Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection virus - have I removed it? Help!


  • This topic is locked This topic is locked
47 replies to this topic

#1 gak1952

gak1952

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 03 June 2013 - 06:25 PM

I'm struggling to remove a redirecton virus. I can't tell if I've finally gotten rid of it.

 

My problems started with regular virus infections (friends told me I was sending them viruses). First, I had a company I pay for technical support try and clean my machine. They did what they could and installed AVG Business Edition (I was previously running PrevX and Malwarebytes. Now I just run AVG Business Edition).

 

Unfortunately, I was still left with a redirection virus which they didn't take seriously so I decided to tackle it myself. The virus infected Mozilla, IE and Chrome. Every so often (probably according to an algorithm I couldn't spot the pattern for) I would click to open a new tab and instead of going to this tab I would be catapulted into an unrelated and unwanted tab. These tabs were rarely malicious websites. Instead they were usually commercial sites trying to sell me something more or less (usually less) related to what I was browsing for.

 

I started removing it by running a slew of anti-malware programs (Malwarebytes, Spybot, Ccleaner, HiJackthis, HitmanPro, Gmer, Rootkit Revealer, AVG Business Edition and TDSSKiller). This didn't work so I ran these programs again in Safe Mode without Networking.

 

I think I found what may have been viruses, but the redirection virus was still working away. After more research I reset IE profiles/settings back to their defaults (I did this three times to make sure it stuck) I then went into the registry and cleaned out the IE keys of various hacks. Alas, the redirecton was still there as I kept on getting redirected.

 

I then started looking at Firefox. I manually edited my Firefox preferencs file. I found a lot of what I suspected was left over junk from invasive toolbars like Conduit that I had previously disabled. I couldn't erase these entries. However, I disabled them by overwriting them with Firefox 'defaults'. I also deleted some of the files in my C:\Documents and Settings\XXX\Application Data\Mozilla\Firefox folders.

 

Still I couldn't find anything that looked like it was related to a redirecton virus. Sure enough I kept on getting redirected.

 

Further research led me to a program called AdwCleaner v2.301. I've attached the output from this program below. The program runs in two parts. The first part scans the system. The second part deletes what the program thinks is a problem. I didn't run the second part. One reason for this is that my System Restore is not functioning so I can't create a restore point. Secondly, the program seems to be telling me that not only are my Firefox files clean, but so is my registry.

 

I couldn't believe my registry was clean as that's the last place I haven't systematically cleaned or searched (readers should note that I'm a beginner at htis and am learning as I go along).

 

I'm not sure if I may have fixed the problem. Yesterday I was getting redirected. Today I'm not. The problem is, I don't think I did anything yesterday to try and remove the redirector.

 

One other thing: ever since I've had the virus I haven't been able to use my mouse to highlight anything in the google search box when I'm in Firefox. Today I finally can. Perhaps this is another sign that whatiever I've done has eliminated the redirection virus. Also my Firefox browser seems to be running more smoothly and quicker today.

 

So finally my question: where would you suggest I go from here? Since I haven't gotten any definitive message from my system that I've eliminated the redirector I'm wary of just assuming I have and hoping for the best.

 

What I've learnt about these redirection viruses is that once they've had their fill of redircting they a) move onto stealing passwords and other sensitive information (in the last few days after I'd got rid of - so far as I know - all the malware except the redirector, something ransacked the calendar I keep on my computer). I first noticed the problem when Malwarebytes informed that a program was trying to transmit information to the internet B) start wreaking general havoc on your system

 

I would very much appreciate the help and suggestions that anyone can give. My heartfelt thanks in advance.

 

Here are a) the output of the AdwCleaner v2.301 program B) the output of the latest Hijack This run.

 

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 18:52:52
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : GAK - YOUR-BAE951A73C
# Boot Mode : Normal
# Running from : C:\Program Files\AdwCleaner\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : ICQ Service

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Found : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\extensions\freerip@mybrowserbar.com
Folder Found : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\GAK\Application Data\PerformerSoft
Folder Found : C:\Documents and Settings\GAK\Application Data\PriceGong
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\FreeSoundRecorder
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\GAK\Start Menu\Programs\FreeRIP
Folder Found : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FreeSoundRecorder
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\FreeRIP
Folder Found : C:\Program Files\FreeSoundRecorder
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\Program Files\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\FreeSoundRecorder
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Found : HKCU\Software\PerformerSoft
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227981
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FreeSoundRecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F492801-4051-45CA-A03B-F9C9B34DF5F9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{382C65D2-967B-481B-B71F-7A8EB10E86E4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeSoundRecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\PerformerSoft
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\prefs.js

