Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restricted Permissions, Redirects, Hidden Files -- Oh my!


  • This topic is locked This topic is locked
28 replies to this topic

#1 Krysis09

Krysis09

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 January 2012 - 02:51 PM

Hey there,

thanks a lot for taking some time out of your day(s) to help me resolve this pesky Virus/Malware problem that I have been having for way too long. I've done multiple virus scans (via MalwareBytes in Safe Mode), deleted and quarantined many-a trojans, but it seems problems keep coming up. Below you will find the DDS.txt file contents. I am running a 64-bit version of Windows (7), so I do not have the GMER log file. Some symptoms include:

1. I get a popup upon starting Windows that some file: "{5ADFIAH-AOIFAD-AERAUAE-AEUAFADF}.avi" (not exactly that filename, but similar) failed to start.
2. Google Redirects and random tabs being opened (in Firefox) to "9 News Today" website.
3. Permissions errors stating that I can not write to some file, or edit the registry, or read from some file, etc. even though I am logged in as the Administrator account.
3b. Can not launch Windows Firewall because of these permissions issues.

Thanks again.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Obeans at 14:42:17 on 2012-01-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1241 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Apache2\bin\httpd.exe
c:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Apache2\bin\httpd.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Obeans\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Obeans\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Obeans\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\atibtmon.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\cbService.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:60303
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [AdobeBridge]
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [CubeDesktop]
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Akamai NetSession Interface] "C:\Users\Obeans\AppData\Local\Akamai\netsession_win.exe"
uRun: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
dRun: [5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi", start minimized
StartupFolder: C:\Users\Obeans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\5FF4DD~1.LNK - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: play.net\*
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}\0484F6D65613736424 : DhcpNameServer = 192.168.0.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}\05275636963796F6E6024557E65637 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}\7554354583035353 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}\C4140545F40513 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}\E4163686F602E4564777F627B6 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60303
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\Obeans\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Obeans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-4-2 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 Apache2.2;Apache2.2;C:\Apache2\bin\httpd.exe [2011-7-9 18432]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2012-1-21 67584]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CobianBackup10;Cobian Backup 10;C:\Program Files (x86)\Cobian Backup 10\cbService.exe [2012-1-21 1125376]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-5 338168]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2011-4-17 118128]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2011-4-17 126392]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-3-22 2271608]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-9 136176]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-9 136176]
S3 InventoriaService;Inventoria Stock Manager;C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe [2011-9-27 1384964]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-01-21 19:11:23 -------- d-----w- C:\Users\Obeans\AppData\Local\Safe mirror
2012-01-21 19:05:05 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2012-01-21 18:16:58 -------- d-----w- C:\Users\Obeans\AppData\Local\{360A93A4-E4A0-4503-BAB2-AB7D08C3D472}
2012-01-21 18:16:45 -------- d-----w- C:\Users\Obeans\AppData\Local\{3ECC1F63-AAB4-48EF-9D2F-793FCF45CA52}
2012-01-21 14:06:16 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-21 03:04:42 -------- d-----w- C:\Users\Obeans\AppData\Local\{A0448609-79FB-483A-A82F-C7FC99048686}
2012-01-21 03:04:29 -------- d-----w- C:\Users\Obeans\AppData\Local\{0FEA8A5B-F130-4A14-B107-B79257DAE315}
2012-01-21 02:11:45 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-21 02:11:45 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-20 14:00:56 -------- d-----w- C:\Users\Obeans\AppData\Local\{250F1BC6-4809-4616-B76F-2DCE2233811D}
2012-01-20 13:07:43 -------- d-----w- C:\Users\Obeans\AppData\Local\{98574683-2C07-4FD5-A777-304BE048DDF6}
2012-01-20 13:07:29 -------- d-----w- C:\Users\Obeans\AppData\Local\{6EE23CEA-D432-438A-BED0-1BF26002DFCA}
2012-01-19 05:36:29 -------- d--h--w- C:\Users\Obeans\AppData\Local\{D0E7A6DD-69A9-4525-A1FD-EC1161B86676}
2012-01-19 05:36:16 -------- d--h--w- C:\Users\Obeans\AppData\Local\{D637C262-5C3B-4B05-B94C-1E74CF39F887}
2012-01-16 08:50:13 -------- d--h--w- C:\Users\Obeans\AppData\Local\{CAF44FF4-A6E5-4D0E-BB08-AF53791DEC73}
2012-01-16 08:49:58 -------- d--h--w- C:\Users\Obeans\AppData\Local\{C983F39B-7603-4ABC-AAE0-7D36ACB0C19E}
2012-01-12 12:43:52 -------- d--h--w- C:\Users\Obeans\AppData\Local\{501CFEFB-4320-45E9-B8FC-1194220A4C0F}
2012-01-12 12:43:39 -------- d--h--w- C:\Users\Obeans\AppData\Local\{3AC00F3A-9AF2-47C0-95E2-599B6C74CAC6}
2012-01-09 12:58:21 -------- d--h--w- C:\Users\Obeans\AppData\Local\{DA44BBC6-C2DE-44A5-A1A4-93BDE1775966}
2012-01-09 12:58:01 -------- d--h--w- C:\Users\Obeans\AppData\Local\{4CF3C1A9-3D55-4F02-BD66-AFD065E78F84}
2012-01-06 22:42:17 -------- d--h--w- C:\Users\Obeans\AppData\Local\{72F63494-AA3A-479D-8B20-2EF36219B01C}
2012-01-06 04:23:56 -------- d--h--w- C:\Users\Obeans\AppData\Local\{E6D7DC6F-9AFA-44EB-B240-34DA765BAC82}
2012-01-06 04:23:41 -------- d--h--w- C:\Users\Obeans\AppData\Local\{CE82DD6B-B897-4089-BC6F-C712B9E31752}
2012-01-06 04:10:08 -------- d--h--w- C:\Users\Obeans\AppData\Local\{FF67B3E2-E865-4AEA-BC67-851DD9D2DBFE}
2012-01-05 12:36:10 -------- d--h--w- C:\Users\Obeans\AppData\Local\{34F5A952-39FB-4DF5-BA44-9FF92694970C}
2012-01-05 12:35:56 -------- d--h--w- C:\Users\Obeans\AppData\Local\{26869E84-0A73-410D-BE18-A751A312E248}
2012-01-04 03:28:07 -------- d--h--w- C:\Users\Obeans\AppData\Local\{2207894C-8443-454A-8F08-E7D6716EADD6}
2012-01-04 03:27:55 -------- d--h--w- C:\Users\Obeans\AppData\Local\{CCAB685C-E97C-47FD-890A-102BA04F41EB}
2012-01-03 23:39:43 -------- d--h--w- C:\Users\Obeans\AppData\Roaming\Uwofqa
2012-01-03 23:39:43 -------- d--h--w- C:\Users\Obeans\AppData\Roaming\May
2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 12:36:34 -------- d--h--w- C:\Users\Obeans\AppData\Local\{A476ACF0-B347-47FB-B997-6DBDDB730550}
2012-01-03 12:36:22 -------- d--h--w- C:\Users\Obeans\AppData\Local\{4BF5D3BC-6C85-4509-8108-E862D128CEAD}
2012-01-03 01:30:04 -------- d--h--w- C:\ProgramData\PC Tools
2012-01-03 01:30:04 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-01-03 01:30:04 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-01-03 00:16:13 -------- d--h--w- C:\Users\Obeans\AppData\Local\{E0D39ECA-EB0E-4ADE-A60F-25815F39C13C}
2012-01-03 00:15:54 -------- d--h--w- C:\Users\Obeans\AppData\Local\{5401EA6E-2CBF-49A8-B52C-CF31C9DDE1A0}
2012-01-01 16:07:23 -------- d--h--w- C:\Users\Obeans\AppData\Local\{473C4BCB-A12C-43AE-A09B-DECE8B62A381}
2012-01-01 16:07:10 -------- d--h--w- C:\Users\Obeans\AppData\Local\{B2EC3137-EA74-43C4-9D0F-D61D49EFE044}
2011-12-31 15:31:11 -------- d--h--w- C:\Users\Obeans\AppData\Local\{4F2363FC-2A30-45FD-8FA7-144097DB4023}
2011-12-31 15:30:58 -------- d--h--w- C:\Users\Obeans\AppData\Local\{10FEDD13-179A-4860-BB90-7DE0353D5652}
2011-12-30 18:41:18 -------- d--h--w- C:\Users\Obeans\360Works
2011-12-30 16:04:37 -------- d--h--w- C:\Users\Obeans\AppData\Local\Citrix
2011-12-30 15:03:45 -------- d--h--w- C:\Users\Obeans\Version Control
2011-12-30 14:56:14 -------- d--h--w- C:\Users\Obeans\AppData\Roaming\.purple
2011-12-30 14:53:07 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-12-30 14:49:40 -------- d--h--w- C:\Users\Obeans\.IntelliJIdea10
2011-12-30 14:41:37 -------- d-----w- C:\Program Files (x86)\JetBrains
2011-12-29 01:34:31 -------- d--h--w- C:\Users\Obeans\AppData\Local\{949B91F1-879E-4597-96A7-17E1A9ABE17D}
2011-12-29 01:34:18 -------- d--h--w- C:\Users\Obeans\AppData\Local\{11ED15FD-7F58-4473-83EB-587DDC8A7B7A}
2011-12-28 02:24:20 -------- d--h--w- C:\Users\Obeans\AppData\Local\{814E2787-102E-4FB7-832A-8E13A0254A18}
2011-12-27 14:23:49 -------- d--h--w- C:\Users\Obeans\AppData\Local\{09C73DFB-05A9-4BF5-9FF2-6D9BD7373B56}
2011-12-27 14:23:33 -------- d--h--w- C:\Users\Obeans\AppData\Local\{44061EC3-6377-4689-8609-339E7B5ABE07}
2011-12-26 18:39:32 -------- d--h--w- C:\Users\Obeans\AppData\Local\{A47EF81E-6387-4197-BF81-808A0508588D}
2011-12-26 18:39:16 -------- d--h--w- C:\Users\Obeans\AppData\Local\{3B9B9487-618F-4912-9466-653162C5A683}
2011-12-23 15:01:02 -------- d--h--w- C:\Users\Obeans\AppData\Local\{D2504ED2-B301-4E05-BEAB-7FDBD1A22466}
2011-12-23 15:00:46 -------- d--h--w- C:\Users\Obeans\AppData\Local\{FA92B5A4-5480-46A2-82AA-23C30E7DB751}
.
==================== Find3M ====================
.
2011-12-04 01:49:27 116224 ----a-w- C:\Windows\SysWow64\1Wk42.com_
2011-12-03 23:24:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-10 03:45:30 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-10 03:39:50 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-11-10 03:39:44 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-11-10 03:39:36 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-11-10 03:39:32 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-11-10 03:39:22 17442304 ----a-w- C:\Windows\System32\amdocl64.dll
2011-11-10 03:38:40 14375936 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-11-10 03:37:50 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-11-10 03:37:46 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-11-10 03:20:50 25218048 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-10 03:17:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-10 03:16:56 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-10 03:15:20 927232 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-10 03:12:24 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-10 03:12:10 516608 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-10 03:11:32 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-10 03:10:18 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-10 03:09:58 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-10 03:09:52 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-10 03:09:40 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-10 03:09:34 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-10 03:09:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-10 03:09:24 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-10 03:06:20 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-10 02:58:20 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-10 02:51:18 7405056 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-10 02:40:52 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-10 02:40:18 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-10 02:40:04 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-10 02:34:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-10 02:34:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-10 02:34:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-10 02:34:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-10 02:34:28 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-10 02:33:52 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-10 02:29:58 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-10 02:29:46 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-10 02:24:26 7439360 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-10 02:18:44 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-10 02:13:32 494592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-10 02:13:22 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-10 02:13:08 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-10 02:13:04 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-10 02:13:00 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-10 02:12:52 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-10 02:12:44 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-10 02:11:54 41984 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-10 02:11:46 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-10 02:11:40 39424 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-10 02:11:32 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-10 02:11:32 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-10 02:11:26 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-10 02:10:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-30 13:07:58 2219008 ----a-w- C:\Windows\bsdsetup.dll
2011-10-26 05:25:16 1572864 ----a-w- C:\Windows\System32\quartz.dll
2011-10-26 05:25:15 366592 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-26 04:32:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2011-10-26 04:32:11 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:44:19.45 ===============

