14:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/28 13:14:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 14:46:09 | 000,294,216 | ---- | C] () -- C:\Users\jerry9947\Desktop\gmer.zip
[2011/12/23 14:35:45 | 000,302,592 | ---- | C] () -- C:\Users\jerry9947\Desktop\sk4eto12.exe
[2011/12/23 14:03:33 | 000,000,000 | ---- | C] () -- C:\Users\jerry9947\defogger_reenable
[2011/12/23 14:01:34 | 000,050,477 | ---- | C] () -- C:\Users\jerry9947\Desktop\Defogger.exe
[2011/12/23 11:13:14 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/23 10:59:58 | 000,395,875 | ---- | C] () -- C:\Users\jerry9947\Desktop\MiniToolBox.exe
[2011/12/23 10:48:38 | 000,869,194 | ---- | C] () -- C:\Users\jerry9947\Desktop\SecurityCheck.exe
[2011/12/19 09:16:48 | 000,001,371 | ---- | C] () -- C:\Users\jerry9947\Desktop\Trend Micro Titanium Internet Security.lnk
[2011/12/13 19:21:15 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/25 15:46:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\6I2N6ULnM.com.b
[2011/11/25 15:43:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\GeH4oe.dat
[2011/11/25 15:43:14 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\6I2N6ULnM.com_
[2011/10/18 05:22:25 | 000,000,192 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/18 05:22:24 | 000,000,280 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/18 05:22:23 | 000,000,464 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/03/25 12:06:00 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/12/24 13:53:54 | 000,758,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/21 01:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/10 21:07:46 | 000,000,065 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/15 13:40:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:15E76ABF

< End of report >


OTL Extras logfile created on: 1/8/2012 8:32:18 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jerry9947\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.13 Gb Available Physical Memory | 71.86% Memory free
11.50 Gb Paging File | 9.62 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.57 Gb Total Space | 633.00 Gb Free Space | 92.20% Space Free | Partition Type: NTFS

Computer Name: JERRY9947-PC | User Name: jerry9947 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{26ED1160-22B1-4b19-8C21-42A1BACAAF75}" = pdfforge Toolbar v4.9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{5F6C549F-78DA-4E0E-AE70-0BD981936D99}" = Nuance PDF Reader
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"123 Free Solitaire_is1" = 123 Free Solitaire 2009 v7.2
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Pac-Man" = Pac-Man
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CToolbar_UNINSTALL" = Inbox.com Toolbar
"Dell Dock" = Dell Dock
"Driver Performer_is1" = Driver Performer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Ms.Pacman" = Ms.Pacman
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RealPlayer 15.0" = RealPlayer
"Sendori" = Sendori
"The Free YouTube Downloader" = The Free YouTube Downloader
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4079007757-3302140481-631283217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2011 8:47:44 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 54023

Error - 12/20/2011 8:47:45 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2011 8:47:45 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 55021

Error - 12/20/2011 8:47:45 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 55021

Error - 12/20/2011 8:47:46 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2011 8:47:46 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 56020

Error - 12/20/2011 8:47:46 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 56020

Error - 12/20/2011 8:47:47 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/20/2011 8:47:47 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 57034

Error - 12/20/2011 8:47:47 PM | Computer Name = jerry9947-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57034

[ Dell Events ]
Error - 6/20/2011 9:41:17 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/27/2011 10:20:16 AM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/27/2011 10:20:16 AM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/25/2011 7:45:31 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/25/2011 7:45:31 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 10:07:37 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/1/2011 10:07:37 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/5/2011 3:51:50 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/5/2011 3:51:51 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 3:13:55 PM | Computer Name = jerry9947-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 3/21/2011 5:36:22 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 4:36:22 AM - Error connecting to the internet. 4:36:22 AM - Unable
to contact server..

Error - 3/21/2011 5:37:10 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 4:37:09 AM - Error connecting to the internet. 4:37:09 AM - Unable
to contact server..

Error - 3/21/2011 6:38:16 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 5:38:16 AM - Error connecting to the internet. 5:38:16 AM - Unable
to contact server..

Error - 3/21/2011 6:39:04 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 5:39:03 AM - Error connecting to the internet. 5:39:03 AM - Unable
to contact server..

Error - 3/21/2011 7:40:10 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 6:40:10 AM - Error connecting to the internet. 6:40:10 AM - Unable
to contact server..