Found : user_pref("CT2645238..clientLogIsEnabled", true);
Found : user_pref("CT2645238.CurrentServerDate", "20-1-2012");
Found : user_pref("CT2645238.DSInstall", true);
Found : user_pref("CT2645238.DialogsAlignMode", "LTR");
Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Fri Jan 20 2012 10:08:41 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT2645238.DownloadReferralCookieData", "");
Found : user_pref("CT2645238.EMailNotifierPollDate", "Fri Jan 20 2012 10:53:38 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2645238.FirstServerDate", "20-1-2012");
Found : user_pref("CT2645238.FirstTime", true);
Found : user_pref("CT2645238.FirstTimeFF3", true);
Found : user_pref("CT2645238.FixPageNotFoundErrors", true);
Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2645238.HPInstall", true);
Found : user_pref("CT2645238.HasUserGlobalKeys", true);
Found : user_pref("CT2645238.HomePageProtectorEnabled", true);
Found : user_pref("CT2645238.Initialize", true);
Found : user_pref("CT2645238.InitializeCommonPrefs", true);
Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2645238.InstallationType", "Unknown");
Found : user_pref("CT2645238.InstalledDate", "Thu Jan 19 2012 19:27:13 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2645238.IsAlertDBUpdated", true);
Found : user_pref("CT2645238.IsGrouping", false);
Found : user_pref("CT2645238.IsInitSetupIni", true);
Found : user_pref("CT2645238.IsMulticommunity", false);
Found : user_pref("CT2645238.IsOpenThankYouPage", true);
Found : user_pref("CT2645238.IsOpenUninstallPage", true);
Found : user_pref("CT2645238.IsProtectorsInit", true);
Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Thu Jan 19 2012 19:27:13 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2645238.LastLogin_3.9.0.3", "Fri Jan 20 2012 10:08:37 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2645238.LatestVersion", "3.9.0.3");
Found : user_pref("CT2645238.Locale", "en");
Found : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Found : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2645238.OriginalFirstVersion", "3.9.0.3");
Found : user_pref("CT2645238.SavedHomepage", "yahoo.com");
Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2645238.SearchInNewTabEnabled", true);
Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Thu Jan 19 2012 19:27:16 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2645238.SearchProtectorEnabled", true);
Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2645238.SendProtectorDataViaLogin", true);
Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Thu Jan 19 2012 19:27:07 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2645238.SettingsLastCheckTime", "Fri Jan 20 2012 10:08:16 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2645238.SettingsLastUpdate", "1326723880");
Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Thu Jan 19 2012 19:27:07 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2645238.UserID", "UN72906649326829945");
Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Thu Jan 19 2012 19:27:10 GMT-0500 (Eastern [...]
Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2645238.initDone", true);
Found : user_pref("CT2645238.isAppTrackingManagerOn", true);
Found : user_pref("CT2645238.myStuffEnabled", true);
Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2645238.revertSettingsEnabled", false);
Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Found : user_pref("CT2645238.testingCtid", "");
Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Thu Jan 19 2012 19:27:10 GMT-0500 (Eastern S[...]
Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Thu Jan 19 2012 19:27:14 GMT-0500 (Eastern S[...]
Found : user_pref("CT2704262.BrowserCompStateIsOpen_129674822392465408", true);
Found : user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true);
Found : user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true);
Found : user_pref("CT2704262.CurrentServerDate", "2-3-2012");
Found : user_pref("CT2704262.DSInstall", false);
Found : user_pref("CT2704262.DialogsAlignMode", "LTR");
Found : user_pref("CT2704262.DialogsGetterLastCheckTime", "Wed Feb 29 2012 18:55:17 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT2704262.DownloadReferralCookieData", "");
Found : user_pref("CT2704262.FeedLastCount129531287796537552", 385);
Found : user_pref("CT2704262.FeedPollDate129531287797162554", "Thu Mar 01 2012 22:43:23 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162555", "Thu Mar 01 2012 22:43:23 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162556", "Thu Mar 01 2012 22:43:23 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162557", "Thu Mar 01 2012 22:43:23 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162558", "Thu Mar 01 2012 22:43:23 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162559", "Thu Mar 01 2012 22:43:24 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162560", "Thu Mar 01 2012 22:43:24 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedPollDate129531287797162561", "Thu Mar 01 2012 22:43:24 GMT-0500 (Eastern St[...]
Found : user_pref("CT2704262.FeedTTL129531287797162554", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162555", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162556", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162557", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162558", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162559", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162560", 40);
Found : user_pref("CT2704262.FeedTTL129531287797162561", 40);
Found : user_pref("CT2704262.FirstServerDate", "27-2-2012");
Found : user_pref("CT2704262.FirstTime", true);
Found : user_pref("CT2704262.FirstTimeFF3", true);
Found : user_pref("CT2704262.FixPageNotFoundErrors", true);
Found : user_pref("CT2704262.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2704262.HPInstall", false);
Found : user_pref("CT2704262.HasUserGlobalKeys", true);
Found : user_pref("CT2704262.HomePageProtectorEnabled", false);
Found : user_pref("CT2704262.Initialize", true);
Found : user_pref("CT2704262.InitializeCommonPrefs", true);
Found : user_pref("CT2704262.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2704262.InstalledDate", "Sun Feb 26 2012 18:55:16 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2704262.InvalidateCache", false);
Found : user_pref("CT2704262.IsAlertDBUpdated", true);
Found : user_pref("CT2704262.IsGrouping", false);
Found : user_pref("CT2704262.IsInitSetupIni", true);
Found : user_pref("CT2704262.IsMulticommunity", false);
Found : user_pref("CT2704262.IsOpenThankYouPage", false);
Found : user_pref("CT2704262.IsOpenUninstallPage", true);
Found : user_pref("CT2704262.LanguagePackLastCheckTime", "Thu Mar 01 2012 18:55:25 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2704262.LastLogin_3.10.0.250", "Thu Mar 01 2012 22:23:50 GMT-0500 (Eastern Standard Tim[...]
Found : user_pref("CT2704262.LatestVersion", "3.10.0.1");
Found : user_pref("CT2704262.Locale", "en");
Found : user_pref("CT2704262.MCDetectTooltipHeight", "83");
Found : user_pref("CT2704262.MCDetectTooltipWidth", "295");
Found : user_pref("CT2704262.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2704262.OriginalFirstVersion", "3.10.0.250");
Found : user_pref("CT2704262.RadioIsPodcast", false);
Found : user_pref("CT2704262.RadioLastCheckTime", "Thu Mar 01 2012 18:56:11 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT2704262.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
Found : user_pref("CT2704262.RadioMediaID", "21037024");
Found : user_pref("CT2704262.RadioMediaType", "Media Player");
Found : user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
Found : user_pref("CT2704262.RadioShrinkedFromSetup", false);
Found : user_pref("CT2704262.RadioStationName", "California%20Rock");
Found : user_pref("CT2704262.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2704262.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
Found : user_pref("CT2704262.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2704262.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2704262.SearchInNewTabLastCheckTime", "Thu Mar 01 2012 18:55:25 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2704262.SearchProtectorEnabled", false);
Found : user_pref("CT2704262.SearchProtectorToolbarDisabled", true);
Found : user_pref("CT2704262.SendProtectorDataViaLogin", true);
Found : user_pref("CT2704262.ServiceMapLastCheckTime", "Thu Mar 01 2012 18:55:11 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2704262.SettingsLastCheckTime", "Thu Mar 01 2012 16:43:18 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2704262.SettingsLastUpdate", "1329385181");
Found : user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Sun Feb 26 2012 18:55:11 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2704262.ToolbarDisabled", true);
Found : user_pref("CT2704262.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2704262.ValidationData_Toolbar", 2);
Found : user_pref("CT2704262.alertChannelId", "1096603");
Found : user_pref("CT2704262.autoDisableScopes", -1);
Found : user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Sun Feb 26 2012 18:55:17 GMT-0500 (Eastern [...]
Found : user_pref("CT2704262.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2704262.initDone", true);
Found : user_pref("CT2704262.isAppTrackingManagerOn", true);
Found : user_pref("CT2704262.isFirstRadioInstallation", false);
Found : user_pref("CT3227981.searchRevert", "false");
Found : user_pref("CT3227981.searchUserMode", "2");
Found : user_pref("CT3227981.smartbar.homepage", "true");
Found : user_pref("CT3227981.versionFromInstaller", "10.16.1.21");
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"60a44eb2f040482551d7[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"34971d648889609c2cf[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"411b111c504292398b4[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"82c0f5fd1c9fd909652[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"ff4d398a89e89f8f1eb[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"509969148b75a8e256d[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"d5bd319b69a26964c788b[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"52086c85f62e546498640[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\GAK\\Application D[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.250");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2645238,CT2704262");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2645238,CT2704262");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2645238,CT2704262");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 19 2012 19:27:14 GMT-0500 (Eas[...]
Found : user_pref("CommunityToolbar.globalUserId", "556148de-fdf2-48e9-9cd6-fdb918dc093b");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Feb 26 2012 18:55:1[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Mar 01 2012 19:55:30 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Mar 01 2012 18:55:11 GMT-0500 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "b292e76e-f08d-48a6-8f04-fcf462e24bce");
Found : user_pref("CommunityToolbar.originalHomepage", "yahoo.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 [...]
Found : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500[...]
Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500[...]
Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500[...]
Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500[...]
Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500[...]
Found : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 ([...]
Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 ([...]
Found : user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"Add-ons Manager[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j0vdvyc2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.2313] : homepage = "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN38021408606624327&UM=2",
Found [l.2792] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=48&CUI=UN38021408606624327&UM=2", "hxxp://yahoo.com/" ]

-\\ Opera v11.64.1403.0

File : C:\Documents and Settings\GAK\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26538 octets] - [02/06/2013 09:49:18]
AdwCleaner[R2].txt - [25097 octets] - [03/06/2013 18:52:52]

########## EOF - C:\AdwCleaner[R2].txt - [25158 octets] ##########
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:02:04 PM, on 6/3/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\MC Common\AMDSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sticky Password\stpass.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Start Menu X\StartMenuX.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\Program Files\Chaos Manager 2\cm2.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\OFFICE12\EXCEL.EXE
C:\Program Files\Q-Dir\Q-Dir.exe
C:\Program Files\Microsoft Office\OFFICE12\WINWORD.EXE
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Microsoft Office\OFFICE12\POWERPNT.EXE
C:\Program Files\PicPick\picpick.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~1\WINZIP~1\wzwmcie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Program Files\StartRight\StartRight.exe" -go
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Program Files\StartRight\StartRight.exe" -pre
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijack This\Trend Micro\HiJackThis\HijackThis.exe /startupscan
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GladFileMonSvc - Gladinet, INC - C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: mobile concepts DefragService (MCDefragService) - mobile concepts - C:\Program Files\Common Files\MC Common\AMDSrv.exe
O23 - Service: NetBalancer Windows Service - SeriousBit - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: PS-Disk Monitoring Utility - Unknown owner - C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: AppBooster 2.0 Service (SpeedBoosterSvc) - mobile concepts - C:\Program Files\Common Files\MC Common\BoostService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 9717 bytes
 

 



BC AdBot (Login to Remove)

 


#2 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 04 June 2013 - 05:11 AM

I was too optomistic - it's still there, I'm still being redirected



#3 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 04 June 2013 - 08:17 AM

Update - ran Junkware Removal Tool (JRT) BUT REDIRECTION VIRUS IS STILL ACTIVE!!!!!!! Help - Where to from here????

 

JRT certainly cleaned out a lot of stuff and reset a lot of settings in Firefox that I hadn't yet gotten to.

 

Here's the JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by GAK on Tue 06/04/2013 at  6:23:33.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smallfrogs studio
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2704262
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3227981
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\freerip"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Application Data\performersoft"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Application Data\software informer"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Application Data\wondershare"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\GAK\Local Settings\Application Data\wondershare"
Successfully deleted: [Folder] "C:\Program Files\freerip"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\pc performer"
Successfully deleted: [Folder] "C:\Program Files\software informer"
Successfully deleted: [Folder] "C:\Program Files\wondershare"
Successfully deleted: [Folder] "C:\Program Files\Common Files\Wondershare"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\pc performer"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\GAK\Application Data\mozilla\firefox\profiles\ostayg09.default\prefs.js

user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
user_pref("CT3227981.smartbar.homepage", "true");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"60a44eb2f040482551d712cd43037f29\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"34971d648889609c2cfd169fa26ed324\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"411b111c504292398b49048e8b0c1eaf\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"82c0f5fd1c9fd9096528b7a93dafd81b\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"ff4d398a89e89f8f1eb0b7e0d0c84be9\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"509969148b75a8e256dd17bfe6049a40\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"d5bd319b69a26964c788bd566717b525\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"52086c85f62e546498640fb6545edaab\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\GAK\\Application Data\\Mozilla\\Firefox\\Profiles\\ostayg09.default\\conduitCommon\\modules\\
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.250");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2645238,CT2704262");
user_pref("CommunityToolbar.ToolbarsList2", "CT2645238,CT2704262");
user_pref("CommunityToolbar.ToolbarsList4", "CT2645238,CT2704262");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 19 2012 19:27:14 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.globalUserId", "556148de-fdf2-48e9-9cd6-fdb918dc093b");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Feb 26 2012 18:55:13 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Mar 01 2012 19:55:30 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Mar 01 2012 18:55:11 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "b292e76e-f08d-48a6-8f04-fcf462e24bce");
user_pref("CommunityToolbar.originalHomepage", "yahoo.com");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Thu Mar 01 2012 22:25:28 GMT-0500 (Eastern Standard Time)");
user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"Add-ons Manager\",\"url\":\"about:addons\",\"state\":\"{\\\"entries\\\":[{\\\"url\\\":\\\"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/04/2013 at  6:39:54.18
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:34 AM

Posted 07 June 2013 - 01:03 AM

Hello gak1952 and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)



-DFB


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 June 2013 - 09:30 AM

Thanks for your help. I very much appreciate it.