Edited by Krysis09, 21 January 2012 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 24 January 2012 - 01:46 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 24 January 2012 - 07:50 AM

Hey Gringo! Thanks for replying to my topic.

I downloaded ComboFix and was about to run it when it told me I was still running Microsoft Security Essentials -- even though I have deleted it from my programs list (Add and Remove Programs). I don't have the program running as a task and I didn't see any processes that resembled the MSE application. Should I just continue and run ComboFix, or is there something that's still running MSE somewhere, somehow?

Thanks,

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 24 January 2012 - 08:04 AM

Yes just continue


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 24 January 2012 - 10:02 AM

Hey Gringo,

Ran ComboFix but now I am unable to run any program on that computer. I get the error that "The program uses a registry file that has been marked for deletion." This error pops up for everything, Firefox, Internet Explorer, Google Chrome, and all other applications. Either way, here is the ComboFix log:


ComboFix 12-01-23.02 - Obeans 01/24/2012 8:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2298 [GMT -5:00]
Running from: c:\users\Obeans\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Obeans\AppData\Local\assembly\tmp
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{2e686067-8198-4b10-914b-f37dfa572e5e}
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{2e686067-8198-4b10-914b-f37dfa572e5e}\chrome.manifest
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{2e686067-8198-4b10-914b-f37dfa572e5e}\chrome\xulcache.jar
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{2e686067-8198-4b10-914b-f37dfa572e5e}\defaults\preferences\xulcache.js
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{2e686067-8198-4b10-914b-f37dfa572e5e}\install.rdf
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{f4e0d4df-438a-4b56-bf9b-ba7d9859a62e}
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{f4e0d4df-438a-4b56-bf9b-ba7d9859a62e}\chrome.manifest
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{f4e0d4df-438a-4b56-bf9b-ba7d9859a62e}\chrome\xulcache.jar
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{f4e0d4df-438a-4b56-bf9b-ba7d9859a62e}\defaults\preferences\xulcache.js
c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{f4e0d4df-438a-4b56-bf9b-ba7d9859a62e}\install.rdf
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 13:30 . 2012-01-24 13:30 -------- d-----w- c:\users\SQL2008SBSDE\AppData\Local\temp
2012-01-24 13:30 . 2012-01-24 13:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 02:17 . 2012-01-24 02:18 -------- d-----w- c:\program files\iTunes
2012-01-24 02:17 . 2012-01-24 02:17 -------- d-----w- c:\program files\iPod
2012-01-21 19:11 . 2012-01-21 19:11 -------- d-----w- c:\users\Obeans\AppData\Local\Safe mirror
2012-01-21 19:05 . 2012-01-21 19:11 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-01-21 14:06 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 02:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-21 02:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 23:39 . 2012-01-04 00:10 -------- d--h--w- c:\users\Obeans\AppData\Roaming\Uwofqa
2012-01-03 23:39 . 2012-01-03 23:53 -------- d--h--w- c:\users\Obeans\AppData\Roaming\May
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-01-03 01:30 . 2012-01-03 01:30 -------- d--h--w- c:\programdata\PC Tools
2011-12-30 18:41 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\360Works
2011-12-30 16:04 . 2011-12-30 16:04 -------- d--h--w- c:\users\Obeans\AppData\Local\Citrix
2011-12-30 15:03 . 2011-12-30 15:15 -------- d--h--w- c:\users\Obeans\Version Control
2011-12-30 14:56 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\AppData\Roaming\.purple
2011-12-30 14:53 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Pidgin
2011-12-30 14:49 . 2011-12-30 14:49 -------- d--h--w- c:\users\Obeans\.IntelliJIdea10
2011-12-30 14:41 . 2011-12-30 14:41 -------- d-----w- c:\program files (x86)\JetBrains
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 01:49 . 2011-12-04 01:25 116224 ----a-w- c:\windows\SysWow64\1Wk42.com_
2011-12-03 23:24 . 2011-06-25 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 04:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2010-11-26 02:58 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-11-26 02:57 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2010-11-26 02:49 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2010-04-16 13:55 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2010-04-16 13:32 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2010-04-16 13:45 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2010-04-16 13:25 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2010-04-16 13:39 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2010-04-16 13:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2010-04-16 13:10 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2010-11-26 02:15 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2010-04-16 13:10 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2010-04-16 13:10 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-05 05:32 . 2011-12-14 04:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 04:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 12:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-30 13:07 . 2011-11-05 03:35 2219008 ----a-w- c:\windows\bsdsetup.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-12 3077528]
"Akamai NetSession Interface"="c:\users\Obeans\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
R3 65374252;65374252; [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 InventoriaService;Inventoria Stock Manager;c:\program files (x86)\NCH Software\Inventoria\inventoria.exe [2011-09-27 1384964]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Apache2.2;Apache2.2;c:\apache2\bin\httpd.exe [2011-05-21 18432]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2010-11-05 118128]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2009-08-24 126392]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\At10.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At12.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At14.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At16.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At18.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At2.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At20.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At22.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At24.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At26.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At28.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At30.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At32.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At34.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At36.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At38.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At4.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At40.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At42.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At44.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At46.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At48.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At6.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At8.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001Core.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001UA.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForObeans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-02 487424]
"combofix"="c:\combofix\CF11371.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:60303
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: play.net\*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60303
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-CubeDesktop - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-UnityWebPlayer - c:\users\Obeans\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AE82E1E-79A1-9C5F-D703-AB3CAF7349B0}*]
"hamnijcjcaffmkef"=hex:6e,62,6a,65,69,6c,6f,62,6b,62,61,6f,64,65,70,69,67,69,
6e,64,63,6f,70,66,64,66,67,66,70,64,63,6d,62,6b,62,6b,66,6c,67,6b,69,65,6b,\
"jamnijcjcaffmkefajod"=hex:66,61,6a,65,6f,6c,64,70,6f,6c,69,6c,00,00
"paekgpeggioeenfpecfmenigjbjnpngm"=hex:63,61,6b,65,65,65,00,00
.
[HKEY_USERS\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF58BA63-8222-22C6-9733-E5C17DDAF443}*]
"hahnfjjekmlmaeck"=hex:6e,62,65,66,6f,69,6f,63,61,68,63,61,65,69,66,6a,6e,70,
6b,6b,68,63,6b,6a,68,6f,66,70,6b,65,70,6e,64,66,6f,65,64,6f,6c,61,68,61,65,\
"jahnfjjekmlmaeckeokl"=hex:66,61,65,66,61,6a,6a,66,65,66,66,6e,00,1e
"papkempfbpllpepcnclnpahecpccfion"=hex:65,61,65,66,70,69,6b,66,69,69,00,6e
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2012-01-24 08:44:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 13:44
.
Pre-Run: 197,435,101,184 bytes free
Post-Run: 200,197,939,200 bytes free
.
- - End Of File - - B6F0EF255CF5DE5E4E1B4E3163CF85B1

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 24 January 2012 - 05:53 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

AtJob::

File::
c:\windows\SysWow64\1Wk42.com_

Folder::
c:\users\Obeans\AppData\Roaming\Uwofqa
c:\users\Obeans\AppData\Roaming\May
c:\program files (x86)\Hotspot Shield
c:\program files (x86)\Microsoft\BingBar

Driver::
65374252
hshld
HssWd

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:60303

Firefox::
FF - ProfilePath - c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60303

RegNull::
[HKEY_USERS\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6AE82E1E-79A1-9C5F-D703-AB3CAF7349B0}*]
[HKEY_USERS\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF58BA63-8222-22C6-9733-E5C17DDAF443}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 24 January 2012 - 11:54 PM

Here's the ComboFix log. One problem I am still noticing is that I am still getting these permissions errors. When I open a program that may write or read from some folder, it gives an error. Or maybe a program that needs to update/clear old files -- permissions issues. Any ideas?