Error - 3/21/2011 7:40:58 AM | Computer Name = jerry9947-PC | Source = MCUpdate | ID = 0
Description = 6:40:57 AM - Error connecting to the internet. 6:40:58 AM - Unable
to contact server..

[ System Events ]
Error - 1/7/2012 11:32:00 AM | Computer Name = jerry9947-PC | Source = ipnathlp | ID = 30013
Description =

Error - 1/7/2012 11:32:14 AM | Computer Name = jerry9947-PC | Source = DCOM | ID = 10016
Description =

Error - 1/7/2012 11:32:20 AM | Computer Name = jerry9947-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 1/7/2012 11:32:40 AM | Computer Name = jerry9947-PC | Source = DCOM | ID = 10016
Description =

Error - 1/8/2012 8:42:07 AM | Computer Name = jerry9947-PC | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Solution Platform service failed to start due to the
following error: %%2

Error - 1/8/2012 8:42:25 AM | Computer Name = jerry9947-PC | Source = ipnathlp | ID = 34001
Description =

Error - 1/8/2012 8:42:25 AM | Computer Name = jerry9947-PC | Source = ipnathlp | ID = 30013
Description =

Error - 1/8/2012 8:43:08 AM | Computer Name = jerry9947-PC | Source = DCOM | ID = 10016
Description =

Error - 1/8/2012 8:43:12 AM | Computer Name = jerry9947-PC | Source = DCOM | ID = 10016
Description =

Error - 1/8/2012 8:44:38 AM | Computer Name = jerry9947-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >

#21 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 08 January 2012 - 02:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files (x86)\RadioPI_4e\bar\1.bin\NP4eStub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
    O2:64bit: - BHO: (FoxTab) - {9BCF56B3-CF14-4C78-A07D-35DD410A8C11} - Reg Error: Value error. File not found
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
    O2 - BHO: (FoxTab) - {9BCF56B3-CF14-4C78-A07D-35DD410A8C11} - C:\Program Files (x86)\FoxTab\FoxTabTB.dll File not found
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (FoxTab) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (FoxTab) - {3F5A62E2-51F2-11D3-A075-CC7364CAE42A} - C:\Program Files (x86)\FoxTab\FoxTabTB.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4079007757-3302140481-631283217-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" File not found
    O4 - Startup: C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O8:64bit: - Extra context menu item: Inbox Search - tbr:iemenu File not found
    O8 - Extra context menu item: Inbox Search - tbr:iemenu File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\tbr - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:15E76ABF
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
    FF - prefs.js..browser.search.selectedEngine: "My Web Search"
    FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
    [2012/01/02 12:12:43 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com
    [2011/05/25 13:04:37 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com
    [2012/01/08 08:29:21 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2012/01/08 08:29:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
    [2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
    [2012/01/02 12:11:27 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/01/08 08:29:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    CHR - Extension: Yontoo Layers = C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    [2012/01/02 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime
    [2011/12/18 08:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2011/12/29 13:29:50 | 000,009,774 | -HS- | M] () -- C:\Users\jerry9947\AppData\Local\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
    [2011/12/29 13:29:50 | 000,009,774 | -HS- | M] () -- C:\ProgramData\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15
      
    :files
    C:\windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#22 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 08 January 2012 - 03:03 PM