 

Since my last post saying I had run JRT, I've run FRST and ESET Online Scanner. I thought ESET had done the trick as the re-directions seem to have stopped. Not so fortunately very many of my settings such as start-up program settings had vanished and Firefox settings had been returned to their defaults.

 

Then when I was deleting unwanted programs with Revo Uninstaller the re-director returned with a vengeance. I assume the original program was still dormant on my computer and only its settings had been deleted. I unfortunately can't remember what program I was deleting when the virus was reactivated. It may have been Software Informer, but I'm not sure.

 

This was, I think, after I ran TDSS and MBAR, but before I ran ComboFix and Security Check. Since I've run the latter two programs the re-direction virus seems to have disappeared.

 

I've attached the requested output from the four programs you asked me to run as a PDF file. This is because the output runs to about ninety pages. If you want it in some other way or in some other format let me know and I'll provide it. I have the output as text files and a Microsoft Word Document.

 

One final thing. When I was running ComboFix it kept telling me I had Microsoft Security Essentials running. I couldn't understand this as as I uninstalled this software a long time ago using Revo. I checked the Windows Task Manager and ran config.sys from the run command and could find nor record that MSE was running. After I had run ComboFix from either messages I got or from skimming the ComboFix/Security Check output I got the impression that MSE might have been running as part of my AVG Internet Security Business Edition program. I didn't turn this off when I ran ComboFix since my reading of your instructions didn't suggest that I had to.

 

I'd be interested in whatever you have to say from the output I've sent you. My own suggestion would be that you wait until tomorrow before we proceed further. I won't be working on the internet much today so I won't really be testing for the re-direction virus until tomorrow. I've had it disappear before for as much as a day or more only for it to suddenly return.

 

Let me know what you think.

 

Again, thank you for your help. I very much appreciate it.

 

A question on a different topic. I'm now running AVG Internet Security Business Edition for my malware protection (I used to run Prevx and MalwareBytes, but obviously they weren't fully effective). I also used to use WinPatrol. I'm now thinking of getting WinPatrol Plus. Would it be a good idea to run this in conjunction with AVG Business Edition? I've also downloaded, but deactivated, MJ Registry Watcher. Again, I'm wandering if I should run this in conjunction with AVG and WinPatrol Plus. Ever since I've had this re-direction virus I've become paranoid about security. While I was running all kinds of software to try to find and remove this virus I found other malware that had slipped by Prevx and Malwarebyes. I would welcome any thoughts you might have on the just run one anti-malware program issue.

 

I look forward to hearing from you.

 

Sincerely,

 

 

Graham A. Kerby



#6 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 09 June 2013 - 12:33 PM

Alas, the re-direction virus is back with a vengeance. AVG found it trying to install the following virus on my computer: adwaregenerics.aatp secure.01-installer7.



#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:34 AM

Posted 09 June 2013 - 01:13 PM

Please hold off on running any programs on your own while I'm helping you. It's counterproductive and leaves me having to piece together what changes each of these programs may have made to your system.

 

With that said, please don't post PDFs. Please save it as a .txt file and upload it in your next post (you can upload it as an attachment).


Edited by D-FRED-BROWN, 09 June 2013 - 01:15 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#8 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 10 June 2013 - 08:31 AM

Sorry about running ComboFix. I misread the instructions.

 

I've attached the output reports of the four anti-malware programs you asked me to run as a text file. I haven't posted it as it runs to 90 pages.

 

Thanks for your help and advice. I much appreciate it.



#9 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:34 AM

Posted 10 June 2013 - 01:00 PM

I don't see the attachments, try re-uploading them.

 

Make sure when you browse for and select the files, that you click the "Upload" button for each of them (I sometimes forget to do that).

 

If that doesn't work just upload them to sendspace.com and send me the link.


Edited by D-FRED-BROWN, 10 June 2013 - 01:00 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#10 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 10 June 2013 - 05:15 PM

OK. I'll try again.Attached File  Bleeping Computer Malware Report June 9, 2013.txt   180.66KB   2 downloads



#11 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:34 AM

Posted 10 June 2013 - 06:33 PM

I'm not seeing anything particularly suspicious. I'd like to run a few more scans for a deeper look:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

----------Step 2----------------
We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Run Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


----------Step 4----------------
Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#12 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 June 2013 - 01:56 PM

For some reason I can't post my reply with the requested report notes from ESET, OTL and AdwCleaner. I keep getting the message, "You do not have permission to perform that action".

 

What is the problem?



#13 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:34 AM

Posted 12 June 2013 - 01:58 PM

Not sure. If you can't copy/paste them, try uploading them as attachments. If that doesn't work, post them on sendspace.com and send me the links

Edited by D-FRED-BROWN, 12 June 2013 - 01:58 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#14 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 June 2013 - 02:02 PM

The output is too large to attach as one file. I'll try and send it to you in three parts as posts.

 

Here is the first part.

 

NOTE: I had to run ESET first as there was something wrong with my computer. Neither the ADW Cleaner nor OTL Cleaner screens would open until after I ran ESET. From your instructions it did not seem that it mattered in which order I ran the three programs, so I haven't run ADW and OTL after I ran ESET.

Please note: I have previously run ESET, ADW Cleaner and OTL and while they removed some viruses/corrected some problems with my computer they did not remove the redirection virus.

From my own reading on the subject the problem seems to reside in the following Firefox preference file code:

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=994519&fr=spigot-yhp-ff"

and the this registry entry

IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\SearchScopes\{81675A2E-6191-4130-A937-F55A88BDA63F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

(All the highlights are mine)

I don't think the spigot line is critical (I'm going to delete spigot anyway).

Again, from what I've read, the problem is that no matter what you do, the virus keeps resetting the search function in Firefox (along with Chrome and possibly other browsers) into redirection mode. I've yet to find a solutino on the internet that doesn't involve multiple deletions and re-installations of all your browsers. If you can solve this problem you should get a prize. I don't think anyone else has. The key issue seems to be finding where the virus that keeps inserting the redirection code is hiding no the system.

Anyway, let me know what I should do next.

Here is the ESET Report

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad252d7c33807c4ca757456f0e8551a7
# engine=14011
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-06 06:13:11
# local_time=2013-06-06 02:13:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1042 16777213 100 93 0 56733175 0 0
# scanned=427701
# found=2
# cleaned=2
# scan_time=15815
sh=97C2D98404FF023C4B6D369612A7AA7A2A0C8D7B ft=0 fh=0000000000000000 vn="LNK/URL.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Start Menu\Programs\System Speed Booster\Help.lnk"
sh=A88E4CE42E879DD335C2A20EDD7D6B08420D7CA2 ft=1 fh=3973670b2e39351d vn="a variant of Win32/Adware.RealRegistryCleaner application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\SystemSpeedBooster\SystemSpeedBooster.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ad252d7c33807c4ca757456f0e8551a7
# engine=14051
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-12 05:03:17
# local_time=2013-06-12 01:03:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1042 16777213 100 93 0 57204181 0 0
# scanned=420833
# found=2
# cleaned=2
# scan_time=19031
sh=97C2D98404FF023C4B6D369612A7AA7A2A0C8D7B ft=0 fh=0000000000000000 vn="LNK/URL.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{333BB734-830A-44F0-9A7C-3679878B7B58}\RP896\A1849637.lnk"
sh=A88E4CE42E879DD335C2A20EDD7D6B08420D7CA2 ft=1 fh=3973670b2e39351d vn="a variant of Win32/Adware.RealRegistryCleaner application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{333BB734-830A-44F0-9A7C-3679878B7B58}\RP896\A1849638.exe"

 



Here is the Adware Cleaner Report

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 04:20:56
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : GAK - YOUR-BAE951A73C
# Boot Mode : Normal
# Running from : C:\Documents and Settings\GAK\desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
Folder Found : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\extensions\freerip@mybrowserbar.com
Folder Found : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\GAK\Application Data\Search Settings
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\FreeSoundRecorder
Folder Found : C:\Documents and Settings\GAK\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\GAK\Start Menu\Programs\FreeRIP
Folder Found : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FreeSoundRecorder
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\FreeSoundRecorder
Folder Found : C:\Program Files\ParetoLogic
Folder Found : C:\Program Files\Vuze Remote toolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\FreeSoundRecorder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\Software\FreeSoundRecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F492801-4051-45CA-A03B-F9C9B34DF5F9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{382C65D2-967B-481B-B71F-7A8EB10E86E4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreeSoundRecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeSoundRecorder Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32B29DF0-2237-4370-9A29-37CEBB730E9B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\hz32imv0.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\nmk1y36l.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\Profiles\ostayg09.default\prefs.js

Found : user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"How to soften u[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\j0vdvyc2.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.64.1403.0

File : C:\Documents and Settings\GAK\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26538 octets] - [02/06/2013 09:49:18]
AdwCleaner[R2].txt - [25228 octets] - [03/06/2013 18:52:52]
AdwCleaner[R3].txt - [9176 octets] - [12/06/2013 04:20:56]

########## EOF - C:\AdwCleaner[R3].txt - [9236 octets] ##########
 



#15 gak1952

gak1952
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 June 2013 - 02:05 PM

The OTL report seems to be too large to send as one piece.

