Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running very slow


  • Please log in to reply
14 replies to this topic

#1 arizno

arizno

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 February 2013 - 02:49 PM

I have followed all the recommendations for slow computers and nothing appears to have helped. I have attached the DDS and Attach records. Please let me know what my next step is thank you



BC AdBot (Login to Remove)

 


#2 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 February 2013 - 06:56 PM

Here is the file.

Attached Files



#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 22 February 2013 - 07:46 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. smile.png

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue!
  • Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download
  • a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    • Because of this, you must reply within 3 days
    failure to reply will result in the topic being closed!
  • I like chocolate chip cookies.

  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.
  • ____________________________________________________

    OTL Custom Scan

    We need to run an OTL Custom Scan
    • Please download OTL from one of the following mirrors:
    • Save it to your desktop.
    • Double click on the otlicon.png icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Copy and Paste the following code into the customscanfix.png textbox.

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      "%WinDir%\$NtUninstallKB*$." /30
      C:\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      %SYSTEMDRIVE%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      /md5start
      volsnap.sys
      atapi.sys
      explorer.exe
      winlogon.exe
      wininit.exe
      svchost.exe
      tdx.sys
      afd.sys
      netbt.sys
      services.exe
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s

    • Push the qscan.png button.
    • A report will open. Copy and Paste that report in your next reply.
    • NEXT:



      Running aswMBR.exe
    Download aswMBR.exe ( 1.8mb ) to your desktop.
    Double click the aswMBR.exe to run it Click the "Scan" button to start scan

    aswMBRScan.gif

    On completion of the scan click save log, save it to your desktop and post in your next reply

    aswMBRsavelog.gif



    NEXT:



    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. OTL.txt & Extras.txt log files.
    3. aswMBR.txt log file.
    4. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 22 February 2013 - 07:46 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 22 February 2013 - 10:38 AM

Good Morning SweetTech,

 

Hope you are having a good day. Thank you for taking my case. I greatly appreciate it. Below you will find the information that you requested. I look forward to getting rid of this malware. Talk to you soon.

 

1. Questions / Comments

I do not have an Extras Log files, also I accidentaly downloaded Avast upon opening aswMBR will that be a problem?

 

2. OTL and Extras Logs

 

OTL logfile created on: 2/22/2013 8:01:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.09% Memory free
3.14 Gb Paging File | 1.15 Gb Available in Paging File | 36.68% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 107.84 Gb Free Space | 46.31% Space Free | Partition Type: NTFS
Drive K: | 149.01 Gb Total Space | 0.19 Gb Free Space | 0.13% Space Free | Partition Type: FAT32
 
Computer Name: HOUSE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\WINDOWS\247131346:756237809.exe
PRC - [2013/02/22 07:53:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
PRC - [2013/02/10 08:37:58 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/06 01:38:19 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/01 22:40:12 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/01/20 13:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/01/07 14:56:16 | 002,909,640 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 23:08:54 | 004,407,808 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\cbInterface.exe
PRC - [2012/12/05 23:08:44 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 11\Cobian.exe
PRC - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2009/12/18 09:09:28 | 001,138,176 | ---- | M] (DynaSCAPE Software) -- C:\Program Files\DynaSCAPE\Color\DSColor.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/06 21:16:16 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/01/30 01:52:06 | 000,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 15:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/11/16 19:49:44 | 005,241,856 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/13 09:09:38 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1903b8df5ab9ea0392f9f066a7aa9163\WindowsFormsIntegration.ni.dll
MOD - [2013/02/13 09:06:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 09:06:50 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/13 08:58:12 | 012,638,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/02/13 03:10:30 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:09:45 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/01/26 11:20:04 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
MOD - [2013/01/26 10:24:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/26 10:24:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/26 09:27:30 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/26 03:51:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/26 03:51:34 | 001,035,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Printing\f73c974811e0f58d59a6fa47cf6f3374\System.Printing.ni.dll
MOD - [2013/01/26 03:51:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/26 03:50:54 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/26 03:50:49 | 002,146,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReachFramework\64ad3d6ccdc3afa7919528cc5a0143a6\ReachFramework.ni.dll
MOD - [2013/01/26 03:50:29 | 000,224,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c4114f7266efc459210299c8bb071624\PresentationFramework.Classic.ni.dll
MOD - [2013/01/26 03:50:13 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll
MOD - [2013/01/26 03:49:24 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
MOD - [2013/01/26 03:48:59 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
MOD - [2013/01/26 03:48:48 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/26 03:48:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/26 03:34:51 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
MOD - [2013/01/26 03:34:30 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
MOD - [2013/01/26 03:34:15 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
MOD - [2013/01/26 03:34:12 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll
MOD - [2013/01/26 03:30:04 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/26 03:29:42 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/26 03:29:16 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/26 03:29:13 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/26 03:29:02 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/26 03:28:53 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/25 20:35:06 | 000,460,240 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 20:35:04 | 004,012,496 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 20:34:19 | 000,597,968 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 20:34:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 20:34:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/02 00:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/03/06 15:29:48 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/08 09:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
MOD - [2009/12/18 09:09:18 | 000,055,808 | ---- | M] () -- C:\Program Files\DynaSCAPE\Color\DSErrorHandler.dll
MOD - [2009/12/18 09:09:12 | 000,008,192 | ---- | M] () -- C:\Program Files\DynaSCAPE\Color\DSLicenseManager.dll
MOD - [2008/12/21 06:52:30 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2008/12/21 06:52:30 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2008/12/21 06:52:29 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2008/12/21 06:52:29 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:27 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:27 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:25 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:25 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/12/21 06:52:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/12/21 06:52:21 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/12/21 06:52:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/12/21 06:52:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/12/21 06:52:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/12/21 06:52:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/12/21 06:52:19 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/12/21 06:52:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/12/21 06:52:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/12/21 06:52:19 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008/12/21 06:52:19 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008/12/21 06:52:19 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/12/21 06:52:18 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/12/21 06:52:18 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/12/21 06:52:18 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/12/21 06:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/12/21 06:52:18 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008/12/21 06:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/12/21 06:52:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/12/21 06:52:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/12/21 06:52:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/12/21 06:52:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/12/21 06:52:17 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/12/21 06:52:17 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/12/21 06:52:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2008/12/21 06:52:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/12/21 06:52:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/12/21 06:52:17 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/12/21 06:52:17 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/12/21 06:52:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/09/29 07:48:42 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/06/09 16:54:20 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\securegg.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\ViewerPS.dll
MOD - [2007/02/08 01:18:18 | 001,119,768 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2007/02/08 01:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
MOD - [2006/12/03 14:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/06/20 21:34:28 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2005/10/05 10:26:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.dll
MOD - [2005/03/21 15:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ses_cl.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] --  -- (netpker)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/10 08:37:58 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/07 11:29:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/12/11 20:22:50 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/06/14 11:02:12 | 000,017,408 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 19:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\247131346:756237809.exe -- (d2ecba0e)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/02/14 16:23:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/07/30 04:01:09 | 000,386,560 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/07/30 04:01:09 | 000,033,792 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV - [2009/07/30 04:01:09 | 000,020,992 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV - [2008/12/01 16:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/13 02:20:14 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/03/22 15:37:20 | 000,113,896 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2007/10/23 10:51:04 | 000,103,296 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/27 14:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 17:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/03/26 05:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/28 21:51:12 | 000,083,968 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/08/29 16:43:30 | 000,070,028 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\trackca4.sys -- (trackcam4)
DRV - [2005/03/02 11:13:50 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Cutting Master 2 for CraftROBO 1.30\Program\Par1284.sys -- (Par1284)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/08 09:43:52 | 000,347,648 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/11/06 12:04:24 | 000,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 D5 F0 DF C5 F8 CC 01  [binary data]
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120306B7CA437C95C0CB50A9E8BAB6&q={searchTerms}
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020613&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\SearchScopes\{AC3DAED6-5993-478C-9473-E22BB9D534E7}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613"
FF - prefs.js..extensions.enabledAddons: fireml%40sirma.bg:1.1.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/06/07 07:57:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/06/07 07:57:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine:  File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/06 21:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/29 07:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 11:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/10 08:38:26 | 000,000,000 | ---D | M]
 