Everything still seems to be working fine. Here is the log from the fix:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@RadioPI_4e.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BCF56B3-CF14-4C78-A07D-35DD410A8C11}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCF56B3-CF14-4C78-A07D-35DD410A8C11}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BCF56B3-CF14-4C78-A07D-35DD410A8C11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCF56B3-CF14-4C78-A07D-35DD410A8C11}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F5A62E2-51F2-11D3-A075-CC7364CAE42A}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Trend Micro Client Framework deleted successfully.
C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Inbox Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Inbox Search\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\ deleted successfully.
File Protocol\Handler\tbr - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}\ deleted successfully.
File {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}\ deleted successfully.
File {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:15E76ABF deleted successfully.
No active process named Program Files was found!
No active process named Program Files was found!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Prefs.js: "My Web Search" removed from browser.search.selectedEngine
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\skin folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\locale folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com\content folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\plugin@yontoo.com folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.
C:\Users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\extensions\searchtoolbar@zugo.com folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
C:\Users\jerry9947\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\Program Files (x86)\Yontoo Layers Runtime folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\jerry9947\AppData\Local\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15 moved successfully.
C:\ProgramData\0qgmg20vu6ei3cxtx04pu340723m5t4480nu33iw64c15 moved successfully.
========== FILES ==========
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At26.job moved successfully.
C:\windows\tasks\At28.job moved successfully.
C:\windows\tasks\At30.job moved successfully.
C:\windows\tasks\At32.job moved successfully.
C:\windows\tasks\At34.job moved successfully.
C:\windows\tasks\At36.job moved successfully.
C:\windows\tasks\At38.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At40.job moved successfully.
C:\windows\tasks\At42.job moved successfully.
C:\windows\tasks\At44.job moved successfully.
C:\windows\tasks\At46.job moved successfully.
C:\windows\tasks\At48.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jerry9947\Desktop\cmd.bat deleted successfully.
C:\Users\jerry9947\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darlene
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 102853408 bytes
->Flash cache emptied: 58254 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jerry9947
->Temp folder emptied: 80808932 bytes
->Temporary Internet Files folder emptied: 14575561 bytes
->Java cache emptied: 196455 bytes
->FireFox cache emptied: 56288993 bytes
->Google Chrome cache emptied: 252030703 bytes
->Apple Safari cache emptied: 2100224 bytes
->Flash cache emptied: 12682100 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 39710125 bytes

Total Files Cleaned = 535.00 mb


[EMPTYJAVA]

User: All Users

User: Darlene
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: jerry9947
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Darlene
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jerry9947
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\: LSP stack updated.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_135729

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\jerry9947\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#23 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 08 January 2012 - 05:12 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#24 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 11 January 2012 - 11:08 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#25 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 11 January 2012 - 07:15 PM

Ugh ok. big problems now. I ran combofix, but now ALL of the browsers on his computer give me an error message that an illegal operation on a registry key that has been marked for deletion. I can't use Fire fox, Chrome, Safari, or IE. I copied the log file to a USB drive and am using my own computer to post this update. I will be working all day tomorrow so I won't be able to respond until late tomorrow evening or possibly Saturday depending on what jumps up.