 

So i'm sending it in two parts. Here is Part I.

 

OTL logfile created on: 6/12/2013 4:34:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\GAK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.11% Memory free
5.09 Gb Paging File | 3.91 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 488.28 Gb Total Space | 402.63 Gb Free Space | 82.46% Space Free | Partition Type: NTFS
Drive D: | 488.28 Gb Total Space | 387.84 Gb Free Space | 79.43% Space Free | Partition Type: NTFS
Drive E: | 488.28 Gb Total Space | 488.02 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 398.16 Gb Total Space | 398.08 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 308.66 Gb Free Space | 66.27% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-BAE951A73C | User Name: GAK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/11 19:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GAK\desktop\OTL.exe
PRC - [2013/06/07 10:06:19 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/01 02:20:52 | 000,673,064 | ---- | M] (Bitsum) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2013/06/01 02:20:50 | 000,961,832 | ---- | M] (Bitsum) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2013/05/21 09:19:19 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/16 07:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012/02/16 12:26:04 | 000,010,240 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
PRC - [2011/11/17 14:13:32 | 000,675,840 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\Program Files\Q-Dir\Q-Dir.exe
PRC - [2011/09/08 13:48:34 | 005,663,856 | ---- | M] (mobile concepts) -- C:\Program Files\Common Files\MC Common\AMDSrv.exe
PRC - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2009/03/08 08:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () -- C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2002/12/17 20:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/07 10:06:18 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/05/16 17:24:45 | 000,135,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\b8d4d97dc2a33440932725b2fb712dcc\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll
MOD - [2013/05/16 17:24:42 | 000,366,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\aac4587d716284cc88b6ba7e83936ddd\Microsoft.VisualStudio.Tools.Applications.Hosting.ni.dll
MOD - [2013/05/16 17:23:57 | 000,864,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\fc92a65f389b2b725d107cc0396f49e8\Microsoft.Office.Tools.Common.Implementation.ni.dll
MOD - [2013/05/16 17:22:43 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll
MOD - [2013/05/16 17:02:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/16 16:31:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/05/16 16:26:59 | 000,377,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b41a70bb1c545fb8c23b7d36c9461ab4\System.Dynamic.ni.dll
MOD - [2013/05/16 16:26:54 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll
MOD - [2013/05/16 16:26:51 | 001,616,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\0666fcb78e409ffc35556c6c659786e8\Microsoft.CSharp.ni.dll
MOD - [2013/05/16 16:26:05 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll
MOD - [2013/05/16 16:25:53 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll
MOD - [2013/02/13 17:49:59 | 000,209,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualStu#\6cc78c3ac9fa0b33c91950ac0794970b\Microsoft.VisualStudio.Tools.Office.Runtime.Internal.ni.dll
MOD - [2013/02/13 17:48:31 | 000,336,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\1c40e4431ee3472185a2fea74f8fd01d\Microsoft.Office.Tools.Common.ni.dll
MOD - [2013/02/13 17:17:03 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/13 17:16:24 | 001,170,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.NetBalan#\fbcbae9ae3cc81d873da21b734e3a80f\SeriousBit.NetBalancer.Core.ni.dll
MOD - [2013/02/13 17:16:13 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 17:15:44 | 000,071,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BugReporting\d767d807124d4ccff768c761950d2598\BugReporting.ni.dll
MOD - [2013/01/12 17:26:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\124334149abf9a9eef993182b606bdc9\Microsoft.Office.Tools.v4.0.Framework.ni.dll
MOD - [2013/01/12 17:26:18 | 000,022,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Office.To#\7ed44244e3d15328fa5da99d75356dbc\Microsoft.Office.Tools.ni.dll
MOD - [2013/01/09 18:47:14 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll
MOD - [2013/01/09 18:15:33 | 000,028,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.NetBalan#\01ea76e42332303ef3d8628d381e8c9b\SeriousBit.NetBalancer.Service.ni.exe
MOD - [2013/01/09 18:14:58 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.Licensing\d3235bde286fdd89183936613e411cdf\SeriousBit.Licensing.ni.dll
MOD - [2013/01/09 18:14:47 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/09 18:13:53 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 18:13:23 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PacketDotNet\28d52541a4c01d2be54827c70c37c34b\PacketDotNet.ni.dll
MOD - [2013/01/09 18:13:16 | 000,030,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Localizator\53e5a379a62b93f3722475f51c657c54\Localizator.ni.dll
MOD - [2013/01/09 18:13:11 | 000,492,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\LinqBridge\93f46a2f6e6936fef3509487eb945b36\LinqBridge.ni.dll
MOD - [2013/01/09 18:13:06 | 000,941,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip\165858fd9c5f215d4918dc35e87cb6c1\Ionic.Zip.ni.dll
MOD - [2013/01/09 18:07:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 18:06:18 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 18:05:41 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/09 18:02:44 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 18:02:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/09 17:22:02 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 17:20:50 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 17:20:32 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 17:20:07 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
MOD - [2011/12/13 18:14:26 | 000,708,608 | ---- | M] () -- C:\Program Files\idoo\File Encryption\KernalUI.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe
MOD - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () -- C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe
MOD - [2008/06/04 02:53:14 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\spd__l.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2001/08/18 01:36:16 | 000,165,888 | ---- | M] () -- C:\WINDOWS\system32\hpgt53.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2013/06/10 10:06:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 10:06:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/22 13:21:49 | 001,015,984 | ---- | M] (AVG Secure Search) [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/21 09:19:19 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/15 10:09:14 | 000,806,776 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/05 02:47:36 | 000,020,656 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe -- (ocster_1clk_backup)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2012/12/16 07:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/10/09 12:30:28 | 000,032,368 | ---- | M] (Sanford, L.P.) [Disabled | Stopped] -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2012/07/30 09:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 17:50:22 | 000,252,416 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\GSService.exe -- (GSService)
SRV - [2012/05/10 14:00:00 | 000,539,744 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2012/02/16 12:26:04 | 000,010,240 | ---- | M] (SeriousBit) [Auto | Running] -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe -- (NetBalancer Windows Service)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/10/25 22:32:24 | 000,037,280 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2011/09/08 13:48:38 | 002,236,528 | ---- | M] (mobile concepts) [On_Demand | Stopped] -- C:\Program Files\Common Files\MC Common\BoostService.exe -- (SpeedBoosterSvc)
SRV - [2011/09/08 13:48:34 | 005,663,856 | ---- | M] (mobile concepts) [Auto | Running] -- C:\Program Files\Common Files\MC Common\AMDSrv.exe -- (MCDefragService)
SRV - [2011/09/06 21:37:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/09 19:38:38 | 000,328,536 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/06/09 19:39:14 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\idoo\File Encryption\FLService.exe -- (FLService)
SRV - [2011/06/04 13:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/05/09 08:18:30 | 000,029,552 | ---- | M] (Gladinet, INC) [On_Demand | Stopped] -- C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2010/02/11 02:30:50 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Stopped] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/08/24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe -- (DfSdkS)
SRV - [2008/09/05 01:09:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/08/12 17:04:30 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\PS-Disk Monitoring Utility\HardDiskMonitoringService.exe -- (PS-Disk Monitoring Utility)
SRV - [2007/09/30 03:17:44 | 001,536,000 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/03/06 13:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 16:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/04/04 21:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/04/02 14:24:48 | 000,098,304 | ---- | M] (Convar Deutschland GmbH) [Disabled | Stopped] -- C:\Program Files\Convar\TaskManager\ctm.exe -- (ctm)
SRV - [2002/12/17 20:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 20:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GAK\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/05/30 06:20:41 | 000,030,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/05/22 13:21:49 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/16 12:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2013/03/16 12:47:04 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2013/03/16 12:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2013/03/16 12:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/02/05 19:34:43 | 000,039,048 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012/12/16 07:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/10/31 14:17:26 | 000,452,688 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2012/10/31 14:17:26 | 000,283,472 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2012/10/31 14:17:26 | 000,081,232 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2012/09/27 12:08:10 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2012/08/25 06:25:10 | 000,022,984 | ---- | M] (Giant Matrix Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aflfile.sys -- (aflfile)
DRV - [2012/07/25 10:36:37 | 000,163,616 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV - [2012/07/19 23:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012/07/19 23:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012/05/09 15:03:54 | 000,233,096 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SCRCAMNETDRIVER.sys -- (SCRCAMNETDRIVER)
DRV - [2012/03/21 07:22:52 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys -- (WISOVD)
DRV - [2012/02/02 16:13:44 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2012/01/22 12:51:52 | 000,035,456 | ---- | M] (Gili Soft Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\FileLock.sys -- (FileLock)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/12/26 15:34:30 | 000,010,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ampa.sys -- (ampa)
DRV - [2011/10/14 23:21:42 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/08/10 19:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/07/29 14:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/05/18 18:11:14 | 000,031,016 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2011/04/23 19:45:50 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/30 18:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/05/20 15:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys -- (CSN5PDTS82)
DRV - [2009/12/07 20:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2009/08/07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012.SP5c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/02/27 16:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/25 16:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/30 00:48:26 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2007/09/29 23:38:48 | 000,056,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/08/08 12:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 12:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 12:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 12:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 12:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 12:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 12:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 12:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 23:06:20 | 000,012,952 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/01 23:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/02/09 23:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 17:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/05/17 09:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/09/22 11:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 07:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 07:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/08/18 19:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2001/08/17 15:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1996/12/12 08:30:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {B3B00F22-C13A-4731-AF08-587FF1E0013B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\SearchScopes\{81675A2E-6191-4130-A937-F55A88BDA63F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: SoundFrost@helper.com:3.7.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=994519&fr=spigot-yhp-ff"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\MsiExec.exe\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\en.pixelplan.pl/PIXELPLANWebViewer: C:\Documents and Settings\GAK\Application Data\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\npPIXELPLANWebViewer.dll (Pixelplan S.C.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9193F654-D886-4fef-8894-A97EF6623104}: C:\Program Files\Wondershare\AllMyTube\SVRFirefoxExt\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013/05/22 13:22:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/07 10:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Documents and Settings\GAK\Application Data\Lamantine\Sticky Password\spAutofill [2013/05/24 17:37:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\CaptureSaver@goldgingko.com: C:\Program Files\CaptureSaver\Firefox [2013/03/19 15:31:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files\SoundFrost\SoundFrost.xpi [2013/05/20 09:55:10 | 000,038,116 | ---- | M] ()
 