[2013/02/14 17:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/02/15 09:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions
[2011/01/21 15:25:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/19 17:26:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/27 02:09:26 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013/01/26 02:09:22 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\foxmarks@kei.com
[2013/01/30 02:10:48 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\firebug@software.joehewitt.com.xpi
[2012/08/04 05:38:09 | 000,127,725 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\fireml@sirma.bg.xpi
[2013/01/26 02:09:09 | 000,200,692 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\yslow@yahoo-inc.com.xpi
[2013/01/26 02:09:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/06 12:18:29 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\bingp.xml
[2009/03/30 06:21:26 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\live-search.xml
[2012/06/18 19:53:02 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\Search_Results.xml
[2013/02/14 17:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/07 11:29:03 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/03/20 10:06:50 | 000,454,656 | ---- | M] (StoneTrip) -- C:\Program Files\mozilla firefox\plugins\npSton3D.dll
[2013/01/29 10:43:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/06 15:17:28 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/06/18 19:53:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013/01/29 10:43:36 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Ston3D Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npSton3D.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Groups = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk\1.3_0\
CHR - Extension: Pacman = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecpppgifblkcndcohmfihidlhdipkmei\17.1_0\
CHR - Extension: Web Lab = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0\
CHR - Extension: NPR Infinite Player = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf\2.1_0\
CHR - Extension: Vector Paint = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo\3.0.0.0_0\
CHR - Extension: Hojoki = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifjcgdcbhobdcojhnabjlholpbdmnpaa\1.1_0\
CHR - Extension: Zillow = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh\1.2_0\
CHR - Extension: Dropbox = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.3_0\
CHR - Extension: ManageWP = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj\1.4_0\
CHR - Extension: Codenious Lead Grabber = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdopkggfffjkhfchefogomfekianehhl\1.2.2_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Zoho CRM = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn\1.1.1_0\
CHR - Extension: Google Play = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: ShiftEdit = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0\
CHR - Extension: 3D Skate (Street Sesh) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lphcioiagabefebkamnoefbagglemdcg\0.1.1_0\
CHR - Extension: Fileminx = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma\2.0_0\
CHR - Extension: yaM - Yet Another Meeting = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbnfkccbgkpneighofmeciblmfdbfdib\1.3_0\
 
O1 HOSTS File: ([2011/10/19 13:21:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-1606980848-261478967-839522115-1003..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-1606980848-261478967-839522115-1003..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-1606980848-261478967-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1606980848-261478967-839522115-1003\..Trusted Domains: gotomeeting.com ([www2] https in Trusted sites)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c7/v19.108/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://portal.discoverfinancial.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47656C1-7A53-4966-B355-03F2C05AB619}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/10 16:36:47 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/02 15:47:02 | 000,000,000 | R--D | M] - K:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk - C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe - (Graphtec Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk -  - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TrojanScanner - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Reg Error: Value error.
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1726BC86-D939-20FB-FA90-7BD04449EC5B} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/22 07:57:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/02/22 07:53:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
[2013/02/21 09:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
[2013/02/21 09:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2013/02/14 16:23:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/14 08:45:41 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2013/02/13 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\website images
[2013/02/13 13:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2013/02/11 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Camp
[2013/02/11 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\__MACOSX
[2013/02/10 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2013/02/08 17:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2013/02/08 17:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/02/08 17:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/02/08 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/02/08 17:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/02/08 17:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2013/02/08 17:09:35 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\WINDOWS\System32\roboot.exe
[2013/02/07 13:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\join.me
[2013/02/07 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/07 11:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith
[2013/02/07 11:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith
[2013/02/07 11:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/02/06 23:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DynaSCAPE_Software
[2013/02/06 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Drawings
[2013/02/06 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DynaSCAPEDS
[2013/02/06 12:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/02/06 11:16:51 | 004,792,320 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2013/02/06 11:16:21 | 000,143,360 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbuzip10.dll
[2013/02/06 11:15:53 | 000,126,976 | ---- | C] (Coyote Software Corp) -- C:\WINDOWS\System32\Dolphin.dll
[2013/02/06 11:15:53 | 000,024,576 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\CompressZItLib6.dll
[2013/02/06 11:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DynaSCAPE
[2013/02/06 11:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\DynaSCAPE
[2013/02/01 13:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\inkscape
[2013/02/01 12:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2013/02/01 08:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fire It Up
[2013/01/31 07:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/01/30 14:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/30 14:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/01/26 10:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\indoor_web Images
[2013/01/26 10:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\carusel
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/22 07:59:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/02/22 07:53:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
[2013/02/22 07:43:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/22 07:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003UA.job
[2013/02/22 02:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003Core.job
[2013/02/22 01:43:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/21 17:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/02/21 15:01:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/02/21 14:02:51 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/21 03:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2013/02/20 17:09:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/02/18 08:32:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/02/16 15:08:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/16 15:08:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\247131346
[2013/02/16 07:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/15 09:29:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/02/14 17:17:32 | 001,305,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 16:37:24 | 000,759,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DynaSCAPE Intermediate Web Training Reference.pdf
[2013/02/14 16:23:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/14 11:51:34 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2013/02/14 08:44:32 | 000,001,395 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Color.lnk
[2013/02/13 04:00:28 | 000,048,016 | -HS- | M] () -- C:\WINDOWS\System32\c_70823.nl_
[2013/02/13 03:28:41 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/02/13 03:22:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 03:06:43 | 000,544,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:06:43 | 000,103,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 10:29:04 | 000,011,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg3.png
[2013/02/12 09:40:20 | 000,012,019 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg2.png
[2013/02/12 00:22:14 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2013/02/11 16:39:27 | 000,004,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\customLogo.png
[2013/02/11 11:26:02 | 001,190,871 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DILLIG DRIVEWAY PLAN.pdf
[2013/02/08 17:50:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMSEmulator.exe
[2013/02/08 17:09:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/08 09:44:28 | 000,067,036 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\concrete-countertop-training.pdf
[2013/02/07 13:39:30 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\join.me.lnk
[2013/02/07 00:15:35 | 000,362,029 | ---- | M] () -- C:\Documents and Settings\Owner\sqlite3.dll
[2013/02/06 12:17:48 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/06 11:16:48 | 004,792,320 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2013/02/06 11:15:01 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Design.lnk
[2013/02/01 16:25:52 | 000,010,895 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\profile.jpg
[2013/02/01 16:10:03 | 000,013,214 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ssi-logo.jpg
[2013/02/01 12:52:06 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2013/02/01 10:38:22 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/01 10:38:22 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/01/31 07:23:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/31 07:22:09 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2013/01/26 10:05:24 | 007,724,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\affluent.pdf
[2013/01/26 04:02:43 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\50px-spacer.png
[2013/01/26 03:54:28 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yellowrule.png
[2013/01/26 03:38:59 | 000,180,366 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\matchlight.JPG
[2013/01/26 02:01:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/16 15:05:22 | 001,094,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-261478967-839522115-1003-0.dat
[2013/02/15 09:29:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/02/15 09:29:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/02/14 16:37:23 | 000,759,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DynaSCAPE Intermediate Web Training Reference.pdf
[2013/02/14 08:44:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Color.lnk
[2013/02/13 04:00:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\247131346
[2013/02/13 04:00:28 | 000,048,016 | -HS- | C] () -- C:\WINDOWS\System32\c_70823.nl_
[2013/02/12 10:29:04 | 000,011,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg3.png
[2013/02/12 09:40:20 | 000,012,019 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg2.png
[2013/02/12 00:22:14 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2013/02/11 16:39:27 | 000,004,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\customLogo.png
[2013/02/11 11:14:12 | 001,190,871 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DILLIG DRIVEWAY PLAN.pdf
[2013/02/08 18:02:48 | 001,094,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/08 17:50:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMSEmulator.exe
[2013/02/08 17:09:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/02/08 17:09:53 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/02/08 17:09:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/08 09:44:56 | 000,067,036 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\concrete-countertop-training.pdf
[2013/02/07 13:39:30 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\join.me.lnk
[2013/02/07 13:39:30 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\join.me.lnk
[2013/02/07 00:15:35 | 000,362,029 | ---- | C] () -- C:\Documents and Settings\Owner\sqlite3.dll
[2013/02/07 00:09:57 | 001,667,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/06 11:16:21 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\securegg.dll
[2013/02/06 11:16:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2013/02/06 11:15:01 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Design.lnk
[2013/02/01 16:25:52 | 000,010,895 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\profile.jpg
[2013/02/01 16:10:03 | 000,013,214 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ssi-logo.jpg
[2013/02/01 12:52:20 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2013/01/26 10:05:28 | 007,724,332 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\affluent.pdf
[2013/01/26 04:02:43 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\50px-spacer.png
[2013/01/26 03:54:27 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yellowrule.png
[2013/01/26 03:40:44 | 000,180,366 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\matchlight.JPG
[2012/07/23 07:56:45 | 000,058,919 | ---- | C] () -- C:\Documents and Settings\Owner\AutoSave_Untitled.skp
[2012/02/27 18:05:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/24 10:36:54 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2012/02/18 17:52:29 | 000,333,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 11:36:14 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SpecoMC.INI
[2012/02/15 11:35:05 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\config_hdp_148CF244CB4A4467BE7989DC2B67D9B6.ini
[2012/02/15 11:33:58 | 001,297,408 | ---- | C] () -- C:\WINDOWS\System32\CNC_Ctrl.dll
[2012/02/11 11:33:09 | 000,000,481 | ---- | C] () -- C:\WINDOWS\my.ini
[2011/10/19 02:15:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 02:15:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/13 14:41:14 | 000,002,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\bc7f84cc
[2011/10/13 14:41:11 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\abda0cc9
[2011/10/13 14:35:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\4b07f336
[2011/09/29 07:04:59 | 000,205,441 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/09/29 07:04:59 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/01/06 08:58:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pm041003.sys
[2009/03/08 23:02:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2008/04/19 18:36:23 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/04/18 14:26:10 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\824CC82564.sys
[2008/04/18 14:26:09 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/02/22 21:42:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/09 10:30:27 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/13 13:14:37 | 000,142,336 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2007/11/10 19:10:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/10/10 07:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2008/04/19 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2012/02/14 12:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AddressGrabber for Web CRM
[2013/02/14 17:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/19 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/02/14 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2013/02/14 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/11/13 00:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/01/05 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/09/25 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/08/30 08:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2012/08/23 11:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/30 08:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
[2012/08/23 11:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2013/02/14 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/12/25 10:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/02/10 23:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/07 21:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/04/24 17:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACT
[2008/03/18 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aptana
[2012/01/29 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Arduino
[2008/05/28 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/12/11 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2011/04/27 10:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/04/19 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CompanionLink
[2008/08/17 22:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Composer
[2013/02/21 08:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2011/09/19 17:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/09/19 17:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2013/02/15 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2012/04/18 21:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/11/25 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grape Systems
[2013/02/01 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\inkscape
[2008/01/19 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Inspiration Software
[2007/12/06 21:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/04/18 14:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IsolatedStorage
[2009/01/05 18:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/12/11 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/28 00:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\n52te
[2008/01/07 14:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2013/02/14 17:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2010/12/21 13:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2012/03/06 15:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/08/30 08:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Palo Alto Software
[2010/01/06 08:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhiMatrix
[2007/12/29 18:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\phpDesigner 2008
[2008/08/17 18:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plazmic
[2012/02/27 19:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\salesforce.com
[2012/11/14 13:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
[2012/02/14 13:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2009/12/25 10:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2008/08/02 23:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneTrip
[2008/12/26 09:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2009/05/06 06:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2013/02/14 17:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/02/10 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\URSoft
[2013/02/21 14:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/21 06:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vu360
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< "%WinDir%\$NtUninstallKB*$." /30 >
 