P.s. The ComboFix log was too long to post (because of the bingbar deletions). I cut some in this post, but I can attach the full log if needed.

ComboFix 12-01-23.02 - Obeans 01/24/2012 22:52:45.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2280 [GMT -5:00]
Running from: c:\users\Obeans\Downloads\ComboFix.exe
Command switches used :: c:\users\Obeans\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\1Wk42.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Hotspot Shield
c:\program files (x86)\Hotspot Shield\bin\curl-ca-bundle.crt
c:\program files (x86)\Hotspot Shield\bin\FBW.exe
c:\program files (x86)\Hotspot Shield\bin\ffinst.exe
c:\program files (x86)\Hotspot Shield\bin\hssinst.dll
c:\program files (x86)\Hotspot Shield\bin\HssInstaller.exe
c:\program files (x86)\Hotspot Shield\bin\HssInstaller64.exe
c:\program files (x86)\Hotspot Shield\bin\HssTrayService.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Hotspot Shield\bin\lang\gui-ara.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-bur.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-chi.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-fre.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-ger.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-per.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-rus.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-spa.dll
c:\program files (x86)\Hotspot Shield\bin\lang\gui-vie.dll
c:\program files (x86)\Hotspot Shield\bin\libcurl.dll
c:\program files (x86)\Hotspot Shield\bin\libeay32.dll
c:\program files (x86)\Hotspot Shield\bin\libidn-11.dll
c:\program files (x86)\Hotspot Shield\bin\libpkcs11-helper-1.dll
c:\program files (x86)\Hotspot Shield\bin\libssl32.dll
c:\program files (x86)\Hotspot Shield\bin\msvcr90.dll
c:\program files (x86)\Hotspot Shield\bin\openvpn.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
c:\program files (x86)\Hotspot Shield\bin\tapinstall.exe
c:\program files (x86)\Hotspot Shield\bin\vistahlp.dll
c:\program files (x86)\Hotspot Shield\config\config.hvpn
c:\program files (x86)\Hotspot Shield\config\hss_data\00f4176d662d5d7606694fb3ff4d9d16
c:\program files (x86)\Hotspot Shield\config\hss_data\02c197d8913bf5754b134b87511739d1
c:\program files (x86)\Hotspot Shield\config\hss_data\073f85faf879a7a11af3a635e1757ba8
c:\program files (x86)\Hotspot Shield\config\hss_data\0b5658c654a33c614e9e55dc9dbdff5a
c:\program files (x86)\Hotspot Shield\config\hss_data\0ccc08c2ea561ff500cab5f38311e471
c:\program files (x86)\Hotspot Shield\config\hss_data\121fb7296d0ee1d3e719d94bdce16794
c:\program files (x86)\Hotspot Shield\config\hss_data\14eb3437d956733c20fc71638e106a85
c:\program files (x86)\Hotspot Shield\config\hss_data\18591d5bd4690184799b7f88a6099f4a
c:\program files (x86)\Hotspot Shield\config\hss_data\1f5e96aa384dd08f5fd5357a9f3cd6fc
c:\program files (x86)\Hotspot Shield\config\hss_data\30d6535ce6c563641fe5b6d820f46b80
c:\program files (x86)\Hotspot Shield\config\hss_data\35e4d983b7266171c5aa023c2775dae8
c:\program files (x86)\Hotspot Shield\config\hss_data\370ebb95195b3de83f7a934e75859a6c
c:\program files (x86)\Hotspot Shield\config\hss_data\3fc0ac70159a14e7dd5db6cf3ba9b203
c:\program files (x86)\Hotspot Shield\config\hss_data\4062dc5c50f0af86f5e69fc19866f461
c:\program files (x86)\Hotspot Shield\config\hss_data\40791871be92ff245ab557fe7a204c00
c:\program files (x86)\Hotspot Shield\config\hss_data\5931a8031467d4b1f4d930927bba3157
c:\program files (x86)\Hotspot Shield\config\hss_data\5b4829b3582d815481f7154fae5e5926
c:\program files (x86)\Hotspot Shield\config\hss_data\5d32f06f8f9487d5ae22785ea74a3be6
c:\program files (x86)\Hotspot Shield\config\hss_data\60f05c8b6f6b180e13933f343507d7fa
c:\program files (x86)\Hotspot Shield\config\hss_data\66bf170db763710829b8393542b2e9ee
c:\program files (x86)\Hotspot Shield\config\hss_data\9206330005012803b86b468bca535dd6
c:\program files (x86)\Hotspot Shield\config\hss_data\95e40e9508e6a84aeee28a41af5b9101
c:\program files (x86)\Hotspot Shield\config\hss_data\97763a8940a3e80bd036491fa79e03f3
c:\program files (x86)\Hotspot Shield\config\hss_data\99ec4f10f78d5d32e1ac8a994204bac3
c:\program files (x86)\Hotspot Shield\config\hss_data\b3432ae448c3cb59ab6b70e264b04098
c:\program files (x86)\Hotspot Shield\config\hss_data\c0eb17a142ab3f336fd38fd35122af74
c:\program files (x86)\Hotspot Shield\config\hss_data\c173e552121cbd66d3615957f6ac2f97
c:\program files (x86)\Hotspot Shield\config\hss_data\c5fa7861874fa1fed572df7a694f72a7
c:\program files (x86)\Hotspot Shield\config\hss_data\d9a45b7188ed842b0f8aff688b44c156
c:\program files (x86)\Hotspot Shield\config\hss_data\dff87c283bf5e995418cd78584f1b014
c:\program files (x86)\Hotspot Shield\config\hss_data\e15b2c5a7800d693e1eb5f8c0922691d
c:\program files (x86)\Hotspot Shield\config\hss_data\e409490f22e31d61516d0e7528fd9272
c:\program files (x86)\Hotspot Shield\config\hss_data\edacc6090b762969e5b13c2489e84ca9
c:\program files (x86)\Hotspot Shield\config\hss_data\eee6bae11f106316c3409844cadc0772
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1053_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1053_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1053_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1054_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1054_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1054_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1055_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1055_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1055_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1056_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1056_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1056_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1325_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1325_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1325_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1394_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_1394_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_830_0
c:\program files (x86)\Hotspot Shield\config\hss_data\f_830_1
c:\program files (x86)\Hotspot Shield\config\hss_data\f_830_2
c:\program files (x86)\Hotspot Shield\config\hss_data\f972880398b9d81a70ebb511095f82e7
c:\program files (x86)\Hotspot Shield\config\hss_data\wrurl
c:\program files (x86)\Hotspot Shield\config\hsscon.cfg
c:\program files (x86)\Hotspot Shield\config\hssst.cfg
c:\program files (x86)\Hotspot Shield\config\hssst.cfg.bak
c:\program files (x86)\Hotspot Shield\config\sd-info-failed.cfg
c:\program files (x86)\Hotspot Shield\config\sd-info-main.cfg
c:\program files (x86)\Hotspot Shield\config\sd-info-saved.cfg
c:\program files (x86)\Hotspot Shield\config\upd_dat.cfg
c:\program files (x86)\Hotspot Shield\config\update.cfg
c:\program files (x86)\Hotspot Shield\driver\OemWin2k.inf
c:\program files (x86)\Hotspot Shield\driver\taphss.cat
c:\program files (x86)\Hotspot Shield\driver\taphss.sys
c:\program files (x86)\Hotspot Shield\hss.ico
c:\program files (x86)\Hotspot Shield\HssFF\config_ff.txt
c:\program files (x86)\Hotspot Shield\HssFF\config_ff_srch.txt
c:\program files (x86)\Hotspot Shield\hssie\config.txt
c:\program files (x86)\Hotspot Shield\hssie\config_srch.txt
c:\program files (x86)\Hotspot Shield\hssie\HssIE.dll
c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll
c:\program files (x86)\Hotspot Shield\hsswd\default\default.cfg
c:\program files (x86)\Hotspot Shield\HssWPR\hssdrv.cat
c:\program files (x86)\Hotspot Shield\HssWPR\hssdrv.sys
c:\program files (x86)\Hotspot Shield\HssWPR\hssdrv_m.cat
c:\program files (x86)\Hotspot Shield\HssWPR\hssinst.dll
c:\program files (x86)\Hotspot Shield\HssWPR\HssInstaller64.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\HssWPR\nethss.inf
c:\program files (x86)\Hotspot Shield\HssWPR\nethss_m.inf
c:\program files (x86)\Hotspot Shield\HssWPR\wpr.conf
c:\program files (x86)\Hotspot Shield\htdocs\check.js
c:\program files (x86)\Hotspot Shield\htdocs\conect.png
c:\program files (x86)\Hotspot Shield\htdocs\connect_original.png
c:\program files (x86)\Hotspot Shield\htdocs\connect_stay.png
c:\program files (x86)\Hotspot Shield\htdocs\disconnect.html
c:\program files (x86)\Hotspot Shield\htdocs\disconnect_original.png
c:\program files (x86)\Hotspot Shield\htdocs\greenico.png
c:\program files (x86)\Hotspot Shield\htdocs\HSS_logo.png
c:\program files (x86)\Hotspot Shield\htdocs\lang.js
c:\program files (x86)\Hotspot Shield\htdocs\logo.png
c:\program files (x86)\Hotspot Shield\htdocs\message.html
c:\program files (x86)\Hotspot Shield\htdocs\nsidefs.js
c:\program files (x86)\Hotspot Shield\htdocs\oac.html
c:\program files (x86)\Hotspot Shield\htdocs\oac.js
c:\program files (x86)\Hotspot Shield\htdocs\redico.png
c:\program files (x86)\Hotspot Shield\htdocs\restart.html
c:\program files (x86)\Hotspot Shield\htdocs\turnoff.png
c:\program files (x86)\Hotspot Shield\htdocs\turnon.png
c:\program files (x86)\Hotspot Shield\license.txt
c:\program files (x86)\Hotspot Shield\log\config.log
c:\program files (x86)\Hotspot Shield\log\oas.log
c:\program files (x86)\Hotspot Shield\Uninstall.exe
c:\program files (x86)\Hotspot Shield\update\hss-update.upd
c:\program files (x86)\Microsoft\BingBar
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\css\bingclient.css
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\css\error.css
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\error.html
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\footer\footer.css
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\footer\footer.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\footer\progress_indicator.gif
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\images\error.png
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\js\error.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\js\jquery-1.4.2.min.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\js\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\js\utility.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ar-145\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ar-ploc-sa\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ar-ploc-sa\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ar-sa\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\bg-bg\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\bg-bg\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ca-es\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ca-es\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\cs-cz\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\cs-cz\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\da-dk\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\da-dk\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-at\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-at\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-ch\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-ch\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-de\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\de-de\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\el-gr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\el-gr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-001\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-001\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-145\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-145\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-au\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-au\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ca\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ca\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-gb\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-gb\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-id\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-id\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ie\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ie\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-in\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-my\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-my\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-nz\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-nz\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ph\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-ph\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-sg\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-sg\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-us\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-us\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-za\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\en-za\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-001\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-001\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-419\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-419\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-ar\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-ar\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-cl\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-cl\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-es\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-es\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-mx\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-mx\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-us\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\es-us\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\et-ee\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\et-ee\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\eu-es\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\eu-es\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fi-fi\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fi-fi\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-145\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-145\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-be\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-be\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-ca\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-ca\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-ch\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-ch\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-fr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\fr-fr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\gu-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\he-il\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\hi-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\hr-hr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\hr-hr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\hu-hu\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\hu-hu\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\id-id\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\id-id\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\it-it\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\it-it\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ja-jp\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ja-jp\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ja