[2011/12/21 12:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Extensions
[2013/06/08 08:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\hz32imv0.default\extensions
[2013/06/07 17:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\nmk1y36l.default\extensions
[2013/06/09 13:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions
[2013/05/08 08:14:58 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/04/27 05:34:30 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2013/01/03 14:27:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2013/04/08 09:05:49 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2013/06/08 00:45:54 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\savingsslider@mybrowserbar.com
[2013/06/08 06:04:52 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\TooManyTabs@visibotech.com
[2013/06/09 13:50:16 | 000,011,571 | ---- | M] () (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\troubleshooter@mozilla.org.xpi
[2012/03/24 09:39:00 | 000,049,303 | ---- | M] () (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
[2011/12/21 14:18:44 | 000,020,995 | ---- | M] () (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{8a8c1ada-2504-45c6-a2d2-265591abbd00}.xpi
[2013/06/07 20:35:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008/11/17 18:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\GAK\Application Data\Mozilla\Firefox\profiles\ostayg09.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2013/06/07 09:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/01 12:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/08 16:03:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/06/07 10:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/07 10:06:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/20 09:55:10 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES\SOUNDFROST\SOUNDFROST.XPI
[2012/08/05 19:17:43 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/05/22 13:22:39 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fhdcahhbjlmpbdcjnbhcobdaeieomgop\6.0.10.445\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.0.2_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\GAK\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/06/08 19:27:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDFViewerPlus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files\WinZip Courier\wzwmcie.dll (WinZip Computing, S.L.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.1\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\Toolbar\WebBrowser: (FreeSoundRecorder Toolbar) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - C:\Program Files\FreeSoundRecorder\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [STARTRIGHT] C:\Program Files\StartRight\StartRight.exe (www.joejoesoft.com)
O4 - HKLM..\RunOnce: [STARTRIGHT] C:\Program Files\StartRight\StartRight.exe (www.joejoesoft.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = Reg Error: Value error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = Reg Error: Value error. File not found
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{382AB702-38F6-4784-B97A-37E2BCF6B8EB}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F7178A5-E3FE-4146-89AE-F6E85D233AF4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\linkscanner - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\AutorunsDisabled\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\GAK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GAK\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/20 18:55:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/01/13 20:18:15 | 000,000,000 | ---D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 15:14:46 | 000,000,000 | ---D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:11 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:13 | 000,000,000 | ---D | M] - E:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/05 12:36:14 | 000,000,000 | ---D | M] - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1606980848-2052111302-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2013/06/11 19:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/06/11 19:42:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GAK\Desktop\OTL.exe
[2013/06/09 19:49:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/09 19:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\GoforFiles
[2013/06/08 17:46:53 | 005,078,680 | R--- | C] (Swearware) -- C:\Documents and Settings\GAK\Desktop\ComboFix.exe
[2013/06/08 15:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\ZipGenius
[2013/06/08 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\MBar
[2013/06/08 07:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hard Disk Sentinel
[2013/06/08 07:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Sentinel
[2013/06/08 06:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/06/08 06:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\MJRegWatcher
[2013/06/07 17:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Vuze Downloads
[2013/06/07 17:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\.swt
[2013/06/07 17:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Slick Savings
[2013/06/07 17:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Search Settings
[2013/06/07 17:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2013/06/07 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze Remote Toolbar
[2013/06/07 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2013/06/07 17:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Azureus
[2013/06/07 17:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013/06/06 19:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NTFS to FAT32 Wizard 2.3.1
[2013/06/06 19:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\NTFS to FAT32 Wizard 2.3.1
[2013/06/06 08:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/06 07:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/06/06 07:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/06/05 05:56:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/05 05:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\FRST
[2013/06/04 06:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/04 06:17:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/04 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\iRecordMax Sound Recorder
[2013/06/04 00:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\iRecordMax Sound Recorder
[2013/06/03 18:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\AdwCleaner
[2013/05/30 15:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Ashampoo Home Designer Pro
[2013/05/30 15:37:47 | 000,062,464 | ---- | C] (Tools & Components) -- C:\WINDOWS\System32\sevLock.dll
[2013/05/30 15:33:21 | 000,290,816 | ---- | C] (Cygnicon GmbH) -- C:\WINDOWS\System32\cyviewer.ocx
[2013/05/29 18:44:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GAK\Recent
[2013/05/28 14:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\CRE
[2013/05/28 14:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\vlc
[2013/05/28 13:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/05/28 13:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/24 20:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Speed Booster
[2013/05/24 20:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\SystemSpeedBooster
[2013/05/24 19:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Avg2013
[2013/05/24 17:14:19 | 000,019,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmdebug.sys
[2013/05/24 17:14:16 | 000,054,960 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmci.sys
[2013/05/24 17:14:14 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2013/05/24 17:14:12 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2013/05/24 17:14:12 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2013/05/24 17:14:09 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2013/05/24 17:14:09 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/05/24 17:14:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2013/05/24 17:14:05 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/05/24 17:14:03 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2013/05/24 17:14:03 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/05/24 17:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\OemDir
[2013/05/24 16:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/05/24 15:25:55 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2013/05/24 15:25:55 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2013/05/24 15:25:54 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2013/05/24 15:25:54 | 004,755,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2013/05/24 15:25:54 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2013/05/24 15:25:54 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2013/05/24 15:25:54 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2013/05/24 15:25:54 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2013/05/24 15:25:54 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2013/05/24 15:25:54 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ChCfg.exe
[2013/05/24 15:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2013/05/24 15:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/05/24 15:25:25 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2013/05/23 13:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\migrateos
[2013/05/23 10:39:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2013/05/23 10:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Microsoft Corporation
[2013/05/23 10:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013/05/23 10:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup Free 5.8
[2013/05/23 10:05:21 | 000,019,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2013/05/23 00:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ocster 1-Click Backup
[2013/05/22 19:20:45 | 000,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2013/05/22 19:20:45 | 000,176,128 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\RcdScan.dll
[2013/05/22 19:20:44 | 000,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2013/05/22 19:20:41 | 000,013,632 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\drivers\omci.sys
[2013/05/22 13:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\AVG2013
[2013/05/22 13:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2013/05/22 13:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2013
[2013/05/22 13:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/05/22 13:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/05/22 13:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\TuneUp Software
[2013/05/22 13:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/05/22 13:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\AVG SafeGuard toolbar
[2013/05/22 13:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/05/22 13:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/05/22 12:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\MFAData
[2013/05/22 12:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Avg2013
[2013/05/21 17:55:14 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/05/21 17:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/05/21 14:23:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2013/05/21 09:19:38 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/05/21 09:19:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/21 09:19:30 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/21 09:19:30 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/21 09:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/05/20 09:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundFrost
[2013/05/20 09:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\SoundFrost
[2013/05/19 09:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\KRyLack Software
[2013/05/19 09:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asterisk Password Decryptor
[2013/05/19 09:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Asterisk Password Decryptor
[2013/05/16 17:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/05/16 11:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft
[2013/05/08 20:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\PearlMountain
[2013/05/08 20:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PearlMountain
[2013/05/08 20:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PearlMountain
[2013/05/08 20:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CollageIt
[2013/05/08 20:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\CollageIt
[2013/05/02 18:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Softplicity
[2013/05/02 18:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Total Image Converter
[2013/05/02 18:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\TotalImageConverter
[2013/04/30 20:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImageMagick 6.8.0 Q16
[2013/04/30 20:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.8.0-Q16