< C:\Program Files\Common Files\ComObjects\*.* /s >
[2007/11/10 16:35:01 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/11/10 16:47:41 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2007/11/13 00:55:34 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2008/12/17 11:51:28 | 000,000,372 | ---- | C] () -- C:\WINDOWS\Tasks\RegCure.job
[2008/12/17 11:51:30 | 000,000,438 | ---- | C] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/02/08 15:33:15 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003Core.job
[2011/02/08 15:33:16 | 000,000,978 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003UA.job
[2011/03/10 23:43:45 | 000,000,880 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011/03/10 23:43:46 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/02/08 17:09:53 | 000,000,292 | ---- | C] () -- C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job
[2013/02/08 17:09:54 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\*. /rp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2007/11/10 09:43:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/11/10 09:43:29 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/11/10 09:43:29 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\drivers\*.sys /90 >
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2013/02/14 16:23:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]
 
< %SYSTEMDRIVE%\*.exe >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: AFD.SYS  >
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 07:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008/04/13 13:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\afd.sys
[2008/10/16 09:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 04:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 03:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004/08/04 06:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/08/14 03:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/10/16 08:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 04:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008/06/20 04:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008/06/20 05:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 04:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 05:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/08/17 07:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: NETBT.SYS  >
[2004/08/04 06:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 13:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netbt.sys
[2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[2009/02/06 11:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 11:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 04:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
 
< MD5 for: VOLSNAP.SYS  >
[2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 12:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\volsnap.sys
[2008/04/14 00:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/01/25 20:35:08 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemsvc.dll -- [2008/04/14 05:42:10 | 000,043,520 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB38685$] -> Error: Cannot create file handle -> Unknown point type
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\LOG\2.0.3257.27084__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_LOG_90ba9c70f846762e_2.0.3257.27084_x-ww_2639326b -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e] -> C:\WINDOWS\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 922891 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\247131346:756237809.exe
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
 
< End of report >
 
3. aswMBR Log
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-22 08:26:57
-----------------------------
08:26:57.199    OS Version: Windows 5.1.2600 Service Pack 3
08:26:57.199    Number of processors: 2 586 0x6B01
08:26:57.199    ComputerName: HOUSE  UserName: Owner
08:26:58.511    Initialize success
08:30:47.214    AVAST engine defs: 13022200
08:30:51.777    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:30:51.777    Disk 0 Vendor: WDC_WD2500AAKS-00VYA0 12.01B02 Size: 238475MB BusType: 3
08:30:51.792    Disk 0 MBR read successfully
08:30:51.808    Disk 0 MBR scan
08:30:51.855    Disk 0 Windows XP default MBR code
08:30:51.855    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63
08:30:51.855    Disk 0 scanning sectors +488376000
08:30:51.917    Disk 0 scanning C:\WINDOWS\system32\drivers
08:30:57.370    File: C:\WINDOWS\system32\drivers\imapi.sys  **INFECTED** Win32:Alureon-AJI [Rtk]
08:31:05.683    Disk 0 trace - called modules:
08:31:05.683    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8418a4a0]<<
08:31:05.699    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84362ab8]
08:31:05.699    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x84158e10]
08:31:06.058    \Driver\00000600[0x84270da0] -> IRP_MJ_CREATE -> 0x8418a4a0
08:31:07.402    AVAST engine scan C:\WINDOWS
08:31:11.183    File: C:\WINDOWS\247131346:756237809.exe  **INFECTED** Win32:Tiny-AMB [Rtk]
08:31:26.433    AVAST engine scan C:\WINDOWS\system32
08:31:41.167    File: C:\WINDOWS\system32\c_70823.nl_  **INFECTED** Win32:Sirefef-PF [Trj]
08:33:39.449    File: C:\WINDOWS\assembly\GAC_MSIL\Desktop(2).ini  **INFECTED** Win32:Sirefef-PL [Rtk]
08:34:55.245    AVAST engine scan C:\WINDOWS\system32\drivers
08:35:01.933    File: C:\WINDOWS\system32\drivers\imapi.sys  **INFECTED** Win32:Alureon-AJI [Rtk]
08:35:17.074    AVAST engine scan C:\Documents and Settings\Owner
08:39:10.558    File: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632  **INFECTED** Win32:Karagany-EQ [Trj]
09:09:00.605    AVAST engine scan C:\Documents and Settings\All Users
09:26:12.355    Scan finished successfully
09:37:16.402    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
09:37:16.417    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
 
 
 
 
4. How is my computer currently running 
 Internet is still very slow


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 23 February 2013 - 07:39 PM

Good Evening arizno!

Apologizes for not responding to you sooner. I had a busy past day and a half, and am only now geting a chance to sign on to my computer.

I do not have an Extras Log files, also I accidentaly downloaded Avast upon opening aswMBR will that be a problem?

No, that should not be a problem at all.

It looks like you're infected with an infection known as ZeroAccess.

Please yield the following warning first:

warningh.gifOne or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2.
When should I re-format? How should I reinstall?


ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:for providing the above information.



NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RC1.png
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    RC2-1.png
    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 24 February 2013 - 09:55 AM

Ok here is the Combo fix txt.

 

The computer seems to be running much better already. 

 

 