-ploc-jp\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ja-ploc-jp\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\kn-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ko-kr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ko-kr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\lt-lt\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\lt-lt\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\lv-lv\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\lv-lv\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ml-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\mr-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ms-my\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ms-my\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nb-no\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nb-no\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nl-be\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nl-be\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nl-nl\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\nl-nl\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pl-pl\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pl-pl\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pt-br\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pt-br\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pt-pt\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\pt-pt\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ro-ro\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ro-ro\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ru-ru\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ru-ru\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sk-sk\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sk-sk\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sl-si\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sl-si\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sr-cyrl-cs\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sr-cyrl-cs\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sr-latn-cs\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sr-latn-cs\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sv-se\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\sv-se\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\error\7.0.609\loc\ta-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fi-fi\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fi-fi\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-145\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-145\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-145\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-be\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-be\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-be\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ca\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ca\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ca\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ch\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ch\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-ch\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-fr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-fr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\fr-fr\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\gu-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\he-il\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hi-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hr-hr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hr-hr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hr-hr\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hu-hu\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hu-hu\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\hu-hu\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\id-id\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\id-id\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\id-id\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\it-it\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\it-it\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\it-it\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-jp\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-jp\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-jp\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-ploc-jp\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-ploc-jp\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ja-ploc-jp\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\kn-in\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ko-kr\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ko-kr\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\ko-kr\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\facebook\7.0.609\loc\lt-lt\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\uk-ua\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\uk-ua\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\uk-ua\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\vi-vn\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\vi-vn\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\vi-vn\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-cn\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-cn\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-cn\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-hk\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-hk\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-hk\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-tw\appmanifest.xml
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-tw\locStrings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\loc\zh-tw\settings.js
c:\program files (x86)\Microsoft\BingBar\apps\weather\7.0.609\weather.html
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\BingApp.exe
c:\program files (x86)\Microsoft\BingBar\BingBar.exe
c:\program files (x86)\Microsoft\BingBar\BingExt.dll
c:\program files (x86)\Microsoft\BingBar\common.dll
c:\program files (x86)\Microsoft\BingBar\defaultCache.txt
c:\program files (x86)\Microsoft\BingBar\DefMgr.dll
c:\program files (x86)\Microsoft\BingBar\Installers\BingBar7.0.609\BingBar.msi
c:\program files (x86)\Microsoft\BingBar\scripts\debug\trace.js
c:\program files (x86)\Microsoft\BingBar\scripts\io\downloader.js
c:\program files (x86)\Microsoft\BingBar\scripts\io\io.js
c:\program files (x86)\Microsoft\BingBar\scripts\main.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\appapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\appmanagementapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\apppackageapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\buttonapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\configurationapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\objectmodel\servicesapi.js
c:\program files (x86)\Microsoft\BingBar\scripts\parsers\activeversionxml.js
c:\program files (x86)\Microsoft\BingBar\scripts\parsers\appmanifestxml.js
c:\program files (x86)\Microsoft\BingBar\scripts\parsers\json2.js
c:\program files (x86)\Microsoft\BingBar\scripts\parsers\xmlparser.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\app.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\appcatalog.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\appcatalogcache.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\appinstaller.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\appmanager.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\apppackage.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\blockedapp.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\buttonlayout.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\configcache.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\configcacheproperties.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\flightmanager.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\platformsettings.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\preamble.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\settings.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\toast.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\toasthub.js
c:\program files (x86)\Microsoft\BingBar\scripts\system\toasthubQueue.js
c:\program files (x86)\Microsoft\BingBar\scripts\utility\utility.js
c:\program files (x86)\Microsoft\BingBar\SeaNote.dll
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\users\Obeans\AppData\Roaming\May
c:\users\Obeans\AppData\Roaming\Uwofqa
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_65374252
-------\Service_65374252
-------\Service_hshld
-------\Service_HssWd
-------\Service_BBSvc
-------\Service_HssSrv
-------\Service_HssTrayService
-------\Service_SeaPort
-------\Service_BBSvc
-------\Service_HssSrv
-------\Service_HssTrayService
-------\Service_SeaPort
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 04:11 . 2012-01-25 04:11 -------- d-----w- c:\users\SQL2008SBSDE\AppData\Local\temp
2012-01-24 02:17 . 2012-01-24 02:18 -------- d-----w- c:\program files\iTunes
2012-01-24 02:17 . 2012-01-24 02:17 -------- d-----w- c:\program files\iPod
2012-01-21 19:11 . 2012-01-21 19:11 -------- d-----w- c:\users\Obeans\AppData\Local\Safe mirror
2012-01-21 19:05 . 2012-01-21 19:11 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-01-21 14:06 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 02:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-21 02:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-01-03 01:30 . 2012-01-03 01:30 -------- d--h--w- c:\programdata\PC Tools
2011-12-30 18:41 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\360Works
2011-12-30 16:04 . 2011-12-30 16:04 -------- d--h--w- c:\users\Obeans\AppData\Local\Citrix
2011-12-30 15:03 . 2011-12-30 15:15 -------- d--h--w- c:\users\Obeans\Version Control
2011-12-30 14:56 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\AppData\Roaming\.purple
2011-12-30 14:53 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Pidgin
2011-12-30 14:49 . 2011-12-30 14:49 -------- d--h--w- c:\users\Obeans\.IntelliJIdea10
2011-12-30 14:41 . 2011-12-30 14:41 -------- d-----w- c:\program files (x86)\JetBrains
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 01:49 . 2011-12-04 01:25 116224 ----a-w- c:\windows\SysWow64\1Wk42.com_
2011-12-03 23:24 . 2011-06-25 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 04:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2010-11-26 02:58 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-11-26 02:57 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2010-11-26 02:49 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2010-04-16 13:55 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2010-04-16 13:32 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2010-04-16 13:45 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2010-04-16 13:25 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2010-04-16 13:39 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2010-04-16 13:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2010-04-16 13:10 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2010-11-26 02:15 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2010-04-16 13:10 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2010-04-16 13:10 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-05 05:32 . 2011-12-14 04:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 04:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 12:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-30 13:07 . 2011-11-05 03:35 2219008 ----a-w- c:\windows\bsdsetup.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-24_13.35.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-01-25 03:50 51066 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-07 16:21 . 2012-01-25 03:50 18348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3086551624-837848958-744692313-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-01-24 13:45 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-21 02:03 . 2012-01-25 04:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-21 02:03 . 2012-01-25 04:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-24 13:34 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 17:43 . 2012-01-25 03:33 264318 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:54 . 2012-01-24 13:34 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-24 13:34 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-12 3077528]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"Akamai NetSession Interface"="c:\users\Obeans\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 InventoriaService;Inventoria Stock Manager;c:\program files (x86)\NCH Software\Inventoria\inventoria.exe [2011-09-27 1384964]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Apache2.2;Apache2.2;c:\apache2\bin\httpd.exe [2011-05-21 18432]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2010-11-05 118128]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2009-08-24 126392]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-24 c:\windows\Tasks\At10.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At12.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At14.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At16.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At18.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At2.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At20.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At22.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At24.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At26.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At28.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At30.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At32.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At34.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At36.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At38.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At4.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At40.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At42.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At44.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At46.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At48.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At6.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-24 c:\windows\Tasks\At8.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001Core.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001UA.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForObeans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-02 487424]
"combofix"="c:\combofix\CF25257.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: play.net\*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-HotspotShield - c:\program files (x86)\Hotspot Shield\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2012-01-24 23:34:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 04:34
ComboFix2.txt 2012-01-24 13:44
.
Pre-Run: 200,303,083,520 bytes free
Post-Run: 200,017,866,752 bytes free
.
- - End Of File - - D0157BB7427E411935E02B3B59914257