ComboFix 12-01-10.02 - jerry9947 01/11/2012 17:37:17.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4216 [GMT -6:00]
Running from: c:\users\jerry9947\Desktop\ComboFix.exe
Command switches used :: c:\users\jerry9947\Desktop\cfscript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JERRY9~1\AppData\Local\Temp\IadHide4.dll
c:\users\jerry9947\AppData\Local\Temp\IadHide4.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 23:55 . 2012-01-11 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 14:14 . 2012-01-10 14:16 -------- d-----w- c:\users\jerry9947\Musibleepitled - 01-07-12
2012-01-08 19:57 . 2012-01-08 19:57 -------- d-----w- C:\_OTL
2012-01-08 14:29 . 2012-01-08 14:29 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-08 14:29 . 2012-01-08 14:29 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-08 14:29 . 2012-01-08 14:29 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-08 14:29 . 2012-01-08 14:29 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 15:04 . 2012-01-11 23:24 -------- d-----w- c:\program files (x86)\Inbox
2012-01-07 14:51 . 2012-01-07 15:35 -------- d-----w- c:\program files (x86)\FoxTab
2012-01-02 18:12 . 2012-01-02 18:12 -------- d-----w- c:\programdata\Tarma Installer
2012-01-02 18:12 . 2012-01-02 18:12 -------- d-----w- c:\programdata\WeCareReminder
2012-01-02 18:12 . 2012-01-02 18:12 -------- d-----w- c:\programdata\Sendori
2012-01-02 18:12 . 2012-01-02 18:12 -------- d-----w- c:\program files (x86)\Sendori
2011-12-21 17:35 . 2012-01-01 16:40 -------- d-----w- c:\users\jerry9947\AppData\Roaming\Systweak
2011-12-21 17:35 . 2011-07-07 19:08 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-12-21 15:44 . 2011-12-21 15:45 -------- d-----w- c:\users\Darlene
2011-12-19 15:11 . 2011-12-19 14:58 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-12-19 15:11 . 2011-12-19 14:58 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-12-19 15:11 . 2011-12-19 14:58 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-12-19 15:11 . 2011-12-19 14:58 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-19 14:58 . 2011-12-19 15:30 -------- d-----w- c:\program files\Trend Micro
2011-12-18 14:18 . 2012-01-08 19:57 -------- d-----w- c:\program files (x86)\Application Updater
2011-12-18 14:18 . 2011-12-18 14:18 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2011-12-14 23:09 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:09 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:09 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:09 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 23:09 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:09 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 01:20 . 2011-12-14 01:21 -------- d-----w- c:\program files\iTunes
2011-12-14 01:20 . 2011-12-14 01:21 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 01:20 . 2011-12-14 01:20 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 13:14 . 2011-05-29 16:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 21:46 . 2011-11-25 21:43 111616 ----a-w- c:\windows\SysWow64\6I2N6ULnM.com_
2011-11-20 18:28 . 2011-11-20 18:28 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-11-20 18:28 . 2011-11-20 18:28 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-29_01.07.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-27 14:40 . 2011-12-27 14:40 13360 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-11 23:55 . 2012-01-11 23:55 13360 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-15 18:11 . 2012-01-11 13:48 54126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-11 13:48 29092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-16 00:01 . 2012-01-11 13:48 13020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4079007757-3302140481-631283217-1000_UserData.bin
+ 2010-08-15 17:47 . 2012-01-11 15:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-15 17:47 . 2011-12-28 18:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-15 17:47 . 2011-12-28 18:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 15:32 . 2012-01-11 15:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-28 18:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-11 15:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-11 13:48 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-10 23:13 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-10 23:13 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-10-18 12:53 . 2011-10-18 12:53 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-10-18 22:23 . 2011-12-29 20:55 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut4_1.exe
- 2010-10-18 22:23 . 2010-10-19 01:38 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut4_1.exe
+ 2010-10-18 22:23 . 2011-12-29 20:55 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut4.exe
- 2010-10-18 22:23 . 2010-10-19 01:38 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut4.exe
- 2010-10-18 22:23 . 2010-10-19 01:38 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut3.exe
+ 2010-10-18 22:23 . 2011-12-29 20:55 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut3.exe
+ 2010-10-18 22:23 . 2011-12-29 20:55 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut1_1.exe
- 2010-10-18 22:23 . 2010-10-19 01:38 40960 c:\windows\Installer\{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}\NewShortcut1_1.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 55176 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\UNINST_Uninstall_D_4299976C1167441FA07CEF9926E410B1.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ProductName.chm.de_D066A77819B7480BA99CC79FB02C9357.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\NewShortcut7_093EA01C878D4FB8BBB75CF2AF29E7A1.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriversHQ.DriverDe_84B8F33B3EBF407BAC7CF7FF8090594C.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriversHQ.DriverDe_73EA94828B1A467994E24B03923D8FFE.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.pt_6CF114D33913468CBA2AA6967939B819.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.it_251B66F1CA924E82A1EE29E85D5EC5A1.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.fr_E1678746353A46E3A9150D3E8B3832B1.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.es_654C8EA5162D4D4084239A5EDD67F462.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\DriverDetective.ch_571875AB094D409B841CA52363CEAF75.exe