ComboFix 13-02-23.01 - Owner 02/24/2013   8:17.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1504 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\824CC82564.sys
c:\documents and settings\All Users\Application Data\E1BA862E-F205-FA29-DB66-46CA7EC00259.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Security Defender
c:\documents and settings\All Users\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\documents and settings\Owner\Application Data\4b07f336
c:\documents and settings\Owner\Application Data\abda0cc9
c:\documents and settings\Owner\Application Data\bc7f84cc
c:\documents and settings\Owner\Application Data\E1BA862E-F205-FA29-DB66-46CA7EC00259.ico
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Owner\sqlite3.dll
c:\documents and settings\Owner\Start Menu\Programs\Security Defender
c:\documents and settings\Owner\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\$NtUninstallKB38685$
c:\windows\$NtUninstallKB38685$\3491037804
c:\windows\$NtUninstallKB38685$\3538729486\@
c:\windows\$NtUninstallKB38685$\3538729486\L\oamrfdui
c:\windows\EventSystem.log
c:\windows\My.ini
c:\windows\system32\c_70823.nl_
c:\windows\system32\c_70823.nls
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
c:\windows\system32\SET154F.tmp
c:\windows\system32\SET1550.tmp
c:\windows\system32\SET1552.tmp
c:\windows\system32\SET1556.tmp
c:\windows\system32\SET1557.tmp
c:\windows\system32\SET155E.tmp
c:\windows\system32\SET1560.tmp
.
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected 
Restored copy from - The cat found it :) 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_d2ecba0e
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-24 to 2013-02-24  )))))))))))))))))))))))))))))))
.
.
2013-02-24 07:38 . 2008-04-14 06:11    42112    -c--a-w-    c:\windows\system32\dllcache\imapi.sys
2013-02-24 07:38 . 2008-04-14 06:11    42112    ----a-w-    c:\windows\system32\drivers\imapi.sys
2013-02-21 15:47 . 2013-02-21 15:47    --------    d-----w-    c:\program files\Cobian Backup 11
2013-02-15 15:29 . 2013-02-15 15:29    1409    ----a-w-    c:\windows\QTFont.for
2013-02-14 22:23 . 2013-02-14 22:23    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-14 14:45 . 2009-10-20 14:57    4194304    ----a-w-    c:\windows\system32\cdintf400.dll
2013-02-13 19:14 . 2013-02-13 19:14    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\Sun
2013-02-10 14:38 . 2013-02-10 14:37    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-10 14:38 . 2013-02-10 14:37    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-10 14:10 . 2013-02-10 14:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2013-02-08 23:50 . 2013-02-08 23:50    151552    ----a-w-    c:\windows\KMSEmulator.exe
2013-02-08 23:41 . 2013-02-08 23:41    --------    d-----w-    c:\program files\Microsoft Sync Framework
2013-02-08 23:38 . 2013-02-08 23:38    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-02-08 23:37 . 2013-02-08 23:37    --------    d-----w-    c:\program files\Microsoft Analysis Services
2013-02-08 23:36 . 2013-02-08 23:43    --------    d-----w-    c:\windows\SHELLNEW
2013-02-08 23:09 . 2013-02-14 23:35    --------    d-----w-    c:\documents and settings\Owner\Application Data\Nico Mak Computing
2013-02-07 19:39 . 2013-02-07 19:39    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\join.me
2013-02-07 17:12 . 2013-02-07 17:12    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\TechSmith
2013-02-07 17:12 . 2013-02-07 17:12    --------    d-----w-    c:\program files\TechSmith
2013-02-07 05:25 . 2013-02-07 05:25    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\DynaSCAPE_Software
2013-02-06 17:16 . 2013-02-06 17:16    4792320    ----a-w-    c:\windows\system32\cdintf450.dll
2013-02-06 17:16 . 2008-06-09 22:54    98304    ------w-    c:\windows\system32\securegg.dll
2013-02-06 17:16 . 2007-11-07 07:19    655872    ------w-    c:\windows\system32\msvcr90.dll
2013-02-06 17:16 . 1998-12-02 14:11    143360    ------w-    c:\windows\system32\vbuzip10.dll
2013-02-06 17:16 . 1998-03-26 08:12    53248    ------w-    c:\windows\system32\zlib.dll
2013-02-06 17:16 . 2007-11-07 07:19    568832    ------w-    c:\windows\system32\msvcp90.dll
2013-02-06 17:16 . 2007-11-07 02:23    224768    ------w-    c:\windows\system32\msvcm90.dll
2013-02-06 17:15 . 2006-06-27 20:57    126976    ------w-    c:\windows\system32\Dolphin.dll
2013-02-06 17:15 . 2004-03-18 18:10    24576    ------w-    c:\windows\system32\CompressZItLib6.dll
2013-02-06 17:14 . 2013-02-14 14:44    --------    d-----w-    c:\program files\DynaSCAPE
2013-02-01 19:04 . 2013-02-01 19:04    --------    d-----w-    c:\documents and settings\Owner\Application Data\inkscape
2013-02-01 18:49 . 2013-02-01 18:52    --------    d-----w-    c:\program files\Inkscape
2013-01-31 13:22 . 2013-01-31 13:22    --------    d-----w-    c:\program files\Dropbox
2013-01-30 20:24 . 2013-01-30 20:24    --------    d-----w-    c:\program files\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 14:37 . 2007-12-29 00:31    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-02-10 14:37 . 2011-01-22 01:52    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2004-08-04 12:00    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-04 12:00    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 12:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2009-10-10 13:51    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-07 17:29 . 2013-02-07 17:28    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-02-08 1051984]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-07 185896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
WinMySQLadmin.lnk - c:\xampp\mysql\bin\winmysqladmin.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-11 688128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38    623992    ----a-w-    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 23:51    3885408    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 18:59    18705664    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-14 23:04    1597864    ----a-w-    c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Cutting Master 2 for CraftROBO 1.30\\Program\\App2.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\half-life 2 deathmatch\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blazing angels squadrons of wwii\\SettingsApplication.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\LayOut\\LayOut.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\day of defeat\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [2/21/2013 9:47 AM 67584]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [3/9/2011 9:43 AM 22504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/20/2012 1:10 PM 398184]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/17/2008 10:32 AM 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/10/2009 7:51 AM 21104]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [10/19/2011 1:14 PM 17408]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/10/2009 7:51 AM 682344]
S2 netpker;netpker; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [12/28/2008 12:21 AM 48896]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/14/2013 4:23 PM 40776]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [12/25/2009 10:28 AM 386560]
S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [12/25/2009 10:28 AM 20992]
S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [12/25/2009 10:28 AM 33792]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [11/10/2007 5:40 PM 347648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 21:33]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 21:33]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 21:33]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 21:33]
.
2013-02-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2012-07-13 21:21]
.
2013-02-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2012-07-13 21:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: gotomeeting.com\www2
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020613&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-24 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?W 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B0D95F3-6F06-DD87-5F19-FB14CD5377BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\™HE«ÞK$x    *æ*hƒÝwæ*æ**]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5012)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-02-24  08:42:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-24 14:42
ComboFix2.txt  2008-12-18 18:14
.
Pre-Run: 118,156,673,024 bytes free
Post-Run: 127,113,834,496 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 75080A5FC1FBEDFDB12B2F3E5759DF67


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 24 February 2013 - 02:01 PM

Hi!

It looks like ComboFix has found quite a bit, and I'm glad to hear that things are starting to improve.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:



    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the esetOnline.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    • Check esetAcceptTerms.png
    • Click the esetStart.png button.
    • Accept any security warnings from your browser.
    • Check esetScanArchives.png
    • Make sure that the option "Remove found threats" is Unchecked
    • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
      • Enable Anti-Stealth technology
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    • Push the esetBack.png button.
    • Push esetFinish.png
    NEXT:



    Security Check
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NEXT:



    Please make sure you include the following items in your next post:

    1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
    2. MalwareBytes' Anti-Malware log file.
    3. ESET Online Virus Scan log file.
    4. SecurityCheck log file.
    5. An update on how your computer is currently running.

    It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 25 February 2013 - 08:15 AM

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

I think this was cause by a file that I open up from the internet. Is there something that you recommend to check files for malicious code. 


2. MalwareBytes' Anti-Malware log file.

I could not open Malware Bytes. Ikeeps saying "windows cannot access the specified device path or file. You may not have the appropriate permission to access the item"


3. ESET Online Virus Scan log file.

 

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632    a variant of Win32/Kryptik.ZGY trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\1b52541d-51cb5fd8    a variant of Java/Exploit.CVE-2011-3544.AW trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\10906365-4b3322ac    Java/Agent.EX trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\6910162c-54539759    a variant of Java/Exploit.CVE-2011-3544.N trojan
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm\contentscript.js    Win32/TrojanDownloader.Tracur.F trojan
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe    Win32/Patched.HN trojan
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4(2).exe    Win32/Patched.HN trojan
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uer72yq9.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uer72yq9.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\WindowsManagerPolicy.dll.vir    Win32/TrojanDownloader.Tracur.I trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8z1ef0q.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8z1ef0q.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\ServiceUser.dll.vir    a variant of Win32/Kryptik.UAE trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll.vir    a variant of Win32/Kryptik.UAE trojan
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Juniper Networks\Common Files\dsNcService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\c_70823.nl_.vir    a variant of Win32/Sirefef.CR trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\imapi.sys.vir    Win32/Patched.NBE trojan
C:\Qoobox\Quarantine\C\xampp\apache\bin\apache.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\xampp\mysql\bin\mysqld-nt.exe.vir    Win32/Patched.HN trojan
Operating memory    Win32/Patched.HN trojan
 


4. SecurityCheck log file.

 