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 25 January 2012 - 08:47 AM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

AtJob::

File::
c:\windows\system32\1Wk42.com_
c:\windows\system32\1Wk42.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 25 January 2012 - 10:49 AM

Just getting a Catalyst Control Center that runs each time I start up. Here is the ComboLog:

ComboFix 12-01-23.02 - Obeans 01/25/2012 10:04:46.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1786 [GMT -5:00]
Running from: c:\users\Obeans\Downloads\ComboFix.exe
Command switches used :: c:\users\Obeans\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\1Wk42.com"
"c:\windows\system32\1Wk42.com_"
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 15:18 . 2012-01-25 15:18 -------- d-----w- c:\users\SQL2008SBSDE\AppData\Local\temp
2012-01-25 15:18 . 2012-01-25 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 15:18 . 2012-01-25 15:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-24 02:17 . 2012-01-24 02:18 -------- d-----w- c:\program files\iTunes
2012-01-24 02:17 . 2012-01-24 02:17 -------- d-----w- c:\program files\iPod
2012-01-21 19:11 . 2012-01-21 19:11 -------- d-----w- c:\users\Obeans\AppData\Local\Safe mirror
2012-01-21 19:05 . 2012-01-21 19:11 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-01-21 14:06 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 02:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-21 02:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-01-03 01:30 . 2012-01-03 01:30 -------- d--h--w- c:\programdata\PC Tools
2011-12-30 18:41 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\360Works
2011-12-30 16:04 . 2011-12-30 16:04 -------- d--h--w- c:\users\Obeans\AppData\Local\Citrix
2011-12-30 15:03 . 2011-12-30 15:15 -------- d--h--w- c:\users\Obeans\Version Control
2011-12-30 14:56 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\AppData\Roaming\.purple
2011-12-30 14:53 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Pidgin
2011-12-30 14:49 . 2011-12-30 14:49 -------- d--h--w- c:\users\Obeans\.IntelliJIdea10
2011-12-30 14:41 . 2011-12-30 14:41 -------- d-----w- c:\program files (x86)\JetBrains
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 08:16 . 2011-04-12 14:29 2495296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-25 08:07 . 2011-06-24 18:20 587328 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:05 . 2011-03-25 02:02 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:04 . 2011-01-20 15:57 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:02 . 2011-01-06 01:12 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-12-04 01:49 . 2011-12-04 01:25 116224 ----a-w- c:\windows\SysWow64\1Wk42.com_
2011-12-03 23:24 . 2011-06-25 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 04:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2010-11-26 02:58 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-11-26 02:57 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2010-11-26 02:49 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2010-04-16 13:55 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2010-04-16 13:32 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2010-04-16 13:45 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2010-04-16 13:25 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2010-04-16 13:39 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2010-04-16 13:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2010-04-16 13:10 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2010-11-26 02:15 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2010-04-16 13:10 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2010-04-16 13:10 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-05 05:32 . 2011-12-14 04:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 04:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 12:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-30 13:07 . 2011-11-05 03:35 2219008 ----a-w- c:\windows\bsdsetup.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-24_13.35.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 16:42 . 2012-01-25 04:40 52242 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-25 15:22 51114 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-07 16:21 . 2012-01-25 15:22 18484 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3086551624-837848958-744692313-1001_UserData.bin
- 2010-10-04 23:26 . 2012-01-21 18:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 23:26 . 2012-01-25 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-04 23:26 . 2012-01-21 18:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-04 23:26 . 2012-01-25 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-21 18:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-24 13:45 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-10 08:20 . 2012-01-25 04:35 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-21 02:03 . 2012-01-25 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-21 02:03 . 2012-01-25 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-24 13:34 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 17:43 . 2012-01-25 03:33 264318 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-25 08:01 . 2012-01-25 08:01 723256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2012-01-25 08:23 . 2012-01-25 08:23 205824 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\e681aa9f513a2fd54af2e1f16e42ed4b\WindowsFormsIntegration.Design.ni.dll
+ 2012-01-25 08:21 . 2012-01-25 08:21 805376 c:\windows\assembly\NativeImages_v4.0.30319_32\StanPackage\7f85897afaab0c0250754137aafe2ab4\StanPackage.ni.dll
- 2009-07-14 04:54 . 2012-01-24 13:34 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-25 08:25 . 2012-01-25 08:25 2630144 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\5c0255ae9eed1464e1ef631d0bd5958c\Microsoft.VisualStudio.Tools.Office.Designer.ni.dll
+ 2012-01-25 08:21 . 2012-01-25 08:21 1844736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d3de011b5d5c7eb37b0b5c80375dd0ca\Microsoft.VisualStudio.Design.ni.dll
+ 2012-01-25 08:22 . 2012-01-25 08:22 2848768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\406e769946f711673188650e0d41dd8a\Microsoft.VisualStudio.Web.ni.dll
+ 2012-01-25 08:22 . 2012-01-25 08:22 2043392 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\161b15f5eb6203915140e59dcc1a3355\Microsoft.VisualStudio.Tools.Office.Designer.ni.dll
+ 2009-07-14 04:54 . 2012-01-25 03:46 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-24 13:34 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-16 17:18 . 2011-12-16 17:18 10532864 c:\windows\Installer\bba2cb.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-12 3077528]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"Akamai NetSession Interface"="c:\users\Obeans\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
c:\users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 InventoriaService;Inventoria Stock Manager;c:\program files (x86)\NCH Software\Inventoria\inventoria.exe [2011-09-27 1384964]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Apache2.2;Apache2.2;c:\apache2\bin\httpd.exe [2011-05-21 18432]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2010-11-05 118128]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2009-08-24 126392]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\At10.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At12.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At14.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At16.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At18.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At2.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At20.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At22.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At24.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At26.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At28.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At30.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At32.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At34.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At36.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At38.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At4.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At40.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At42.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At44.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At46.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At48.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At6.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\At8.job
- c:\windows\system32\1Wk42.com_ [2011-12-04 01:49]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001Core.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001UA.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForObeans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-02 487424]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: play.net\*
TCP: DhcpNameServer = 24.197.160.17 207.69.188.185 96.38.234.71
FF - ProfilePath - c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2012-01-25 10:29:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-25 15:29
ComboFix2.txt 2012-01-25 04:34
ComboFix3.txt 2012-01-24 13:44
.
Pre-Run: 201,963,098,112 bytes free
Post-Run: 201,776,922,624 bytes free
.
- - End Of File - - 9FD1B8483E304C860A2D30141160421A

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 25 January 2012 - 10:52 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 25 January 2012 - 12:08 PM

Contents of the OTL.txt file:

OTL logfile created on: 1/25/2012 12:02:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Obeans\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 54.65% Memory free
7.49 Gb Paging File | 5.35 Gb Available in Paging File | 71.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.92 Gb Total Space | 188.12 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive D: | 20.55 Gb Total Space | 2.99 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 88.88 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: OBEANS-PC | User Name: Obeans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Obeans\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Obeans\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Apache2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
PRC - C:\Program Files (x86)\Cobian Backup 10\cbService.exe (Luis Cobian, CobianSoft)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\AIM\nssckbi.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll ()
SRV - (InventoriaService) -- C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe (NCH Software)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (Apache2.2) -- C:\Apache2\bin\httpd.exe (Apache Software Foundation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (CobianBackup10) -- C:\Program Files (x86)\Cobian Backup 10\cbService.exe (Luis Cobian, CobianSoft)
SRV - (cbVSCService) -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe (CobianSoft, Luis Cobian)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 42 84 C9 04 1D 89 4F 44 B3 BF EB F8 52 0E BE 0D [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 42 84 C9 04 1D 89 4F 44 B3 BF EB F8 52 0E BE 0D [binary data]

IE - HKU\S-1-5-21-3086551624-837848958-744692313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 42 84 C9 04 1D 89 4F 44 B3 BF EB F8 52 0E BE 0D [binary data]
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

IE - HKU\S-1-5-21-3086551624-837848958-744692313-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3086551624-837848958-744692313-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4248
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Obeans\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Obeans\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Obeans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\WaterProof\PHPEdit\3.6.6\Tools\FirefoxExtension\unpacked
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/12/22 19:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/26 21:57:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/26 21:57:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/10/09 03:12:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/21 08:55:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/21 13:20:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\PHPEditXdebugExtension@waterproof.fr: C:\Program Files\WaterProof\PHPEdit\3.6.6\Tools\FirefoxExtension\unpacked