[2013/04/30 20:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LAVA SoftWorks
[2013/04/30 20:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\icomancer
[2013/04/30 20:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\icomancer
[2013/04/28 19:16:18 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2013/04/24 19:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soft Organizer
[2013/04/24 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Soft Organizer
[2013/04/24 12:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\yabss
[2013/04/18 08:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/16 13:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Take-1 Recorder
[2013/04/16 13:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileStream Take-1 Recorder
[2013/04/12 19:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Spotify
[2013/04/12 19:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Spotify
[2013/04/12 10:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander
[2013/04/12 10:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeCommander
[2013/04/12 07:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDCopy
[2013/04/12 07:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\DVDCopy
[2013/04/12 07:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
[2013/04/09 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\1-abc.net Backup Folder
[2013/03/29 02:53:48 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/03/27 12:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Sun
[2013/03/21 18:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\FireShot
[2013/03/21 03:08:24 | 000,182,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/03/19 15:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\CaptureSaver
[2013/03/19 15:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CaptureSaver
[2013/03/19 15:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\CaptureSaver
[2013/03/19 15:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\CaptureSaver
[2013/03/18 19:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/03/18 19:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/18 17:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\LogMeIn Rescue Applet
[2013/03/10 16:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Epson
[2013/03/10 13:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Leadertech
[2013/03/10 13:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Epson
[2013/03/10 13:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Epson
[2013/03/10 13:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2013/03/10 13:00:30 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2013/03/10 13:00:30 | 000,122,000 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\escsvc.exe
[2013/03/10 12:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2013/03/10 12:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/03/10 12:57:25 | 000,475,496 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppmon.dll
[2013/03/10 12:57:25 | 000,475,496 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppmon.dll
[2013/03/10 12:57:25 | 000,457,780 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ensppui.dll
[2013/03/10 12:57:25 | 000,457,780 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enppui.dll
[2013/03/10 12:57:25 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enspres.dll
[2013/03/10 12:57:25 | 000,249,344 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\enpres.dll
[2013/03/10 12:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/03/10 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2013/03/10 12:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON Software
[2013/03/10 12:55:54 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2013/03/10 12:55:53 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_TD4BJJE.DLL
[2013/03/10 12:55:52 | 000,095,232 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_TLBJJE.DLL
[2013/03/10 12:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/03/08 21:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Magic Skin Filter
[2013/03/08 21:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic Skin Filter
[2013/03/05 21:17:34 | 000,000,000 | ---D | C] -- C:\BOOT
[2013/03/05 20:57:59 | 000,185,672 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2013/03/05 20:57:58 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2013/03/05 20:57:57 | 000,050,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2013/03/05 14:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\.dvdcss
[2013/03/04 09:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoftOrbits Photo Retoucher
[2013/03/04 09:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\SoftOrbits Photo Retoucher
[2013/03/01 10:32:20 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/02/28 21:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Ashampoo Video Styler
[2013/02/23 08:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Audials
[2013/02/23 08:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audials 10
[2013/02/19 18:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\BYclouder Data Recovery Pro
[2013/02/14 13:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\MunSoft
[2013/02/14 13:48:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Drive Data Recovery
[2013/02/08 04:37:56 | 000,245,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/02/08 04:37:52 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/02/05 20:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\ActiveX
[2013/02/05 20:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Soft4Boost
[2013/02/05 20:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soft4Boost
[2013/02/05 20:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Soft4Boost
[2013/02/05 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Soft4Boost
[2013/02/05 16:46:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\GAK\Application Data\Brother
[2013/01/31 20:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iPixSoft
[2013/01/31 20:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\iPixSoft Flash Gallery Factory
[2013/01/31 20:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPixSoft
[2013/01/31 15:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2013/01/31 15:38:06 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2013/01/31 15:38:05 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2013/01/31 15:38:05 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2013/01/31 15:38:02 | 000,000,000 | ---D | C] -- C:\Brother
[2013/01/31 15:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/01/31 15:37:43 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2013/01/31 15:37:43 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2013/01/31 15:37:43 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2013/01/31 15:37:43 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2013/01/31 15:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/01/31 15:37:41 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2013/01/31 15:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2013/01/28 17:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sketch Drawer
[2013/01/28 17:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Sketch Drawer
[2013/01/28 09:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Help
[2013/01/28 09:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Help
[2013/01/27 19:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Boilsoft
[2013/01/27 19:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Boilsoft
[2013/01/27 19:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Boilsoft
[2013/01/26 13:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Process Lasso
[2013/01/24 17:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\flipbuilder
[2013/01/24 17:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flip Image
[2013/01/24 17:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Image
[2013/01/21 21:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Peridot_Technologies
[2013/01/21 21:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Easy Flyer Creator
[2013/01/21 19:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy Flyer Creator 3.0
[2013/01/21 19:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Flyer Creator 3.0
[2013/01/21 19:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Easy Flyer Creator
[2013/01/20 19:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\photoOptimizeHistoryDataBase
[2013/01/20 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Ashampoo Photo Optimizer 4
[2013/01/19 21:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\SoulidStudio
[2013/01/19 21:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IProt
[2013/01/19 21:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mosaico
[2013/01/19 21:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mosaico
[2013/01/16 18:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Data Recovery Wizard 5.6.5
[2013/01/15 19:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\XYplorer
[2013/01/15 19:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\XYplorer
[2013/01/14 15:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\AcroPano
[2013/01/13 19:18:27 | 000,000,000 | ---D | C] -- C:\Shortcuts\Macro Recorders
[2013/01/13 18:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\CDRWIN 9
[2013/01/13 18:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 9
[2013/01/13 18:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CDRWIN 9
[2013/01/13 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDRWIN 9
[2013/01/12 20:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Pixarra
[2013/01/11 17:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Audacity
[2013/01/10 13:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/01/02 19:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\YCanPDF
[2012/12/25 18:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVR Converter 3.0
[2012/12/25 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ogg+WebM
[2012/12/25 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVR Converter 3.0
[2012/12/22 18:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft
[2012/12/21 14:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\My Audio Cutter
[2012/12/21 14:25:58 | 000,000,000 | ---D | C] -- C:\Program Files\My Audio Cutter
[2012/12/21 14:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\My Audio Cutter
[2012/12/19 16:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Simpo PDF to PowerPoint
[2012/12/19 16:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Simpo PDF to PowerPoint
[2012/12/19 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Simpo PDF to PowerPoint
[2012/12/19 06:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/12/18 18:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2012/12/18 18:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2012/12/17 06:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Artensoft Photo Collage Maker
[2012/12/16 13:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\RecordMax Burning Studio
[2012/12/16 13:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RecordMax Burning Studio
[2012/12/16 13:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\RecordMax Burning Studio
[2012/12/15 15:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoRotator
[2012/12/15 15:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoRotator
[2012/12/14 18:39:53 | 000,000,000 | ---D | C] -- C:\archive_db
[2012/12/12 20:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\ArcticLine
[2012/12/12 20:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jet Screenshot
[2012/12/12 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Jet Screenshot
[2012/12/12 17:11:59 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/12/11 20:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Engelmann_Media
[2012/12/09 20:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MagicCamera
[2012/12/09 20:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\MagicCamera
[2012/12/09 20:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\ShiningMorning
[2012/12/08 09:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FindAndRunRobot
[2012/12/08 09:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2012/12/08 09:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\FindAndRunRobot
[2012/12/06 20:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Ocster 1-Click Backup
[2012/12/06 20:12:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\sysnfxo
[2012/12/06 20:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ocster 1-Click Backup
[2012/12/06 20:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ocster 1-Click Backup
[2012/12/05 17:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\NeroVision
[2012/12/05 17:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Ahead
[2012/12/05 17:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Ahead
[2012/12/05 17:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Tipard Studio