 Results of screen317's Security Check version 0.99.59  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 ESET Online Scanner v3   
 Adobe After Effects CS3 Presets  
 McAfee Security Scan Plus   
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 HijackThis 2.0.2    
 Java™ 6 Update 23  
 Java™ 6 Update 22  
 Java 7 Update 13  
 Java™ 6 Update 3  
 Java™ 6 Update 5  
 Java™ 6 Update 7  
 Adobe Flash Player     11.6.602.168  
 Mozilla Firefox 18.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 5% 
````````````````````End of Log`````````````````````` 
 


5. An update on how your computer is currently running.

seems to be doing much better 



#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 25 February 2013 - 05:41 PM

Hi!

Your logs still seem to indicate some pretty big issues.

Some files on your operating system, appear to be patched by malware.

We will need to utilize ComboFix again, this time running it with a script.

I think this was cause by a file that I open up from the internet. Is there something that you recommend to check files for malicious code.

You can use a site called VirusTotal.com which enables you to upload a file to their site, and check it to see if the file is detected as being malicious from multiple Anti-Virus companies.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

  • Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
    KillAll::
    File::
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\1b52541d-51cb5fd8
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\10906365-4b3322ac
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\6910162c-54539759
    c:\documents and settings\Owner\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk
    Folder::
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm\
    SRPeek::
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4(2).exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"

    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    CFScriptB-4.gif
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 26 February 2013 - 09:37 AM

Thanks for the advise, here is the log
 
 
ComboFix 13-02-24.01 - Owner 02/26/2013   8:09.5.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1194 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk"
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632"
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\1b52541d-51cb5fd8"
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\10906365-4b3322ac"
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\6910162c-54539759"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk
c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632
c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\1b52541d-51cb5fd8
c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\10906365-4b3322ac
c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\6910162c-54539759
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm\contentscript.js
c:\documents and settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm\manifest.json
c:\documents and settings\Owner\Start Menu\Programs\Startup\E1BA862E-F205-FA29-DB66-46CA7EC00259.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-26 to 2013-02-26  )))))))))))))))))))))))))))))))
.
.
2013-02-26 14:10 . 2013-02-26 14:10    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\Apple Computer
2013-02-24 14:50 . 2013-02-24 14:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee Security Scan
2013-02-24 14:50 . 2013-02-24 14:50    --------    d-----w-    c:\program files\McAfee Security Scan
2013-02-24 14:50 . 2013-02-24 15:01    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-24 07:38 . 2008-04-14 06:11    42112    -c--a-w-    c:\windows\system32\dllcache\imapi.sys
2013-02-24 07:38 . 2008-04-14 06:11    42112    ----a-w-    c:\windows\system32\drivers\imapi.sys
2013-02-21 15:47 . 2013-02-21 15:47    --------    d-----w-    c:\program files\Cobian Backup 11
2013-02-15 15:29 . 2013-02-15 15:29    1409    ----a-w-    c:\windows\QTFont.for
2013-02-14 22:23 . 2013-02-14 22:23    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-14 14:45 . 2009-10-20 14:57    4194304    ----a-w-    c:\windows\system32\cdintf400.dll
2013-02-13 19:14 . 2013-02-13 19:14    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\Sun
2013-02-10 14:38 . 2013-02-10 14:37    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-10 14:38 . 2013-02-10 14:37    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-10 14:10 . 2013-02-10 14:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2013-02-08 23:50 . 2013-02-08 23:50    151552    ----a-w-    c:\windows\KMSEmulator.exe
2013-02-08 23:41 . 2013-02-08 23:41    --------    d-----w-    c:\program files\Microsoft Sync Framework
2013-02-08 23:38 . 2013-02-08 23:38    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2013-02-08 23:37 . 2013-02-08 23:37    --------    d-----w-    c:\program files\Microsoft Analysis Services
2013-02-08 23:36 . 2013-02-08 23:43    --------    d-----w-    c:\windows\SHELLNEW
2013-02-08 23:09 . 2013-02-14 23:35    --------    d-----w-    c:\documents and settings\Owner\Application Data\Nico Mak Computing
2013-02-07 19:39 . 2013-02-07 19:39    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\join.me
2013-02-07 17:12 . 2013-02-07 17:12    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\TechSmith
2013-02-07 17:12 . 2013-02-07 17:12    --------    d-----w-    c:\program files\TechSmith
2013-02-07 05:25 . 2013-02-07 05:25    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\DynaSCAPE_Software
2013-02-06 17:16 . 2013-02-06 17:16    4792320    ----a-w-    c:\windows\system32\cdintf450.dll
2013-02-06 17:16 . 2008-06-09 22:54    98304    ------w-    c:\windows\system32\securegg.dll
2013-02-06 17:16 . 2007-11-07 07:19    655872    ------w-    c:\windows\system32\msvcr90.dll
2013-02-06 17:16 . 1998-12-02 14:11    143360    ------w-    c:\windows\system32\vbuzip10.dll
2013-02-06 17:16 . 1998-03-26 08:12    53248    ------w-    c:\windows\system32\zlib.dll
2013-02-06 17:16 . 2007-11-07 07:19    568832    ------w-    c:\windows\system32\msvcp90.dll
2013-02-06 17:16 . 2007-11-07 02:23    224768    ------w-    c:\windows\system32\msvcm90.dll
2013-02-06 17:15 . 2006-06-27 20:57    126976    ------w-    c:\windows\system32\Dolphin.dll
2013-02-06 17:15 . 2004-03-18 18:10    24576    ------w-    c:\windows\system32\CompressZItLib6.dll
2013-02-06 17:14 . 2013-02-14 14:44    --------    d-----w-    c:\program files\DynaSCAPE
2013-02-01 19:04 . 2013-02-01 19:04    --------    d-----w-    c:\documents and settings\Owner\Application Data\inkscape
2013-02-01 18:49 . 2013-02-01 18:52    --------    d-----w-    c:\program files\Inkscape
2013-01-31 13:22 . 2013-01-31 13:22    --------    d-----w-    c:\program files\Dropbox
2013-01-30 20:24 . 2013-01-30 20:24    --------    d-----w-    c:\program files\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-24 15:01 . 2011-09-20 19:21    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 14:37 . 2007-12-29 00:31    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-02-10 14:37 . 2011-01-22 01:52    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2004-08-04 12:00    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-04 12:00    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 12:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2009-10-10 13:51    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-07 17:29 . 2013-02-07 17:28    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((   SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 1207080]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-02-08 1051984]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-07 185896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
WinMySQLadmin.lnk - c:\xampp\mysql\bin\winmysqladmin.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-11 688128]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Craft ROBO Status Supervisor.lnk]
backup=c:\windows\pss\Craft ROBO Status Supervisor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38    623992    ----a-w-    c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22    421736    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 23:51    3885408    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 18:59    18705664    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-02-14 23:04    1597864    ----a-w-    c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Cutting Master 2 for CraftROBO 1.30\\Program\\App2.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\half-life 2 deathmatch\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blazing angels squadrons of wwii\\SettingsApplication.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\LayOut\\LayOut.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\arizno\\day of defeat\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [2/21/2013 9:47 AM 67584]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [3/9/2011 9:43 AM 22504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/20/2012 1:10 PM 398184]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/17/2008 10:32 AM 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/10/2009 7:51 AM 21104]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [10/19/2011 1:14 PM 17408]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/10/2009 7:51 AM 682344]
S2 netpker;netpker; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [12/28/2008 12:21 AM 48896]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/14/2013 4:23 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [9/5/2012 9:56 AM 234776]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [12/25/2009 10:28 AM 386560]
S3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [12/25/2009 10:28 AM 20992]
S3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [12/25/2009 10:28 AM 33792]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [11/10/2007 5:40 PM 347648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 15:01]
.
2013-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 21:33]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-11 21:33]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 21:33]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-08 21:33]
.
2013-02-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2012-07-13 21:21]
.
2013-02-21 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2012-07-13 21:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: gotomeeting.com\www2
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020613&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 08:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?W 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B0D95F3-6F06-DD87-5F19-FB14CD5377BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\™HE«ÞK$x    *æ*hƒÝwæ*æ**]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4884)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-02-26  08:29:37 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-26 14:29
ComboFix2.txt  2013-02-24 14:42
ComboFix3.txt  2008-12-18 18:14
.
Pre-Run: 126,373,621,760 bytes free
Post-Run: 126,771,630,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - C501DFB663D9E2F0CFAF35E2A8E2BD11


#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 26 February 2013 - 03:26 PM

Hi!

Please download the following file to your computer: http://downloads.linksys.com/downloads/driver/WMP54Gv4_20050503.exe

Save it to your Desktop.



NEXT:

Please go to Start > Control Panel > Add/Remove Programs

Remove the following programs:

HijackThis 2.0.2
Java 6 Update 23
Java 6 Update 22
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7



NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4(2).exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • NEXT:



    MalwareBytes' Anti-Malware Uninstall

    Please do the following:
    • Download and run mbam-clean.exe from here
    • It will ask to restart your computer, please allow it to do so very important
    • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
      • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
      • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
        Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
    NEXT:


    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:
    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform quick scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT:


    ESET Online Scanner
    I'd like us to scan your machine with ESET Online Scan

    Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the esetOnline.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
    • Check esetAcceptTerms.png
    • Click the esetStart.png button.
    • Accept any security warnings from your browser.
    • Check esetScanArchives.png
    • Make sure that the option "Remove found threats" is Unchecked
    • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
      • Enable Anti-Stealth technology
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    • Push the esetBack.png button.
    • Push esetFinish.png

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 27 February 2013 - 11:26 AM

Actually the infection came from a program. Is there any way to check large files. I see that virustotal.com only allows up to 35 MB and the file I want to check is 680MB. BTW Malware Bytes found no threats.

 

 

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe moved successfully.
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4(2).exe moved successfully.
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe moved successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2923830 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 700096 bytes
 
User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 8060995 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4400730 bytes
->Flash cache emptied: 1381 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Owner
->Temp folder emptied: 20228472 bytes
->Temporary Internet Files folder emptied: 3872219 bytes
->Java cache emptied: 102481 bytes
->FireFox cache emptied: 188884376 bytes
->Google Chrome cache emptied: 365148683 bytes
->Flash cache emptied: 3091165 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3939357 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 576.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: Owner
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: LocalService
->Java cache emptied: 0 bytes
 
User: NetworkService
 
User: Owner
->Java cache emptied: 0 bytes
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_170746
 
Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\WCESLog.log moved successfully.
C:\WINDOWS\temp\HPSLPSVC0000.log moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_748.dat not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