[2010/10/18 04:36:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Obeans\AppData\Roaming\Mozilla\Extensions
[2012/01/24 08:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions
[2012/01/20 20:55:49 | 000,000,000 | ---D | M] (Fingerfox (SE)) -- C:\Users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
[2012/01/21 08:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/19 18:22:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/27 23:10:42 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Obeans\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Obeans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: DivX HiQ = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Skype Click to Call = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Poppit = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Obeans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2011/12/14 07:57:55 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.231 www.google-analytics.com.
O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.231 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cobian Backup 10 Interface] C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi", start minimized File not found
O4 - HKU\S-1-5-18..\Run: [5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi", start minimized File not found
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [Akamai NetSession Interface] C:\Users\Obeans\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1009..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3086551624-837848958-744692313-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3086551624-837848958-744692313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3086551624-837848958-744692313-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: play.net ([*] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.197.160.17 207.69.188.185 96.38.234.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82439E43-0049-40AD-AB9F-8053BD40B966}: DhcpNameServer = 24.197.160.17 207.69.188.185 96.38.234.71
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%windir%\resources\logon\logonui.exe) - C:\Windows\Resources\Logon\logonUI.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 11:59:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Obeans\Desktop\OTL.exe
[2012/01/25 10:29:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/25 10:21:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/24 08:11:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/24 08:11:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/24 08:11:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/24 08:11:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/24 07:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{043487FE-0C4D-464C-9D54-02EEB5E8D9CB}
[2012/01/23 22:29:05 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{B3BCF02B-FF8A-4AA9-964C-5BBD98EA46A2}
[2012/01/23 21:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 21:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/23 21:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/21 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\Safe mirror
[2012/01/21 14:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2012/01/21 14:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2012/01/21 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{360A93A4-E4A0-4503-BAB2-AB7D08C3D472}
[2012/01/21 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{3ECC1F63-AAB4-48EF-9D2F-793FCF45CA52}
[2012/01/21 09:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/21 09:06:16 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/20 22:04:42 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{A0448609-79FB-483A-A82F-C7FC99048686}
[2012/01/20 22:04:29 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{0FEA8A5B-F130-4A14-B107-B79257DAE315}
[2012/01/20 21:12:17 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/20 21:12:17 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/20 21:12:16 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/20 21:12:16 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/20 21:12:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/20 21:12:13 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/20 21:12:12 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/20 21:12:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/20 21:12:12 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/20 21:12:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/20 21:12:00 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/20 21:11:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/20 21:11:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/20 09:00:56 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{250F1BC6-4809-4616-B76F-2DCE2233811D}
[2012/01/20 08:07:43 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{98574683-2C07-4FD5-A777-304BE048DDF6}
[2012/01/20 08:07:29 | 000,000,000 | ---D | C] -- C:\Users\Obeans\AppData\Local\{6EE23CEA-D432-438A-BED0-1BF26002DFCA}
[2012/01/20 07:41:23 | 000,000,000 | ---D | C] -- C:\Users\Obeans\Desktop\tdsskiller
[2012/01/19 00:36:29 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{D0E7A6DD-69A9-4525-A1FD-EC1161B86676}
[2012/01/19 00:36:16 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{D637C262-5C3B-4B05-B94C-1E74CF39F887}
[2012/01/16 03:50:13 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{CAF44FF4-A6E5-4D0E-BB08-AF53791DEC73}
[2012/01/16 03:49:58 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{C983F39B-7603-4ABC-AAE0-7D36ACB0C19E}
[2012/01/14 12:05:21 | 000,000,000 | ---D | C] -- C:\Users\Obeans\Documents\Warpath
[2012/01/12 07:43:52 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{501CFEFB-4320-45E9-B8FC-1194220A4C0F}
[2012/01/12 07:43:39 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{3AC00F3A-9AF2-47C0-95E2-599B6C74CAC6}
[2012/01/09 07:58:21 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{DA44BBC6-C2DE-44A5-A1A4-93BDE1775966}
[2012/01/09 07:58:01 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{4CF3C1A9-3D55-4F02-BD66-AFD065E78F84}
[2012/01/06 17:42:17 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{72F63494-AA3A-479D-8B20-2EF36219B01C}
[2012/01/05 23:23:56 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{E6D7DC6F-9AFA-44EB-B240-34DA765BAC82}
[2012/01/05 23:23:41 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{CE82DD6B-B897-4089-BC6F-C712B9E31752}
[2012/01/05 23:10:08 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{FF67B3E2-E865-4AEA-BC67-851DD9D2DBFE}
[2012/01/05 07:36:10 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{34F5A952-39FB-4DF5-BA44-9FF92694970C}
[2012/01/05 07:35:56 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{26869E84-0A73-410D-BE18-A751A312E248}
[2012/01/03 22:28:07 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{2207894C-8443-454A-8F08-E7D6716EADD6}
[2012/01/03 22:27:55 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{CCAB685C-E97C-47FD-890A-102BA04F41EB}
[2012/01/03 19:13:40 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Obeans\Desktop\blaue.com.exe
[2012/01/03 07:36:34 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{A476ACF0-B347-47FB-B997-6DBDDB730550}
[2012/01/03 07:36:22 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{4BF5D3BC-6C85-4509-8108-E862D128CEAD}
[2012/01/02 20:30:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2012/01/02 20:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/01/02 20:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/01/02 19:16:13 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{E0D39ECA-EB0E-4ADE-A60F-25815F39C13C}
[2012/01/02 19:15:54 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{5401EA6E-2CBF-49A8-B52C-CF31C9DDE1A0}
[2012/01/01 11:07:23 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{473C4BCB-A12C-43AE-A09B-DECE8B62A381}
[2012/01/01 11:07:10 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{B2EC3137-EA74-43C4-9D0F-D61D49EFE044}
[2011/12/31 10:31:11 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{4F2363FC-2A30-45FD-8FA7-144097DB4023}
[2011/12/31 10:30:58 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{10FEDD13-179A-4860-BB90-7DE0353D5652}
[2011/12/30 13:41:18 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\360Works
[2011/12/30 11:04:37 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\Citrix
[2011/12/30 10:03:45 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\Version Control
[2011/12/30 09:56:14 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Roaming\.purple
[2011/12/30 09:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2011/12/30 09:49:40 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\.IntelliJIdea10
[2011/12/30 09:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JetBrains
[2011/12/28 20:34:31 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{949B91F1-879E-4597-96A7-17E1A9ABE17D}
[2011/12/28 20:34:18 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{11ED15FD-7F58-4473-83EB-587DDC8A7B7A}
[2011/12/27 21:24:20 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{814E2787-102E-4FB7-832A-8E13A0254A18}
[2011/12/27 09:23:49 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{09C73DFB-05A9-4BF5-9FF2-6D9BD7373B56}
[2011/12/27 09:23:33 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{44061EC3-6377-4689-8609-339E7B5ABE07}
[2011/12/26 13:39:32 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{A47EF81E-6387-4197-BF81-808A0508588D}
[2011/12/26 13:39:16 | 000,000,000 | -H-D | C] -- C:\Users\Obeans\AppData\Local\{3B9B9487-618F-4912-9466-653162C5A683}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 12:02:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 12:02:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 12:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/01/25 12:00:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Obeans\Desktop\OTL.exe
[2012/01/25 11:59:28 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001UA.job
[2012/01/25 11:59:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 11:59:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/01/25 11:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 10:44:23 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 10:43:32 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 10:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/01/25 10:00:21 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/01/25 08:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/01/25 07:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/01/25 06:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/01/25 05:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/01/25 04:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/01/25 03:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/01/25 02:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/01/25 01:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/01/25 00:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/01/24 23:01:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/01/24 22:48:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001Core.job
[2012/01/24 22:43:33 | 000,001,154 | ---- | M] () -- C:\Users\Obeans\Desktop\ComboFix - Shortcut.lnk
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/01/24 22:33:13 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/01/23 21:18:03 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 13:05:12 | 005,075,728 | ---- | M] () -- C:\Users\Obeans\Desktop\bike_sample.obj
[2012/01/22 10:24:28 | 000,958,722 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/22 10:24:28 | 000,792,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/22 10:24:28 | 000,170,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/22 10:24:18 | 000,958,722 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/21 17:18:26 | 000,396,086 | ---- | M] () -- C:\Users\Obeans\Desktop\obinna.jpg
[2012/01/21 14:41:09 | 000,000,000 | ---- | M] () -- C:\Users\Obeans\defogger_reenable
[2012/01/21 13:20:21 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/21 11:04:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/21 09:06:17 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 08:56:01 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/20 20:18:25 | 001,600,966 | ---- | M] () -- C:\StormFront.xml
[2012/01/18 21:50:34 | 000,245,190 | ---- | M] () -- C:\Users\Obeans\Desktop\warpath_rustbike_part2.png
[2012/01/10 07:16:25 | 000,142,017 | ---- | M] () -- C:\Users\Obeans\Desktop\warpath_bikes_3.png
[2012/01/10 07:15:04 | 000,451,071 | ---- | M] () -- C:\Users\Obeans\Desktop\Bike_update_004_noRoof.png
[2012/01/09 01:11:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForObeans.job
[2012/01/05 23:17:07 | 000,373,534 | ---- | M] () -- C:\Users\Obeans\Desktop\rough_layout.png
[2012/01/03 19:13:54 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Obeans\Desktop\blaue.com.exe
[2012/01/03 18:53:19 | 000,001,021 | ---- | M] () -- C:\Users\Obeans\Desktop\Dropbox.lnk
[2012/01/03 18:53:19 | 000,001,001 | ---- | M] () -- C:\Users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/03 18:34:28 | 000,431,083 | ---- | M] () -- C:\Users\Obeans\Desktop\BikeWIP.jpg
[2012/01/03 14:05:25 | 000,474,856 | ---- | M] () -- C:\Users\Obeans\Desktop\concept_idea.png
[2012/01/03 07:37:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/03 02:43:45 | 000,008,722 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku
[2012/01/03 02:43:45 | 000,008,722 | -HS- | M] () -- C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku
[2012/01/02 20:35:39 | 000,008,846 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\b80wm3n06d
[2012/01/02 20:35:39 | 000,008,846 | -HS- | M] () -- C:\ProgramData\b80wm3n06d
[2012/01/02 19:50:23 | 000,011,424 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\y57tf4g61t
[2012/01/02 19:50:23 | 000,011,424 | -HS- | M] () -- C:\ProgramData\y57tf4g61t
[2011/12/30 12:32:36 | 000,002,086 | -H-- | M] () -- C:\Users\Obeans\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/24 22:43:33 | 000,001,154 | ---- | C] () -- C:\Users\Obeans\Desktop\ComboFix - Shortcut.lnk
[2012/01/24 08:11:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/24 08:11:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/24 08:11:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/24 08:11:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/24 08:11:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/23 21:18:03 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/22 13:04:37 | 005,075,728 | ---- | C] () -- C:\Users\Obeans\Desktop\bike_sample.obj
[2012/01/21 17:18:12 | 000,396,086 | ---- | C] () -- C:\Users\Obeans\Desktop\obinna.jpg
[2012/01/21 14:41:09 | 000,000,000 | ---- | C] () -- C:\Users\Obeans\defogger_reenable
[2012/01/21 13:20:21 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/21 11:04:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/21 09:06:17 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/21 08:56:01 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/21 08:56:01 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/20 22:36:46 | 000,002,600 | ---- | C] () -- C:\Users\Obeans\Desktop\xp_exe_fix.reg
[2012/01/18 21:49:34 | 000,245,190 | ---- | C] () -- C:\Users\Obeans\Desktop\warpath_rustbike_part2.png
[2012/01/10 07:16:22 | 000,142,017 | ---- | C] () -- C:\Users\Obeans\Desktop\warpath_bikes_3.png
[2012/01/10 07:14:53 | 000,451,071 | ---- | C] () -- C:\Users\Obeans\Desktop\Bike_update_004_noRoof.png
[2012/01/05 23:17:01 | 000,373,534 | ---- | C] () -- C:\Users\Obeans\Desktop\rough_layout.png
[2012/01/03 18:50:38 | 000,001,021 | ---- | C] () -- C:\Users\Obeans\Desktop\Dropbox.lnk
[2012/01/03 18:34:23 | 000,431,083 | ---- | C] () -- C:\Users\Obeans\Desktop\BikeWIP.jpg
[2012/01/03 14:05:19 | 000,474,856 | ---- | C] () -- C:\Users\Obeans\Desktop\concept_idea.png
[2012/01/02 20:35:39 | 000,008,722 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku
[2012/01/02 20:35:39 | 000,008,722 | -HS- | C] () -- C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku
[2012/01/02 20:25:22 | 000,008,846 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\b80wm3n06d
[2012/01/02 20:25:22 | 000,008,846 | -HS- | C] () -- C:\ProgramData\b80wm3n06d
[2012/01/02 19:31:18 | 000,011,424 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\y57tf4g61t
[2012/01/02 19:31:18 | 000,011,424 | -HS- | C] () -- C:\ProgramData\y57tf4g61t
[2011/12/03 20:25:34 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\1Wk42.com_
[2011/12/03 18:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\1Wk42.com.b
[2011/12/03 18:50:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\8m8R8IVFC.dat
[2011/12/03 18:38:08 | 000,011,540 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\7o65dw6x72s156
[2011/12/03 18:38:08 | 000,011,540 | -HS- | C] () -- C:\ProgramData\7o65dw6x72s156
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/04 07:12:30 | 000,004,608 | ---- | C] () -- C:\Users\Obeans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/29 23:07:18 | 000,000,376 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\wklnhst.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/13 19:40:36 | 000,000,102 | ---- | C] () -- C:\Users\Obeans\AppData\Local\IProcEvent.cfg
[2011/07/08 18:01:44 | 000,000,024 | -H-- | C] () -- C:\Users\Obeans\AppData\Local\domain.list
[2011/07/08 03:03:06 | 000,003,048 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\A050.387
[2011/05/28 14:10:06 | 000,000,132 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/05 08:19:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/04/07 00:01:26 | 000,001,854 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\GhostObjGAFix.xml
[2011/03/27 17:41:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/27 17:41:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/27 15:13:05 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/03/19 01:38:02 | 000,007,606 | -H-- | C] () -- C:\Users\Obeans\AppData\Local\Resmon.ResmonCfg
[2011/03/15 19:27:42 | 000,004,713 | ---- | C] () -- C:\Users\Obeans\AppData\Local\ssc4j.ini
[2011/01/19 12:10:32 | 000,000,132 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/01/05 20:08:09 | 000,958,722 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/13 20:44:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/24 15:08:58 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/23 11:38:56 | 000,090,460 | -H-- | C] () -- C:\Users\Obeans\AppData\Local\crash.zip
[2010/10/09 20:16:51 | 000,000,600 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\winscp.rnd
[2010/10/07 12:33:57 | 000,000,600 | -H-- | C] () -- C:\Users\Obeans\AppData\Local\PUTTY.RND
[2010/05/30 03:13:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/30 03:06:09 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/05/30 03:06:09 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/04/25 15:17:24 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/09 23:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:fzmdrl3PNquGCY5SNJ9CAQPV5e5yE
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 1115 bytes -> C:\ProgramData\Microsoft:gf6tTnNh7lq1gqfpkh04uwK6pUgB4
@Alternate Data Stream - 1084 bytes -> C:\Program Files (x86)\Common Files\System:SSmhsFGMNejbZzdqeFNJdpq
@Alternate Data Stream - 1066 bytes -> C:\Users\Obeans\AppData\Local\d8uRlhbYJ:dgY6C7nVxiukIXA6MB0x