+ 2011-01-15 14:23 . 2012-01-08 18:26 75656 c:\windows\Installer\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}\ARPPRODUCTICON.exe
+ 2012-01-11 14:32 . 2012-01-11 14:32 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 94720 c:\windows\assembly\NativeImages_v2.0.50727_64\ExceptionLogging\267bd23e278bca4dbbaf57dbb6a466df\ExceptionLogging.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2012-01-02 18:15 . 2012-01-02 18:15 59392 c:\windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\f31bff21ada7f5864c6bca9d908bd7a1\ExceptionLogging.ni.dll
+ 2012-01-11 23:56 . 2012-01-11 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-27 14:41 . 2011-12-29 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 23:56 . 2012-01-11 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-27 14:41 . 2011-12-29 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-06 13:14 . 2012-01-06 13:14 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe
- 2009-07-14 04:54 . 2011-12-28 19:56 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-08 18:10 704512 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-16 17:59 . 2011-12-29 19:22 317594 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-12-27 14:45 636126 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-11 13:51 636126 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-11 13:51 110584 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-27 14:45 110584 c:\windows\system32\perfc009.dat
+ 2012-01-06 13:14 . 2012-01-06 13:14 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_Plugin.exe
+ 2009-07-14 05:01 . 2012-01-11 23:55 277260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-27 14:40 277260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 11:47 . 2011-12-26 11:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-10 23:13 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-10 23:13 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 208384 c:\windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\1c96124844e3c1c3f53239d9a2afbdf1\XPBurnComponent.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\f715b47c2f0440ea23a71f1076b0af2b\System.Web.Routing.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\d258f45340e6e538a19a56d1165b750f\System.Web.Entity.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\6f6d11e33e2f3f6bddd4c33809340a48\System.Web.Entity.Design.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\bca38e802e2b45f80f8fbde2b54ce0a2\System.Web.DynamicData.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\0e411c30fc2caebb55813b8fa0689d42\System.Web.Abstractions.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 451584 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\dd1d18f5667a490132deeffd34532884\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 226304 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\76a438f1ae5b2eb258f121d118a1bfbb\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 436736 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Practices#\0dd5f4904ff5ebfc5f35dc38d99374ab\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 332288 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\f95a765cfcb9cd2cc3d4aa59eeb6c0dd\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 332288 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Applicati#\850a5f635edff6a13b8876270438947f\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 660992 c:\windows\assembly\NativeImages_v2.0.50727_64\Interop.WUApiLib\4997f5e987d7a2399391418106c15383\Interop.WUApiLib.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 714240 c:\windows\assembly\NativeImages_v2.0.50727_64\ICSharpCode.SharpZi#\0b34dfa7ef6063cbf5fabf8d6a2eed38\ICSharpCode.SharpZipLib.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 579072 c:\windows\assembly\NativeImages_v2.0.50727_64\Agent.Communication\6f2a46877905f821299db77c09343df2\Agent.Communication.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 579584 c:\windows\assembly\NativeImages_v2.0.50727_64\Agent.Communication\1126c536a8320dc631094a1a507c95ae\Agent.Communication.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 479232 c:\windows\assembly\NativeImages_v2.0.50727_64\Agent.Common\90382571db4198f1367cd9dce0088ee3\Agent.Common.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\329019fd5a84e532efc88250db9ed5da\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e63f072f12ca1a4a1a8c99512fa54370\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88356232fa6d15629a0b7224aaa22297\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8041474a243d46b192991297460fb304\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8e576ae7d946a5440bddfdbe06818a8b\System.Web.Routing.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\5bd4f855a0b0386cb4baf093216ad2d3\System.Web.Extensions.Design.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\8d56e2f2a05dbde707d87cb3bdf0dffc\System.Web.Entity.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f560658d9ee6d2786cab976e775758d6\System.Web.Entity.Design.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\e94f08faeb08a8ee9d51a3480083bd07\System.Web.DynamicData.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\2dc7ec41005f6e6fe45e0cc0a20a12bc\System.Web.Abstractions.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 763392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\e6fa2be533d9e540ccafe51980ae0103\System.Data.Entity.Design.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\d8a835e351090d51975b7667e8b4a01a\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 230912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\bfc2b64f232c3b6b200f495bdce84aff\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2012-01-02 22:31 . 2012-01-02 22:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\205cb4c0168354cd5d1a8766c42e6392\Interop.WUApiLib.ni.dll