HERE IS THE ESET INFO
 
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uer72yq9.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uer72yq9.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\WindowsManagerPolicy.dll.vir    Win32/TrojanDownloader.Tracur.I trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8z1ef0q.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\c8z1ef0q.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome.manifest.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{dc4a2186-3a92-4e6e-b551-049571b9fd18}\chrome\xulcache.jar.vir    JS/Agent.NDO trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\72b540d3-51a68632.vir    a variant of Win32/Kryptik.ZGY trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\1b52541d-51cb5fd8.vir    a variant of Java/Exploit.CVE-2011-3544.AW trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\10906365-4b3322ac.vir    Java/Agent.EX trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\44\6910162c-54539759.vir    a variant of Java/Exploit.CVE-2011-3544.N trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\ServiceUser.dll.vir    a variant of Win32/Kryptik.UAE trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll.vir    a variant of Win32/Kryptik.UAE trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jnfoemjmjlpibgpkaofpdfmkgnhkojcm\contentscript.js.vir    Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Juniper Networks\Common Files\dsNcService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\c_70823.nl_.vir    a variant of Win32/Sirefef.CR trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\imapi.sys.vir    Win32/Patched.NBE trojan
C:\Qoobox\Quarantine\C\xampp\apache\bin\apache.exe.vir    Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\xampp\mysql\bin\mysqld-nt.exe.vir    Win32/Patched.HN trojan
C:\_OTL\MovedFiles\02262013_170746\C_Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe    Win32/Patched.HN trojan
C:\_OTL\MovedFiles\02262013_170746\C_Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4(2).exe    Win32/Patched.HN trojan
C:\_OTL\MovedFiles\02262013_170746\C_Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe    Win32/Patched.HN trojan


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 27 February 2013 - 06:02 PM

Hi!

Actually the infection came from a program. Is there any way to check large files. I see that virustotal.com only allows up to 35 MB and the file I want to check is 680MB. BTW Malware Bytes found no threats.

You'd have to scan the file with your anti-virus program before opening it. Where are you downloading these files from?

OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %systemroot%\*. /rp /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the qscan.png button.
  • A report will open. Copy and Paste that report in your next reply.
  • NEXT:



    What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 arizno

arizno
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 27 February 2013 - 06:27 PM

Downloaded from piratebay.

 

Not experiencing any issues really other than my Malwarebyte had a popup that said it stopped a suspicious outgoing message.

 

 

OTL logfile created on: 2/27/2013 5:09:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.43% Memory free
3.14 Gb Paging File | 1.16 Gb Available in Paging File | 37.09% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 117.97 Gb Free Space | 50.66% Space Free | Partition Type: NTFS
Drive D: | 43.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HOUSE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/22 07:53:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
PRC - [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/02/19 15:43:52 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/02/10 08:37:58 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/06 01:38:19 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/20 13:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/01/07 14:56:16 | 002,909,640 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PRC - [2012/09/05 09:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
PRC - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/06 21:16:16 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007/01/30 01:52:06 | 000,688,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/01/23 15:44:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/11/16 04:49:44 | 005,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/26 22:33:55 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_elementtree.pyd
MOD - [2013/02/26 22:33:54 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pysqlite2._sqlite.pyd
MOD - [2013/02/26 22:33:54 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32api.pyd
MOD - [2013/02/26 22:33:54 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_socket.pyd
MOD - [2013/02/26 22:33:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32ts.pyd
MOD - [2013/02/26 22:33:53 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._gdi_.pyd
MOD - [2013/02/26 22:33:53 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32com.shell.shell.pyd
MOD - [2013/02/26 22:33:53 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pyexpat.pyd
MOD - [2013/02/26 22:33:53 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._html2.pyd
MOD - [2013/02/26 22:33:53 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32crypt.pyd
MOD - [2013/02/26 22:33:52 | 001,024,616 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\windows._cacheinvalidation.pyd
MOD - [2013/02/26 22:33:51 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pythoncom26.dll
MOD - [2013/02/26 22:33:51 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_ctypes.pyd
MOD - [2013/02/26 22:33:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32profile.pyd
MOD - [2013/02/26 22:33:50 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._misc_.pyd
MOD - [2013/02/26 22:33:49 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32security.pyd
MOD - [2013/02/26 22:33:49 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\PyWinTypes26.dll
MOD - [2013/02/26 22:33:48 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_ssl.pyd
MOD - [2013/02/26 22:33:47 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._core_.pyd
MOD - [2013/02/26 22:33:47 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32process.pyd
MOD - [2013/02/26 22:33:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32pdh.pyd
MOD - [2013/02/26 22:33:44 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._windows_.pyd
MOD - [2013/02/26 22:33:44 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_hashlib.pyd
MOD - [2013/02/26 22:33:42 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._wizard.pyd
MOD - [2013/02/26 22:33:42 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32file.pyd
MOD - [2013/02/26 22:33:42 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32inet.pyd
MOD - [2013/02/26 22:33:27 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._controls_.pyd
MOD - [2013/02/26 22:33:25 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32event.pyd
MOD - [2013/02/26 22:33:24 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\unicodedata.pyd
MOD - [2013/02/26 22:33:23 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\select.pyd
MOD - [2013/02/20 23:23:44 | 000,459,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll
MOD - [2013/02/20 23:23:43 | 012,637,136 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
MOD - [2013/02/20 23:23:42 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll
MOD - [2013/02/20 23:22:48 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll
MOD - [2013/02/13 09:09:38 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1903b8df5ab9ea0392f9f066a7aa9163\WindowsFormsIntegration.ni.dll
MOD - [2013/02/13 09:06:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 09:06:50 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/13 03:10:30 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/13 03:09:45 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/01/26 11:20:04 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll
MOD - [2013/01/26 10:24:45 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/26 10:24:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/26 09:27:30 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013/01/26 03:51:54 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/26 03:51:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/26 03:50:54 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013/01/26 03:48:48 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/26 03:48:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/26 03:34:51 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll
MOD - [2013/01/26 03:34:30 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll
MOD - [2013/01/26 03:34:15 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll
MOD - [2013/01/26 03:34:12 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\471ffd2d91c4e06f89c84c93cfeddedf\PresentationFramework.Classic.ni.dll
MOD - [2013/01/26 03:30:04 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/26 03:29:42 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/26 03:29:16 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/26 03:29:13 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/26 03:29:02 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/26 03:28:53 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/03/06 15:29:48 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
MOD - [2008/12/21 06:52:30 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3257.27115__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2008/12/21 06:52:30 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3257.27112__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2008/12/21 06:52:29 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2008/12/21 06:52:29 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2008/12/21 06:52:29 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3257.27108__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3257.27061__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3257.27076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:28 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:28 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:27 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:27 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:25 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/12/21 06:52:25 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:25 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3257.27072__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,716,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3257.27051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/12/21 06:52:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:24 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/12/21 06:52:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/12/21 06:52:23 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/12/21 06:52:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/12/21 06:52:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/12/21 06:52:21 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/12/21 06:52:21 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/12/21 06:52:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/12/21 06:52:21 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/12/21 06:52:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/12/21 06:52:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/12/21 06:52:20 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/12/21 06:52:19 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/12/21 06:52:19 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/12/21 06:52:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/12/21 06:52:19 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008/12/21 06:52:19 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008/12/21 06:52:19 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/12/21 06:52:18 | 000,532,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/12/21 06:52:18 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/12/21 06:52:18 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/12/21 06:52:18 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/12/21 06:52:18 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008/12/21 06:52:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/12/21 06:52:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/12/21 06:52:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/12/21 06:52:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/12/21 06:52:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/12/21 06:52:17 | 001,073,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/12/21 06:52:17 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/12/21 06:52:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll
MOD - [2008/12/21 06:52:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/12/21 06:52:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/12/21 06:52:17 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/12/21 06:52:17 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/12/21 06:52:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/09/29 07:48:42 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/02/08 01:18:18 | 001,119,768 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL
MOD - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
MOD - [2007/02/08 01:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
MOD - [2006/06/20 21:34:28 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2005/10/04 19:26:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.dll
MOD - [2005/03/21 00:36:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll
MOD - [2005/02/24 20:15:20 | 000,102,400 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ses_cl.dll