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 25 January 2012 - 12:22 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    
    [2012/01/03 02:43:45 | 000,008,722 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku
    [2012/01/03 02:43:45 | 000,008,722 | -HS- | M] () -- C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku
    [2012/01/02 20:35:39 | 000,008,846 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\b80wm3n06d
    [2012/01/02 20:35:39 | 000,008,846 | -HS- | M] () -- C:\ProgramData\b80wm3n06d
    [2012/01/02 19:50:23 | 000,011,424 | -HS- | M] () -- C:\Users\Obeans\AppData\Local\y57tf4g61t
    [2012/01/02 19:50:23 | 000,011,424 | -HS- | M] () -- C:\ProgramData\y57tf4g61t
    [2012/01/02 20:35:39 | 000,008,722 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku
    [2012/01/02 20:35:39 | 000,008,722 | -HS- | C] () -- C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku
    [2012/01/02 20:25:22 | 000,008,846 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\b80wm3n06d
    [2012/01/02 20:25:22 | 000,008,846 | -HS- | C] () -- C:\ProgramData\b80wm3n06d
    [2012/01/02 19:31:18 | 000,011,424 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\y57tf4g61t
    [2012/01/02 19:31:18 | 000,011,424 | -HS- | C] () -- C:\ProgramData\y57tf4g61t
    [2011/12/03 20:25:34 | 000,116,224 | ---- | C] () -- C:\Windows\SysWow64\1Wk42.com_
    [2011/12/03 18:56:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\1Wk42.com.b
    [2011/12/03 18:50:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\8m8R8IVFC.dat
    [2011/12/03 18:38:08 | 000,011,540 | -HS- | C] () -- C:\Users\Obeans\AppData\Local\7o65dw6x72s156
    [2011/12/03 18:38:08 | 000,011,540 | -HS- | C] () -- C:\ProgramData\7o65dw6x72s156
    [2011/07/08 03:03:06 | 000,003,048 | -H-- | C] () -- C:\Users\Obeans\AppData\Roaming\A050.387
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
    O4 - HKU\.DEFAULT..\Run: [5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi", start minimized File not found
    O4 - HKU\S-1-5-18..\Run: [5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230] "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\config\systemprofile\AppData\Roaming\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi", start minimized File not found
    O4 - HKU\S-1-5-21-3086551624-837848958-744692313-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 971 bytes -> C:\ProgramData\Microsoft:fzmdrl3PNquGCY5SNJ9CAQPV5e5yE
    @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 1115 bytes -> C:\ProgramData\Microsoft:gf6tTnNh7lq1gqfpkh04uwK6pUgB4
    @Alternate Data Stream - 1084 bytes -> C:\Program Files (x86)\Common Files\System:SSmhsFGMNejbZzdqeFNJdpq
    @Alternate Data Stream - 1066 bytes -> C:\Users\Obeans\AppData\Local\d8uRlhbYJ:dgY6C7nVxiukIXA6MB0x  
    :Files
    C:\windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 25 January 2012 - 04:07 PM

Here is the OTL log file as you requested. I am still getting those permissions errors. They may have been a result of a "failed" System restore, I am not sure. Do you have any idea how I would go about fixing this? I also get a error on startup that, "There was a problem starting C:\ProgramData\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.avi The specified module could not be found." Any ideas? I can attach a screen shot of this if needed.