+ 2012-01-02 18:15 . 2012-01-02 18:15 547840 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\22f073343ad03e91fc4a4bb6adb7b730\ICSharpCode.SharpZipLib.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 378880 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\4f3c12af8e7a889944b627415625b08d\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 410624 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\692be249ac5aeaa3befe597e7f41bd3b\Agent.Communication.ni.dll
+ 2012-01-02 18:15 . 2012-01-02 18:15 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\3674b39c3abfe088e0337706d9031842\Agent.Communication.ni.dll
+ 2012-01-02 22:31 . 2012-01-02 22:31 352768 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\500911a1d9d4f8a24525c83fc0d6594b\Agent.Common.ni.dll
+ 2011-03-25 14:56 . 2012-01-06 13:14 8527008 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 04:54 . 2012-01-08 18:10 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-28 19:56 5931008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2011-12-19 13:49 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-11 13:48 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-21 18:00 . 2011-12-29 21:03 5611728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4079007757-3302140481-631283217-1003-8192.dat
+ 2011-06-06 13:08 . 2012-01-07 15:21 2237791 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4079007757-3302140481-631283217-1000-12288.dat
+ 2012-01-10 23:13 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-10 23:13 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-18 12:53 . 2011-10-18 12:53 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-11 00:11 . 2012-01-11 00:11 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-26 12:24 . 2011-12-26 12:24 8835072 c:\windows\Installer\251d877.msp
+ 2012-01-02 18:14 . 2012-01-02 18:14 2864128 c:\windows\Installer\1261bb0.msi
+ 2011-12-07 10:33 . 2011-12-07 10:33 4411392 c:\windows\Installer\1261b96.msi
+ 2012-01-11 14:32 . 2012-01-11 14:32 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\455567dae39910d806447b77ee657a85\System.WorkflowServices.ni.dll
+ 2012-01-11 13:50 . 2012-01-11 13:50 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-11 13:50 . 2012-01-11 13:50 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-11 13:49 . 2012-01-11 13:49 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-11 13:49 . 2012-01-11 13:49 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\91ecefc70d74ed44e5139ea2929adbb8\System.Web.Mobile.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\71da5a6d09e12eb94be32935e4a8d5a2\System.Web.Extensions.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\2bb91a2edcc92d2bb79007e7d2ddc2ae\System.Web.Extensions.Design.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\3a6ac85c04453976c0f3a7c6a64ec43a\System.ServiceModel.Web.ni.dll
+ 2012-01-11 13:49 . 2012-01-11 13:49 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-11 14:30 . 2012-01-11 14:30 1444352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\1f90d38a42906a776be313d9720e350d\System.IdentityModel.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 2805760 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\1d2c369d8e2d6f95c99ca90aca273418\System.Data.Services.ni.dll
+ 2012-01-11 14:32 . 2012-01-11 14:32 1080320 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\b7bd7d91dc9abd73f2506bb7a0292373\System.Data.Entity.Design.ni.dll
+ 2012-01-11 14:31 . 2012-01-11 14:31 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\53fcf7f34708a9482d3e4059ce29608c\MIGUIControls.ni.dll
+ 2012-01-11 14:30 . 2012-01-11 14:30 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\486ff8cee09c8c63aa9c60ff4f5feafa\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 14:31 . 2012-01-11 14:31 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\b68f19bf3f3d545547d2b680eb54a660\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-11 14:31 . 2012-01-11 14:31 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\7e81f50c34dec17b90bfebec5929853a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-11 14:30 . 2012-01-11 14:30 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\65a892a923b49b062bd8fc97254940d3\Microsoft.MediaCenter.ni.dll
+ 2012-01-11 14:31 . 2012-01-11 14:31 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\33fd1381f221898a53253303cb7e5380\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 1607680 c:\windows\assembly\NativeImages_v2.0.50727_64\Common\d47169d069e4c6ef4ae827009962beac\Common.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 1607680 c:\windows\assembly\NativeImages_v2.0.50727_64\Common\4cbaa1944aece6da34a5255a854db1c9\Common.ni.dll
+ 2012-01-02 18:16 . 2012-01-02 18:16 6023168 c:\windows\assembly\NativeImages_v2.0.50727_64\Agent\f57d08eee715edfbd755a798778df1b3\Agent.ni.exe
+ 2012-01-11 14:29 . 2012-01-11 14:29 6023168 c:\windows\assembly\NativeImages_v2.0.50727_64\Agent\b04dae4b508dd46727e2d5cbfea76c83\Agent.ni.exe
+ 2012-01-11 14:28 . 2012-01-11 14:28 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bf97fca65714c5ce6abf41a66559a5a4\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70cc5644c899b46fe24cac51d1f4be33\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\a612958eaf641f0ba83b0daae44cb7b1\System.WorkflowServices.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 4515840 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\00b0a14ef5cb0154db7989da39a7f1e5\System.Workflow.ComponentModel.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\54873f241a4ad6d2a13e48d2da444538\System.Workflow.Activities.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d957ec1fb12ff02282a7f73d6318b66b\System.Web.Mobile.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a90f033a5a062ff29f7df8f9edc1a80c\System.Web.Extensions.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 1707008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\828e31a37bfd9d432083be6307845630\System.ServiceModel.Web.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 1083392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c0d9df88f2b37d14cf416281364c5b7f\System.IdentityModel.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 2029568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\76e676a9b6387aad5544d61a4ac12a78\System.Data.Services.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\20d18697deb8413c01119531c6b987ad\MIGUIControls.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\695508ea67706e5f66208cabe5363099\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5662462cfa995c71817791af93686db2\Microsoft.MediaCenter.ni.dll