MOD - [2004/09/29 15:51:28 | 000,122,880 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ez54g.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 00:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] --  -- (netpker)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/27 14:00:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/10 08:37:58 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/07 11:29:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 22:11:40 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/05 09:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/11 20:22:50 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/06/14 11:02:12 | 000,017,408 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/01/04 19:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\SynasUSB.sys -- (SynasUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/19 17:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/07/30 04:01:09 | 000,386,560 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/07/30 04:01:09 | 000,033,792 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV - [2009/07/30 04:01:09 | 000,020,992 | R--- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV - [2008/12/01 16:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/13 02:20:14 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/03/22 15:37:20 | 000,113,896 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2007/10/23 10:51:04 | 000,103,296 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/09/27 14:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007/09/19 17:01:06 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007/03/26 05:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2007/01/23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/01/23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/23 15:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/28 21:51:12 | 000,083,968 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/27 15:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2005/08/29 16:43:30 | 000,070,028 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\trackca4.sys -- (trackcam4)
DRV - [2005/03/02 11:13:50 | 000,053,344 | ---- | M] (Warp Nine Engineering) [Kernel | Auto | Running] -- C:\Program Files\Cutting Master 2 for CraftROBO 1.30\Program\Par1284.sys -- (Par1284)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 18:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/08 09:43:52 | 000,347,648 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2003/11/06 12:04:24 | 000,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 D5 F0 DF C5 F8 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 26 E7 A0 01 02 BB BE 4F AC 53 44 90 7F 0D AA 4C  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020613&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AC3DAED6-5993-478C-9473-E22BB9D534E7}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=020613"
FF - prefs.js..extensions.enabledAddons: fireml%40sirma.bg:1.1.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/06/07 07:57:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/06/07 07:57:20 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine:  File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=2:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/06 21:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/29 07:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 11:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/10 08:38:26 | 000,000,000 | ---D | M]
 
[2013/02/14 17:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/02/15 09:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions
[2011/01/21 15:25:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/19 17:26:12 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/27 02:09:26 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013/01/26 02:09:22 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\foxmarks@kei.com
[2013/01/30 02:10:48 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\firebug@software.joehewitt.com.xpi
[2012/08/04 05:38:09 | 000,127,725 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\fireml@sirma.bg.xpi
[2013/01/26 02:09:09 | 000,200,692 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\yslow@yahoo-inc.com.xpi
[2013/01/26 02:09:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/06 12:18:29 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\bingp.xml
[2009/03/30 06:21:26 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\live-search.xml
[2012/06/18 19:53:02 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p728bjgo.default\searchplugins\Search_Results.xml
[2013/02/14 17:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/07 11:29:03 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/03/20 10:06:50 | 000,454,656 | ---- | M] (StoneTrip) -- C:\Program Files\mozilla firefox\plugins\npSton3D.dll
[2013/01/29 10:43:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/18 19:53:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013/01/29 10:43:36 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Ston3D Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npSton3D.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Groups = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk\1.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Lab = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0\
CHR - Extension: NPR Infinite Player = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf\2.1_0\
CHR - Extension: Vector Paint = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo\3.0.0.0_0\
CHR - Extension: Hojoki = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifjcgdcbhobdcojhnabjlholpbdmnpaa\1.1_0\
CHR - Extension: Zillow = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh\1.2_0\
CHR - Extension: Dropbox = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.3_0\
CHR - Extension: ManageWP = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfehlfmidmihiohmobbfnbpgkckijbjj\1.4_0\
CHR - Extension: Codenious Lead Grabber = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdopkggfffjkhfchefogomfekianehhl\1.2.2_0\
CHR - Extension: WordPress.com = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: Zoho CRM = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn\1.1.1_0\
CHR - Extension: Google Play = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: ShiftEdit = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0\
CHR - Extension: Fileminx = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbmphdinbmonlcogmljkkahppnkannma\2.0_0\
CHR - Extension: yaM - Yet Another Meeting = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbnfkccbgkpneighofmeciblmfdbfdib\1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/02/26 17:08:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: gotomeeting.com ([www2] https in Trusted sites)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c7/v19.108/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://portal.discoverfinancial.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39EF68B0-2CF1-47EB-9C27-F44CA40A5326}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/10 16:36:47 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/02/28 21:42:20 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 22:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/02/26 22:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/26 22:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/26 22:42:10 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/26 22:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/26 22:26:28 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2013/02/26 22:11:59 | 000,356,096 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt61.sys
[2013/02/26 22:11:59 | 000,243,328 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt2500.sys
[2013/02/26 22:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys Wireless-G PCI Adapter
[2013/02/26 17:10:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/26 17:07:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/26 08:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/02/25 23:09:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/25 12:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Rosebrook
[2013/02/24 08:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2013/02/24 08:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/24 08:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/02/22 12:28:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\My Documents\Google Drive
[2013/02/22 07:57:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/02/22 07:53:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
[2013/02/21 09:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
[2013/02/21 09:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2013/02/14 08:45:41 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2013/02/13 15:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\website images
[2013/02/13 13:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
[2013/02/11 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Camp
[2013/02/11 23:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\__MACOSX
[2013/02/10 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2013/02/08 17:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2013/02/08 17:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/02/08 17:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/02/08 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/02/08 17:36:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/02/08 17:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2013/02/07 13:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\join.me
[2013/02/07 11:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/07 11:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\TechSmith
[2013/02/07 11:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TechSmith
[2013/02/07 11:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2013/02/06 23:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\DynaSCAPE_Software
[2013/02/06 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Drawings
[2013/02/06 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DynaSCAPEDS
[2013/02/06 12:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/02/06 11:16:51 | 004,792,320 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2013/02/06 11:16:21 | 000,143,360 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\vbuzip10.dll
[2013/02/06 11:15:53 | 000,126,976 | ---- | C] (Coyote Software Corp) -- C:\WINDOWS\System32\Dolphin.dll
[2013/02/06 11:15:53 | 000,024,576 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\CompressZItLib6.dll
[2013/02/06 11:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DynaSCAPE
[2013/02/06 11:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\DynaSCAPE
[2013/02/01 13:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\inkscape
[2013/02/01 12:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2013/02/01 08:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fire It Up
[2013/01/31 07:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013/01/30 14:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/30 14:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/27 17:00:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/27 17:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2013/02/27 16:43:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 16:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003UA.job
[2013/02/27 02:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-261478967-839522115-1003Core.job
[2013/02/27 01:43:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 22:42:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/26 22:32:53 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2013/02/26 22:32:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/26 22:11:41 | 000,000,890 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2013/02/26 17:08:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/02/26 17:00:16 | 006,031,962 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WMP54Gv4_20050503.exe
[2013/02/26 08:20:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/25 23:09:18 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/02/25 22:50:05 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2013/02/25 07:39:05 | 000,141,312 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/24 18:56:52 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/02/24 08:50:50 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/02/24 08:50:50 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/24 01:32:59 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2013/02/23 15:44:53 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brick.eps
[2013/02/23 15:41:36 | 000,063,948 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brick.jpg
[2013/02/23 15:30:06 | 000,113,942 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AutoSave_design.skp
[2013/02/23 15:25:19 | 000,197,936 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brick4.5.dae
[2013/02/23 15:22:55 | 000,109,213 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\design.skp
[2013/02/23 15:22:40 | 000,043,388 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\brick4.5.jpg
[2013/02/23 15:22:07 | 000,193,542 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\coping4.5.dae
[2013/02/23 15:18:24 | 000,193,542 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\design.dae
[2013/02/23 15:17:30 | 000,110,695 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\design.skb
[2013/02/23 07:23:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/23 04:45:31 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/23 04:45:31 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2013/02/22 12:28:04 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Drive.lnk
[2013/02/22 09:37:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/02/22 07:59:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/02/22 07:53:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL (2).exe
[2013/02/21 03:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2013/02/18 08:32:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/02/15 09:29:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/02/14 17:17:32 | 001,305,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 16:37:24 | 000,759,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DynaSCAPE Intermediate Web Training Reference.pdf
[2013/02/14 08:44:32 | 000,001,395 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Color.lnk
[2013/02/13 03:28:41 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/02/13 03:22:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 03:06:43 | 000,544,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:06:43 | 000,103,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 10:29:04 | 000,011,947 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg3.png
[2013/02/12 00:22:14 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2013/02/11 16:39:27 | 000,004,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\customLogo.png
[2013/02/08 17:50:50 | 000,151,552 | ---- | M] () -- C:\WINDOWS\KMSEmulator.exe
[2013/02/08 17:09:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/08 09:44:28 | 000,067,036 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\concrete-countertop-training.pdf
[2013/02/07 13:39:30 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\join.me.lnk
[2013/02/06 12:17:48 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/06 11:16:48 | 004,792,320 | ---- | M] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf450.dll
[2013/02/06 11:15:01 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Design.lnk