[2012/12/05 10:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\LeaderTask
[2012/12/03 11:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BurnAware Home
[2012/12/03 11:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Home
[2012/12/02 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Language
[2012/12/02 15:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Help
[2012/12/02 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Views
[2012/12/02 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Skins
[2012/12/02 15:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Databases
[2012/12/02 15:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall
[2012/11/27 20:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\RecoveryMechanic
[2012/11/26 14:12:57 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2012/11/26 14:12:57 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2012/11/26 14:12:57 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2012/11/26 14:12:57 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2012/11/26 14:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Panasonic
[2012/11/26 14:12:56 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2012/11/26 14:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2012/11/26 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panasonic
[2012/11/26 14:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2012/11/26 14:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/11/26 14:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/11/23 18:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\IsolatedStorage
[2012/11/23 18:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/11/23 18:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\assembly
[2012/11/23 18:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Presente3D
[2012/11/23 18:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Presente3D
[2012/11/23 18:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Presente3D LLC
[2012/11/21 13:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Light Developer
[2012/11/21 13:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Light Developer
[2012/11/21 13:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Light Developer
[2012/11/18 15:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Pavtube
[2012/11/18 15:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2012/11/18 15:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pavtube
[2012/11/18 15:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Pavtube
[2012/11/18 15:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Pavtube
[2012/11/17 21:15:34 | 000,022,984 | ---- | C] (Giant Matrix Limited) -- C:\WINDOWS\System32\drivers\aflfile.sys
[2012/11/17 21:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\A+ Folder Locker
[2012/11/17 21:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\A+ Folder Locker
[2012/11/16 14:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\clonehdd
[2012/11/15 11:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\SoftOrbits Flash Drive Recovery
[2012/11/14 17:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paragon Backup and Recovery™ 12 Compact
[2012/11/14 00:32:29 | 002,081,120 | ---- | C] (Acronis) -- C:\WINDOWS\System32\AutoPartNt.exe
[2012/11/13 20:02:19 | 000,000,000 | ---D | C] -- C:\Shortcuts\Task Sceduler
[2012/11/13 19:59:09 | 000,000,000 | ---D | C] -- C:\Shortcuts\Backup
[2012/11/13 14:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Ashampoo Music Studio 2012
[2012/11/10 19:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\DYMO Label
[2012/11/10 19:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\DYMO
[2012/11/08 18:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/11/08 18:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/11/08 18:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\BusinessCardsMX templates
[2012/11/08 18:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\mojosoft
[2012/11/08 18:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\mojosoft
[2012/11/08 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DYMO
[2012/11/08 17:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\DYMO
[2012/11/08 17:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DYMO
[2012/10/31 14:17:26 | 000,452,688 | ---- | C] (Paragon) -- C:\WINDOWS\System32\drivers\Uim_IM.sys
[2012/10/31 14:17:26 | 000,326,992 | ---- | C] (Paragon) -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2012/10/31 14:17:26 | 000,283,472 | ---- | C] (Paragon) -- C:\WINDOWS\System32\drivers\Uim_Vim.sys
[2012/10/31 14:17:26 | 000,081,232 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\UimBus.sys
[2012/10/29 15:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2012/10/29 15:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AbAlarm
[2012/10/29 15:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\AbAlarm
[2012/10/26 19:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\PhraseExpander
[2012/10/26 19:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nagarsoft PhraseExpander
[2012/10/26 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\PhraseExpander
[2012/10/25 04:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/10/25 04:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2012/10/21 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2012/10/21 19:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic DVD Copier
[2012/10/21 19:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\MagicSoftware
[2012/10/21 19:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDVDCopier
[2012/10/19 14:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Windows Search
[2012/10/18 20:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboTask
[2012/10/18 20:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboTask
[2012/10/18 20:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\RoboTask
[2012/10/18 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\RoboTask
[2012/10/14 19:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\audiozilla.vb
[2012/10/14 19:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AUDIOzilla
[2012/10/14 19:02:35 | 000,751,616 | ---- | C] (MoonLight Software Inc. 1999-2004) -- C:\WINDOWS\System32\VBOLock.ocx
[2012/10/14 18:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Audiozilla
[2012/10/14 18:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\AUDIOzilla
[2012/10/14 12:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\.areca
[2012/10/14 10:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\Areca
[2012/10/09 12:32:44 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.tr.dll
[2012/10/09 12:32:44 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.sv.dll
[2012/10/09 12:32:44 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.pt-BR.dll
[2012/10/09 12:32:44 | 000,004,096 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.zh.dll
[2012/10/09 12:32:42 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.pt.dll
[2012/10/09 12:32:42 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.pl.dll
[2012/10/09 12:32:42 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.no.dll
[2012/10/09 12:32:42 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.nl.dll
[2012/10/09 12:32:40 | 000,005,632 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.fr-CA.dll
[2012/10/09 12:32:40 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.it.dll
[2012/10/09 12:32:40 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.hu.dll
[2012/10/09 12:32:40 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.fr.dll
[2012/10/09 12:32:40 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.fi.dll
[2012/10/09 12:32:38 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.es-CO.dll
[2012/10/09 12:32:38 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.es.dll
[2012/10/09 12:32:36 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.de.dll
[2012/10/09 12:32:36 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.da.dll
[2012/10/09 12:32:36 | 000,005,120 | ---- | C] (DYMO Corporation) -- C:\WINDOWS\System32\lmmonres.cs.dll
[2012/10/09 12:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Start Menu X
[2012/10/08 12:26:10 | 000,066,944 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\thdudf.sys
[2012/10/07 05:16:34 | 006,733,824 | ---- | C] (OptWin Software) -- C:\Program Files\AllMySongsDatabase.exe
[2012/10/07 05:16:34 | 001,937,408 | ---- | C] (FreeImage) -- C:\Program Files\FreeImage.dll
[2012/10/06 22:27:11 | 000,064,000 | ---- | C] (Desaware Inc.) -- C:\WINDOWS\System32\Apigid32.dll
[2012/10/06 22:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\25 Clips
[2012/10/05 13:49:45 | 000,000,000 | ---D | C] -- C:\Shortcuts\E-mail
[2012/10/02 11:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reg Organizer
[2012/10/02 11:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Reg Organizer
[2012/09/30 19:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lazesoft Data Recovery
[2012/09/30 19:10:36 | 000,333,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wimserv.exe
[2012/09/30 19:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lazesoft Data Recovery
[2012/09/28 08:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\ProcessLasso
[2012/09/28 08:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2012/09/27 15:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\CyberLink
[2012/09/27 15:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\CyberLink
[2012/09/27 11:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Auslogics
[2012/09/25 17:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magic Collage
[2012/09/25 17:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Magic Collage
[2012/09/24 14:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\MyBackups
[2012/09/24 08:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2012/09/24 08:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/09/24 08:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/24 08:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
[2012/09/24 08:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2012/09/24 08:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\WD Data Lifeguard
[2012/09/23 19:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\SIW Portable
[2012/09/23 17:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\launcher
[2012/09/23 14:50:30 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2012/09/23 14:50:30 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2012/09/23 14:50:30 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2012/09/23 14:50:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/09/23 14:50:28 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2012/09/23 14:50:27 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2012/09/23 14:50:27 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2012/09/23 14:50:26 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/09/23 14:50:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2012/09/23 14:50:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2012/09/23 14:50:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2012/09/23 14:50:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2012/09/23 14:50:22 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2012/09/23 14:50:20 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2012/09/23 14:50:20 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2012/09/23 14:50:19 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012/09/23 14:50:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2012/09/23 14:50:18 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2012/09/23 14:50:17 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2012/09/23 14:50:17 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2012/09/23 14:50:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2012/09/23 14:50:16 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2012/09/23 14:50:15 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2012/09/23 14:50:15 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2012/09/23 14:50:14 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2012/09/23 14:50:13 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2012/09/23 14:50:13 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2012/09/23 14:50:13 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2012/09/17 11:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PaintSupreme
[2012/09/17 11:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\PaintSupreme-1.1
[2012/09/13 19:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Folder Size & Analyze Professional
[2012/09/13 19:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Folder Size & Analyze Professional
[2012/09/12 23:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Pixelplan
[2012/09/12 23:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2012/09/12 23:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Flow Architect Studio 3D Projects