+ 2012-01-11 14:29 . 2012-01-11 14:29 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4676e3f99469bd1120f8aed9cf37e4d2\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-02 18:15 . 2012-01-02 18:15 1150464 c:\windows\assembly\NativeImages_v2.0.50727_32\Common\c001bf24ae7ee4a89426483414ac926b\Common.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 1150464 c:\windows\assembly\NativeImages_v2.0.50727_32\Common\8a88517f36449edd727ab6575e59e821\Common.ni.dll
+ 2012-01-02 22:31 . 2012-01-02 22:31 5005824 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent\ff751984fe99af6fb6c383cd1b5a584c\Agent.ni.exe
+ 2012-01-11 14:28 . 2012-01-11 14:28 5004800 c:\windows\assembly\NativeImages_v2.0.50727_32\Agent\bff6806c8327146f74b1b19afd376ff4\Agent.ni.exe
- 2011-07-07 13:03 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-10 23:13 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-10 23:13 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-10 23:13 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-07-14 04:54 . 2011-12-28 19:56 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-08 18:10 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-06 13:14 . 2012-01-06 13:14 11336864 c:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
+ 2010-11-02 00:23 . 2012-01-11 23:55 25732612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4079007757-3302140481-631283217-1000-8192.dat
+ 2012-01-11 13:49 . 2012-01-11 13:49 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-11 14:30 . 2012-01-11 14:30 23913984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\4bf05a9a1aebde89033c40b9e51af495\System.ServiceModel.ni.dll
+ 2012-01-11 13:49 . 2012-01-11 13:49 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
+ 2012-01-11 14:31 . 2012-01-11 14:31 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\897b2e70eb1754bf8c557fadd93faf98\ehshell.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
+ 2012-01-11 14:28 . 2012-01-11 14:28 17478656 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7bc7e33d4568a214f226cdb6a161a37a\System.ServiceModel.ni.dll
+ 2012-01-11 13:48 . 2012-01-11 13:48 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\70f9f6de6dc9611157ed563bdb4e79a4\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2010-10-20 20480]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"CrawlerMail"="c:\progra~2\inbox\cmail.exe" [2011-09-13 1403904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-20 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\jerry9947\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Harmony Monitor.lnk - c:\program files (x86)\Logitech\Harmony Remote\EasyZapperMonitor.exe [2004-1-20 81920]
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-10-20 450560]
Sendori Tray Icon.lnk - c:\program files (x86)\Sendori\SendoriTray.exe [2011-12-1 76096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 136176]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 Sendori;Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2011-12-01 98624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 16:15]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 16:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=70001
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=tst02&cd=2XzutAtN2Y1L1Qzu0Bzz0A0CyC0F0ByCtD0ByC0E0FtByEyBzztN0D0TzutBtDtCtBtDtCtDyB&cr=208930254
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: Inbox Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{4BBD466E-29DF-47E1-854E-7FB1DF455457}: NameServer = 216.146.35.240,216.146.36.240,192.168.11.1
TCP: Interfaces\{4BBD466E-29DF-47E1-854E-7FB1DF455457}\2375942554530313: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4BBD466E-29DF-47E1-854E-7FB1DF455457}\458656028496464656E6: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\jerry9947\AppData\Roaming\Mozilla\Firefox\Profiles\3mbasaiy.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extentions.y2layers.installId - 0eca8086-a4df-4b41-a579-23e03f4448d8
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4079007757-3302140481-631283217-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-01-11 18:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 00:01
ComboFix2.txt 2011-12-29 22:38
ComboFix3.txt 2011-12-29 01:33
.
Pre-Run: 678,414,249,984 bytes free
Post-Run: 678,345,158,656 bytes free
.
- - End Of File - - 12E3068B99BF6DE0970EF91E0E532FA8

#26 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 11 January 2012 - 09:11 PM

restart the computer and it will clearup and then let me know how the computer is doing


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#27 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 11 January 2012 - 11:24 PM

Thanks for responding so quickly. He's already sleeping, so I'll try to check on it before I leave in the morning. (The computer is in his room).

#28 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 12 January 2012 - 12:14 AM

ok I will check with you in the morning


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#29 Chantel721

Chantel721
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 13 January 2012 - 01:00 PM

OK. Everything seems to be working fine after the restart. He says he can open the browsers, sees no error messages, and he can get to the sites he wants to visit. Thanks so much for helping with this.

#30 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 PM

Posted 13 January 2012 - 03:44 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users