[2013/02/01 16:25:52 | 000,010,895 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\profile.jpg
[2013/02/01 16:10:03 | 000,013,214 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ssi-logo.jpg
[2013/02/01 12:52:06 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2013/01/31 07:23:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/31 07:22:09 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013/02/26 22:42:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/26 22:11:59 | 000,007,878 | ---- | C] () -- C:\WINDOWS\System32\RT2500.CAT
[2013/02/26 22:11:59 | 000,007,870 | ---- | C] () -- C:\WINDOWS\System32\rt61.cat
[2013/02/26 22:11:41 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2013/02/26 17:00:13 | 006,031,962 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\WMP54Gv4_20050503.exe
[2013/02/25 22:50:05 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2013/02/24 18:56:52 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mbam.context.scan
[2013/02/24 08:50:50 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2013/02/24 08:50:50 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/24 08:50:49 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/24 01:32:59 | 000,000,339 | ---- | C] () -- C:\Boot.bak
[2013/02/24 01:32:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/23 15:44:53 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\brick.eps
[2013/02/23 15:41:36 | 000,063,948 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\brick.jpg
[2013/02/23 15:30:06 | 000,113,942 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AutoSave_design.skp
[2013/02/23 15:25:19 | 000,197,936 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\brick4.5.dae
[2013/02/23 15:22:55 | 000,110,695 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\design.skb
[2013/02/23 15:22:40 | 000,043,388 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\brick4.5.jpg
[2013/02/23 15:22:07 | 000,193,542 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\coping4.5.dae
[2013/02/23 15:18:24 | 000,193,542 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\design.dae
[2013/02/23 15:17:30 | 000,109,213 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\design.skp
[2013/02/22 12:28:04 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Drive.lnk
[2013/02/22 10:34:39 | 001,667,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/22 09:37:16 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/02/16 15:05:22 | 001,094,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1606980848-261478967-839522115-1003-0.dat
[2013/02/15 09:29:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/02/15 09:29:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/02/14 16:37:23 | 000,759,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DynaSCAPE Intermediate Web Training Reference.pdf
[2013/02/14 08:44:32 | 000,001,395 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Color.lnk
[2013/02/12 10:29:04 | 000,011,947 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\navigation-bg3.png
[2013/02/12 00:22:14 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
[2013/02/11 16:39:27 | 000,004,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\customLogo.png
[2013/02/08 18:02:48 | 001,094,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/08 17:50:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\KMSEmulator.exe
[2013/02/08 17:09:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/02/08 09:44:56 | 000,067,036 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\concrete-countertop-training.pdf
[2013/02/07 13:39:30 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\join.me.lnk
[2013/02/07 13:39:30 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\join.me.lnk
[2013/02/06 11:16:21 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\securegg.dll
[2013/02/06 11:16:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2013/02/06 11:15:01 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DynaSCAPE Design.lnk
[2013/02/01 16:25:52 | 000,010,895 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\profile.jpg
[2013/02/01 16:10:03 | 000,013,214 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ssi-logo.jpg
[2013/02/01 12:52:20 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2013/02/01 12:52:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2012/07/23 07:56:45 | 000,058,919 | ---- | C] () -- C:\Documents and Settings\Owner\AutoSave_Untitled.skp
[2012/02/27 18:05:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/18 17:52:29 | 000,333,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/15 11:36:14 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SpecoMC.INI
[2012/02/15 11:35:05 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\config_hdp_148CF244CB4A4467BE7989DC2B67D9B6.ini
[2012/02/15 11:33:58 | 001,297,408 | ---- | C] () -- C:\WINDOWS\System32\CNC_Ctrl.dll
[2011/10/19 02:15:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 02:15:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/29 07:04:59 | 000,205,441 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/09/29 07:04:59 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/09/25 21:01:21 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2010/01/06 08:58:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pm041003.sys
[2009/03/08 23:02:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2008/04/19 18:36:23 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2008/04/18 14:26:09 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/02/22 21:42:29 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/09 10:30:27 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/13 13:14:37 | 000,141,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2007/11/10 19:10:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008/04/19 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2012/02/14 12:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AddressGrabber for Web CRM
[2013/02/14 17:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/19 13:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/02/14 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2013/02/14 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/11/13 00:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/01/05 10:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/09/25 21:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/08/30 08:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2012/08/23 11:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/08/30 08:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
[2012/08/23 11:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2013/02/14 17:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/12/25 10:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2012/02/07 21:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/04/24 17:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACT
[2008/03/18 16:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aptana
[2012/01/29 17:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Arduino
[2008/05/28 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/12/11 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Cakewalk
[2011/04/27 10:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/04/19 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CompanionLink
[2008/08/17 22:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Composer
[2013/02/27 14:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2011/09/19 17:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
[2011/09/19 17:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DVDVideoSoftIEHelpers
[2013/02/15 09:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2012/04/18 21:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2008/11/25 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Grape Systems
[2013/02/01 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\inkscape
[2008/01/19 13:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Inspiration Software
[2007/12/06 21:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/04/18 14:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IsolatedStorage
[2009/01/05 18:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Juniper Networks
[2007/12/11 16:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/12/28 00:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\n52te
[2008/01/07 14:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2013/02/14 17:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2010/12/21 13:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2012/03/06 15:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/08/30 08:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Palo Alto Software
[2010/01/06 08:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhiMatrix
[2007/12/29 18:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\phpDesigner 2008
[2008/08/17 18:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Plazmic
[2012/02/27 19:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\salesforce.com
[2012/11/14 13:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
[2012/02/14 13:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simply Super Software
[2009/12/25 10:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2008/08/02 23:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StoneTrip
[2008/12/26 09:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2009/05/06 06:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2013/02/14 17:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/02/10 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\URSoft
[2013/02/26 22:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/10/21 06:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vu360
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/07 11:29:01 | 000,864,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/07 11:29:03 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/02/20 23:23:46 | 001,274,320 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/12/24 00:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< %systemroot%\*. /rp /s >
 
< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-02-13 09:28:44
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 922891 bytes -> C:\WINDOWS\Temp:temp
 
< End of report >


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:30 PM

Posted 28 February 2013 - 06:24 PM

Hi!

Downloaded from piratebay.

Continuing to download programs and other things from PirateBay, while infect you again.

Please see the following warning;

Special Thanks goes to Quietman7 for the canned speech below.

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smrgÂsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!


NEXT:

Not experiencing any issues really other than my Malwarebyte had a popup that said it stopped a suspicious outgoing message.

Exactly how long ago did you see this suspicious outgoing message pop-up?


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    MOD - [2013/02/26 22:33:55 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_elementtree.pyd
    MOD - [2013/02/26 22:33:54 | 000,571,392 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pysqlite2._sqlite.pyd
    MOD - [2013/02/26 22:33:54 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32api.pyd
    MOD - [2013/02/26 22:33:54 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_socket.pyd
    MOD - [2013/02/26 22:33:54 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32ts.pyd
    MOD - [2013/02/26 22:33:53 | 000,792,576 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._gdi_.pyd
    MOD - [2013/02/26 22:33:53 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32com.shell.shell.pyd
    MOD - [2013/02/26 22:33:53 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pyexpat.pyd
    MOD - [2013/02/26 22:33:53 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._html2.pyd
    MOD - [2013/02/26 22:33:53 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32crypt.pyd
    MOD - [2013/02/26 22:33:52 | 001,024,616 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\windows._cacheinvalidation.pyd
    MOD - [2013/02/26 22:33:51 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\pythoncom26.dll
    MOD - [2013/02/26 22:33:51 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_ctypes.pyd
    MOD - [2013/02/26 22:33:51 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32profile.pyd
    MOD - [2013/02/26 22:33:50 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._misc_.pyd
    MOD - [2013/02/26 22:33:49 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32security.pyd
    MOD - [2013/02/26 22:33:49 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\PyWinTypes26.dll
    MOD - [2013/02/26 22:33:48 | 000,645,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_ssl.pyd
    MOD - [2013/02/26 22:33:47 | 001,169,408 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._core_.pyd
    MOD - [2013/02/26 22:33:47 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32process.pyd
    MOD - [2013/02/26 22:33:47 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32pdh.pyd
    MOD - [2013/02/26 22:33:44 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._windows_.pyd
    MOD - [2013/02/26 22:33:44 | 000,311,808 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\_hashlib.pyd
    MOD - [2013/02/26 22:33:42 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._wizard.pyd
    MOD - [2013/02/26 22:33:42 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32file.pyd
    MOD - [2013/02/26 22:33:42 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32inet.pyd
    MOD - [2013/02/26 22:33:27 | 001,056,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\wx._controls_.pyd
    MOD - [2013/02/26 22:33:25 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\win32event.pyd
    MOD - [2013/02/26 22:33:24 | 000,585,728 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\unicodedata.pyd
    MOD - [2013/02/26 22:33:23 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\select.pyd
    SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe -- (WMP54Gv4SVC)
    SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
    SRV - File not found [Auto | Stopped] --  -- (netpker)
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120306B7CA437C95C0CB50A9E8BAB6&q={searchTerms}
    IE - HKCU\..\SearchScopes\{AC3DAED6-5993-478C-9473-E22BB9D534E7}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WinMySQLadmin.lnk =  File not found
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
    [2010/01/06 08:58:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pm041003.sys
    @Alternate Data Stream - 922891 bytes -> C:\WINDOWS\Temp:temp
    
    :Reg
    
    :Files
    dir /s "C:\WINDOWS\SHELLNEW" /c
    C:\Documents and Settings\Owner\Local Settings\temp\_MEI21282\
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users