Thanks,

All processes killed
========== OTL ==========
C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku moved successfully.
C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku moved successfully.
C:\Users\Obeans\AppData\Local\b80wm3n06d moved successfully.
C:\ProgramData\b80wm3n06d moved successfully.
C:\Users\Obeans\AppData\Local\y57tf4g61t moved successfully.
C:\ProgramData\y57tf4g61t moved successfully.
File C:\Users\Obeans\AppData\Local\t28la23cxdp6b67lff4gxxod04014dtku not found.
File C:\ProgramData\t28la23cxdp6b67lff4gxxod04014dtku not found.
File C:\Users\Obeans\AppData\Local\b80wm3n06d not found.
File C:\ProgramData\b80wm3n06d not found.
File C:\Users\Obeans\AppData\Local\y57tf4g61t not found.
File C:\ProgramData\y57tf4g61t not found.
C:\Windows\SysWOW64\1Wk42.com_ moved successfully.
C:\Windows\SysWOW64\1Wk42.com.b moved successfully.
C:\ProgramData\8m8R8IVFC.dat moved successfully.
C:\Users\Obeans\AppData\Local\7o65dw6x72s156 moved successfully.
C:\ProgramData\7o65dw6x72s156 moved successfully.
C:\Users\Obeans\AppData\Roaming\A050.387 moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230 not found.
Registry value HKEY_USERS\S-1-5-21-3086551624-837848958-744692313-1009\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Microsoft:fzmdrl3PNquGCY5SNJ9CAQPV5e5yE deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Microsoft:gf6tTnNh7lq1gqfpkh04uwK6pUgB4 deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:SSmhsFGMNejbZzdqeFNJdpq deleted successfully.
ADS C:\Users\Obeans\AppData\Local\d8uRlhbYJ:dgY6C7nVxiukIXA6MB0x deleted successfully.
========== FILES ==========
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At26.job moved successfully.
C:\windows\tasks\At28.job moved successfully.
C:\windows\tasks\At30.job moved successfully.
C:\windows\tasks\At32.job moved successfully.
C:\windows\tasks\At34.job moved successfully.
C:\windows\tasks\At36.job moved successfully.
C:\windows\tasks\At38.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At40.job moved successfully.
C:\windows\tasks\At42.job moved successfully.
C:\windows\tasks\At44.job moved successfully.
C:\windows\tasks\At46.job moved successfully.
C:\windows\tasks\At48.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Obeans\Desktop\cmd.bat deleted successfully.
C:\Users\Obeans\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Obeans
->Temp folder emptied: 2494 bytes
->Temporary Internet Files folder emptied: 118391923 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61968569 bytes
->Google Chrome cache emptied: 348954942 bytes
->Flash cache emptied: 119467 bytes

User: Public
->Temp folder emptied: 0 bytes

User: SQL2008SBSDE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 505.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Obeans
->Java cache emptied: 0 bytes

User: Public

User: SQL2008SBSDE

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Obeans
->Flash cache emptied: 0 bytes

User: Public

User: SQL2008SBSDE
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01252012_153336

Files\Folders moved on Reboot...
C:\Users\Obeans\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 AM

Posted 25 January 2012 - 07:06 PM

Hello


rerun this for me and tell me more about the permission errors



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Krysis09

Krysis09
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 25 January 2012 - 11:39 PM

It seems a lot of folders in my Program Files (x86) directory are marked as Read Only for one reason or another. When I try to set the permissions on these folders to "Readable", I am prompted to do these things as the Administrator. After confirming as an admin, it seems as if the folder has changed it's permissions. However, when I open up the Properties dialog on the same folder, the folder is back to being Read only again. Anyway, here's the log file:

ComboFix 12-01-23.02 - Obeans 01/25/2012 23:11:38.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2378 [GMT -5:00]
Running from: c:\users\Obeans\Downloads\ComboFix.exe
Command switches used :: c:\users\Obeans\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 04:24 . 2012-01-26 04:24 -------- d-----w- c:\users\SQL2008SBSDE\AppData\Local\temp
2012-01-26 04:24 . 2012-01-26 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 04:24 . 2012-01-26 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-25 20:33 . 2012-01-25 20:33 -------- d-----w- C:\_OTL
2012-01-24 02:17 . 2012-01-24 02:18 -------- d-----w- c:\program files\iTunes
2012-01-24 02:17 . 2012-01-24 02:17 -------- d-----w- c:\program files\iPod
2012-01-21 19:11 . 2012-01-21 19:11 -------- d-----w- c:\users\Obeans\AppData\Local\Safe mirror
2012-01-21 19:05 . 2012-01-21 19:11 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-01-21 14:06 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-21 02:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-21 02:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-01-03 01:30 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-01-03 01:30 . 2012-01-03 01:30 -------- d--h--w- c:\programdata\PC Tools
2011-12-30 18:41 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\360Works
2011-12-30 16:04 . 2011-12-30 16:04 -------- d--h--w- c:\users\Obeans\AppData\Local\Citrix
2011-12-30 15:03 . 2011-12-30 15:15 -------- d--h--w- c:\users\Obeans\Version Control
2011-12-30 14:56 . 2012-01-03 11:29 -------- d--h--w- c:\users\Obeans\AppData\Roaming\.purple
2011-12-30 14:53 . 2012-01-03 11:29 -------- d-----w- c:\program files (x86)\Pidgin
2011-12-30 14:49 . 2011-12-30 14:49 -------- d--h--w- c:\users\Obeans\.IntelliJIdea10
2011-12-30 14:41 . 2011-12-30 14:41 -------- d-----w- c:\program files (x86)\JetBrains
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 08:16 . 2011-04-12 14:29 2495296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-25 08:07 . 2011-06-24 18:20 587328 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:05 . 2011-03-25 02:02 199616 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:04 . 2011-01-20 15:57 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-01-25 08:02 . 2011-01-06 01:12 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2011-12-03 23:24 . 2011-06-25 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 04:21 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:39 . 2011-11-10 03:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-10 03:39 . 2011-11-10 03:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-10 03:39 . 2011-11-10 03:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-10 03:39 . 2011-11-10 03:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-10 03:39 . 2011-11-10 03:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-10 03:38 . 2011-11-10 03:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-11-10 03:37 . 2011-11-10 03:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-10 03:37 . 2011-11-10 03:37 44032 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2010-11-26 02:58 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-11-26 02:57 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2010-11-26 02:49 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2010-04-16 13:55 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2010-04-16 13:32 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2010-04-16 13:45 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2010-04-16 13:25 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2010-04-16 13:39 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2010-04-16 13:05 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2010-04-16 13:10 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2010-11-26 02:15 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2010-04-16 13:10 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2010-04-16 13:10 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-05 05:32 . 2011-12-14 04:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 04:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 12:33 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 12:33 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 12:33 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 12:33 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 12:33 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 12:33 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 12:33 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-30 13:07 . 2011-11-05 03:35 2219008 ----a-w- c:\windows\bsdsetup.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-24_13.35.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 16:42 . 2012-01-25 15:48 52322 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-25 20:41 51130 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-07 16:21 . 2012-01-25 20:41 18552 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3086551624-837848958-744692313-1001_UserData.bin
- 2010-10-04 23:26 . 2012-01-21 18:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 23:26 . 2012-01-25 20:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-04 23:26 . 2012-01-21 18:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-25 20:44 . 2012-01-25 20:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-21 18:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 20:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-24 13:45 91720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-11-10 08:20 . 2012-01-25 04:35 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-21 02:03 . 2012-01-25 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-21 02:03 . 2012-01-25 20:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-21 02:03 . 2012-01-24 13:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-01-24 13:34 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 819200 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 17:43 . 2012-01-26 02:15 264870 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-25 08:01 . 2012-01-25 08:01 723256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2012-01-25 08:23 . 2012-01-25 08:23 205824 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\e681aa9f513a2fd54af2e1f16e42ed4b\WindowsFormsIntegration.Design.ni.dll
+ 2012-01-25 08:21 . 2012-01-25 08:21 805376 c:\windows\assembly\NativeImages_v4.0.30319_32\StanPackage\7f85897afaab0c0250754137aafe2ab4\StanPackage.ni.dll
- 2009-07-14 04:54 . 2012-01-24 13:34 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 8126464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-25 08:25 . 2012-01-25 08:25 2630144 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualStu#\5c0255ae9eed1464e1ef631d0bd5958c\Microsoft.VisualStudio.Tools.Office.Designer.ni.dll
+ 2012-01-25 08:21 . 2012-01-25 08:21 1844736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\d3de011b5d5c7eb37b0b5c80375dd0ca\Microsoft.VisualStudio.Design.ni.dll
+ 2012-01-25 08:22 . 2012-01-25 08:22 2848768 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\406e769946f711673188650e0d41dd8a\Microsoft.VisualStudio.Web.ni.dll
+ 2012-01-25 08:22 . 2012-01-25 08:22 2043392 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\161b15f5eb6203915140e59dcc1a3355\Microsoft.VisualStudio.Tools.Office.Designer.ni.dll
- 2009-07-14 04:54 . 2012-01-24 13:34 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-25 03:46 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-16 17:18 . 2011-12-16 17:18 10532864 c:\windows\Installer\bba2cb.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-10-08 01:12 85768 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-01-05 4321112]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-12 3077528]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"Akamai NetSession Interface"="c:\users\Obeans\AppData\Local\Akamai\netsession_win.exe" [2011-12-13 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-24 981680]
"Cobian Backup 10 Interface"="c:\program files (x86)\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Obeans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Obeans\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
5FF4DD2D-4E1C-AA2E-3BFA-4C1C06031230.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R3 InventoriaService;Inventoria Stock Manager;c:\program files (x86)\NCH Software\Inventoria\inventoria.exe [2011-09-27 1384964]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-04-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-10 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Apache2.2;Apache2.2;c:\apache2\bin\httpd.exe [2011-05-21 18432]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\SymcPCCULaunchSvc.exe [2010-11-05 118128]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe [2009-08-24 126392]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-18 2271608]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 01:16]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001Core.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3086551624-837848958-744692313-1001UA.job
- c:\users\Obeans\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-06 11:12]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForObeans.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Obeans\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-04-02 487424]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: play.net\*
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Obeans\AppData\Roaming\Mozilla\Firefox\Profiles\yjon5lgc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.5\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-25 23:27:56
ComboFix-quarantined-files.txt 2012-01-26 04:27
ComboFix2.txt 2012-01-25 15:29
ComboFix3.txt 2012-01-25 04:34
ComboFix4.txt 2012-01-24 13:44
.
Pre-Run: 202,591,731,712 bytes free
Post-Run: 202,303,348,736 bytes free
.
- - End Of File - - 0B74025091B153CC28EA3AE2C4A9B08A




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users