[2012/09/12 23:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pixelplan
[2012/09/09 14:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\SIWPortable
[2012/09/09 14:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2012/09/09 14:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\MemTest86
[2012/09/08 16:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/08 16:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/08/29 17:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/08/19 10:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\KC Softwares
[2012/08/19 10:05:41 | 000,204,907 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TRIEDIT.DLL
[2012/08/19 10:05:41 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Dhtmled.ocx
[2012/08/19 10:05:40 | 000,204,800 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\KTbar.ocx
[2012/08/19 10:05:40 | 000,151,552 | ---- | C] (KC Softwares) -- C:\WINDOWS\System32\kmail.ocx
[2012/08/19 10:05:40 | 000,126,976 | ---- | C] (KC Softwares) -- C:\WINDOWS\System32\kftp.ocx
[2012/08/19 10:05:40 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.dll
[2012/08/19 10:05:40 | 000,053,248 | ---- | C] (Katarn Corp.) -- C:\WINDOWS\System32\kvblib.ocx
[2012/08/19 10:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\KC Softwares
[2012/08/18 10:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Kvisoft
[2012/08/18 10:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\kvisoft
[2012/08/18 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\kvisoft
[2012/08/18 10:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Ulead DVD Player
[2012/08/17 17:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Web Boomerang
[2012/08/17 17:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileStream Web Boomerang
[2012/08/15 20:21:11 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2012/08/15 20:21:11 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2012/08/15 20:21:11 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2012/08/12 10:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\NoVirusThanks
[2012/08/12 10:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NoVirusThanks
[2012/08/12 09:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\TechSmith
[2012/08/12 09:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Wisdom-soft
[2012/08/12 09:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
[2012/08/12 09:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free
[2012/08/11 18:53:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/08/11 18:53:44 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/08/10 19:28:14 | 000,000,000 | ---D | C] -- C:\Shortcuts\Clipboard Utilities
[2012/08/10 19:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Anvisoft
[2012/08/09 20:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\My Downloaded Video
[2012/08/09 20:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Nuclear Coffee
[2012/08/09 20:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoGet
[2012/08/09 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Nuclear Coffee
[2012/08/07 18:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012/08/07 18:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2012/08/05 19:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\PicPick
[2012/08/05 19:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\GXDevelopment,_Inc
[2012/08/05 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\CaptureView
[2012/08/05 18:39:38 | 000,000,000 | ---D | C] -- C:\Captured documents
[2012/08/04 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScreenStep Maker
[2012/08/04 22:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenStep Maker
[2012/08/04 08:42:47 | 000,086,016 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\cttele.dll
[2012/08/04 08:42:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012/08/04 08:42:15 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2012/08/04 08:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Creative
[2012/08/04 08:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\data
[2012/07/31 20:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\CrashRpt
[2012/07/31 20:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2012/07/31 20:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2012/07/31 20:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audials 9
[2012/07/31 20:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\RapidSolution
[2012/07/30 21:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\easyQuizzy
[2012/07/29 15:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\JetPaste
[2012/07/29 15:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\JetPaste
[2012/07/29 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JetPaste
[2012/07/29 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\JetPaste
[2012/07/26 06:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\wtxpcom
[2012/07/25 17:16:44 | 000,000,000 | ---D | C] -- C:\Shortcuts\Hardware Device Removal
[2012/07/25 17:15:47 | 000,000,000 | ---D | C] -- C:\Shortcuts\Software Updaters
[2012/07/25 17:14:44 | 000,000,000 | ---D | C] -- C:\Shortcuts\Password Finders
[2012/07/25 17:13:21 | 000,000,000 | ---D | C] -- C:\Shortcuts\Startup Programs
[2012/07/25 17:11:25 | 000,000,000 | ---D | C] -- C:\Shortcuts\Shutdown Programs
[2012/07/25 17:07:54 | 000,000,000 | ---D | C] -- C:\Shortcuts\Uninstallers
[2012/07/25 16:50:17 | 000,000,000 | ---D | C] -- C:\Shortcuts\Flash Software
[2012/07/25 16:47:32 | 000,000,000 | ---D | C] -- C:\Shortcuts\Social Media
[2012/07/25 16:44:12 | 000,000,000 | ---D | C] -- C:\Shortcuts\Personal Organizers
[2012/07/25 16:38:34 | 000,000,000 | ---D | C] -- C:\Shortcuts\OCR - Scanning
[2012/07/25 16:37:01 | 000,000,000 | ---D | C] -- C:\Shortcuts\CD and DVD Labelers
[2012/07/25 15:59:27 | 000,000,000 | ---D | C] -- C:\Shortcuts\Programs - Miscellaneous
[2012/07/23 22:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AntiPhotoSpy
[2012/07/23 22:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\AntiPhotoSpy
[2012/07/22 15:05:09 | 000,000,000 | ---D | C] -- C:\Shortcuts\Burning Software
[2012/07/22 15:01:40 | 000,000,000 | ---D | C] -- C:\Shortcuts\Movie Makers
[2012/07/22 14:56:40 | 000,000,000 | ---D | C] -- C:\Shortcuts\Note Organizers
[2012/07/22 14:54:15 | 000,000,000 | ---D | C] -- C:\Shortcuts\Media Centers
[2012/07/22 14:46:07 | 000,000,000 | ---D | C] -- C:\Shortcuts\Web Authoring
[2012/07/22 14:41:25 | 000,000,000 | ---D | C] -- C:\Shortcuts\SPSS
[2012/07/22 14:38:46 | 000,000,000 | ---D | C] -- C:\Shortcuts\Video Converters
[2012/07/22 14:35:05 | 000,000,000 | ---D | C] -- C:\Shortcuts\Media Players
[2012/07/22 12:45:14 | 000,000,000 | ---D | C] -- C:\Shortcuts\Office Programs
[2012/07/22 12:37:02 | 000,000,000 | ---D | C] -- C:\Shortcuts\PDF Programs
[2012/07/22 12:27:36 | 000,000,000 | ---D | C] -- C:\Shortcuts\Screen Capture
[2012/07/22 12:26:52 | 000,000,000 | ---D | C] -- C:\Shortcuts\Audiio
[2012/07/22 12:26:27 | 000,000,000 | ---D | C] -- C:\Shortcuts\Painting
[2012/07/22 12:26:05 | 000,000,000 | ---D | C] -- C:\Shortcuts\Photographs
[2012/07/22 11:37:58 | 000,000,000 | ---D | C] -- C:\Shortcuts\Video Downloads
[2012/07/19 23:21:19 | 000,039,048 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\tbhsd.sys
[2012/07/19 23:21:13 | 000,031,848 | ---- | C] (RapidSolution Software AG) -- C:\WINDOWS\System32\drivers\rrnetcap.sys
[2012/07/18 15:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/07/17 17:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Media Buddy Output
[2012/07/17 17:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Media Buddy
[2012/07/17 17:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Buddy
[2012/07/17 17:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Media Buddy
[2012/07/15 15:05:12 | 000,000,000 | ---D | C] -- C:\MyBackup
[2012/07/12 19:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\AV Burning Pro
[2012/07/12 19:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AV Burning Pro
[2012/07/12 19:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\AV Burning Pro
[2012/07/12 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\IsolatedStorage
[2012/07/12 19:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\Deployment
[2012/07/12 17:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\Updater
[2012/07/12 16:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UnderCoverXP
[2012/07/12 16:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\UnderCoverXP
[2012/07/12 16:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD & DVD Label Maker
[2012/07/12 16:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\CD & DVD Label Maker
[2012/07/02 13:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JPG2PDF
[2012/07/02 13:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\JPG2PDF
[2012/07/01 19:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IdealSoftware
[2012/07/01 19:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ideal DVD Copy
[2012/07/01 19:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Local Settings\Application Data\IdealSoftware
[2012/07/01 19:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\IdealDVDCopy
[2012/07/01 19:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital - Data Lifeguard Tools
[2012/07/01 19:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/06/28 15:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/06/28 08:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\My Documents\ScreenCamera.Net
[2012/06/28 08:43:39 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012/06/28 08:43:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012/06/28 08:43:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012/06/28 08:43:33 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012/06/28 08:43:27 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012/06/28 08:43:22 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012/06/28 08:43:15 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012/06/28 08:43:05 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012/06/28 08:42:58 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012/06/28 08:41:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012/06/28 08:41:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012/06/28 08:41:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012/06/28 08:41:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012/06/28 08:41:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012/06/28 08:41:53 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012/06/28 08:41:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012/06/28 08:41:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012/06/28 08:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScreenCamera.Net
[2012/06/28 08:41:07 | 000,233,096 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\SCRCAMNETDRIVER.sys
[2012/06/28 08:41:07 | 000,094,208 | ---- | C] (MyCompanyName) -- C:\WINDOWS\System32\PCWinSoftADSwitch.ax
[2012/06/28 08:41:07 | 000,053,248 | ---- | C] (PCWinSoft Systems                 ) -- C:\WINDOWS\System32\PCWinSoftMVSwitch.ax
[2012/06/28 08:41:06 | 000,053,248 | ---- | C] (PCWinSoft Systems                 ) -- C:\WINDOWS\System32\BSwitch.ax
[2012/06/28 08:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenCamera.Net
[2012/06/25 13:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Namosofts
[2012/06/25 13:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Namosofts
[2012/06/24 21:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Sound Editor Pro
[2012/06/24 21:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sound Editor Pro
[2012/06/24 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sound Editor Pro
[2012/06/17 14:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GAK\Application Data\Enplase
[2012/06/17 14:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ultima Steganography
[2012/06/17 14:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ultima Steganography
[2011/10/28 14:33:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\GAK\Application Data\pcouffin.sys
[2011/05/18 18:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files\vbalTreeView6.ocx
[2011/05/18 18:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files\cPopMenu6.ocx
[2011/05/18 18:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files\SSubTmr6.dll
[2011/04/18 23:51:20 | 000,653,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCR90.dll
[2011/04/18 23:51:20 | 000,569,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCP90.dll
[2010/12/16 22:39:36 | 000,302,592 | ---- | C] (Google) -- C:\Program Files\Common Files\webmmux.dll
[2010/12/16 22:39:16 | 000,701,440 | ---- | C] (Google) -- C:\Program Files\Common Files\vp8encoder.dll
[2010/12/16 22:39:16 | 000,412,672 | ---- | C] (Google) -- C:\Program Files\Common Files\vp8decoder.dll
[2010/12/16 22:39:14 | 000,292,352 | ---- | C] (Google) -- C:\Program Files\Common Files\webmsplit.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users