Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Reocurring Trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Reocurring Trojan

Unread postby Micscience » August 27th, 2012, 4:54 pm

I it's really to post this thread right now it keeps moving my mouse cursor different places randomly`and resulting in deleting stuff like my attach log I had to re scan my pc actually started deleting letters from this post please help it is really bad now it keeps messing around with my mouse cursor I had to type on notepad and paste all this it's really strange Image


.DS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Mic at 16:09:14 on 2012-08-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1472 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Soluto\soluto.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Users\Mic\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\printfilterpipelinesvc.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\UMPlayer\umplayer.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\UMPlayer\mplayer\mplayer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Scanner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3214568
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: CorePluginIEBHO Class: {13fa2453-9287-4f18-8554-976d7c02f4ee} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ASRockOCTuner]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe -r
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Mic\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Mic\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279} : NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: CorePluginIEBHO Class: {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\Plugins\CorePluginIE.dll
BHO-X64: CorePluginIEBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll
TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
mRun-x64: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe -r
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SMR300;Symantec SMR Utility Service 3.0.0;C:\Windows\system32\drivers\SMR300.SYS --> C:\Windows\system32\drivers\SMR300.SYS [?]
R0 Soluto;Soluto;C:\Windows\system32\Drivers\Soluto.sys --> C:\Windows\system32\Drivers\Soluto.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [2012-8-21 1385120]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-24 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-15 8704]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-28 655944]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-8-6 3037048]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-17 138272]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-5-24 586816]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-20 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-13 497496]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-20 116648]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SKLProService;Run software as Windows service; [x]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 wxpSvc;webcamXP Service;C:\Program Files (x86)\webcamXP 5\wService.exe [2011-7-27 5023744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-27 19:08:54 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-27 19:08:38 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0501000.01A
2012-08-27 19:08:38 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64
2012-08-27 19:08:36 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2012-08-24 16:05:51 96376 ----a-w- C:\Windows\System32\drivers\SMR300.SYS
2012-08-22 13:51:18 -------- d-----w- C:\Users\Mic\AppData\Local\NPE
2012-08-17 20:14:44 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys
2012-08-17 20:14:44 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1308000.00E\symds64.sys
2012-08-17 20:14:44 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symnets.sys
2012-08-17 20:14:44 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys
2012-08-17 20:14:44 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\symefa64.sys
2012-08-17 20:14:43 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ironx64.sys
2012-08-17 20:14:43 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\ccsetx64.sys
2012-08-17 20:14:30 -------- d-----w- C:\Windows\System32\drivers\NISx64\1308000.00E
2012-08-17 17:32:42 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-17 17:12:56 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-17 17:12:55 -------- d-----w- C:\Program Files\Symantec
2012-08-17 17:12:55 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-17 17:12:29 -------- d-----w- C:\Windows\System32\drivers\NISx64
2012-08-17 17:12:28 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2012-08-17 17:12:09 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-15 04:31:12 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 04:31:12 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 04:31:12 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 04:31:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 04:30:52 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 04:30:52 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 04:30:52 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 04:30:06 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 04:30:06 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 04:29:49 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 04:29:33 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-12 15:12:20 -------- d-----w- C:\Program Files (x86)\MediaMall
2012-08-12 15:12:20 -------- d-----w- C:\Program Files (x86)\Common Files\ffdshowEx
2012-08-12 15:11:08 -------- d-----w- C:\ProgramData\MediaMall
2012-08-12 15:09:38 -------- d-----w- C:\Windows\Downloaded Installations
2012-08-11 17:04:01 -------- d-----w- C:\Program Files\VirtualDJ
2012-08-11 16:45:46 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2012-08-08 01:55:37 -------- d-----w- C:\ALLDATA
2012-08-08 00:39:38 -------- d-----w- C:\Users\Mic\AppData\Roaming\FLEXnet
2012-08-08 00:39:03 -------- d-----w- C:\Program Files (x86)\Common Files\ALLDATA Shared
2012-08-08 00:38:33 -------- d-----w- C:\ALLDATAW
2012-08-01 00:56:29 -------- d-sh--w- C:\ProgramData\DSS
2012-08-01 00:56:28 -------- d-----w- C:\ProgramData\Codemasters
2012-08-01 00:55:41 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2012-08-01 00:55:41 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2012-08-01 00:55:40 -------- d-----w- C:\Program Files (x86)\BRS
2012-08-01 00:55:37 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-08-01 00:55:37 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-08-01 00:55:36 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-08-01 00:55:36 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-08-01 00:55:36 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-07-31 01:10:43 -------- d-----w- C:\Program Files (x86)\PROTOTYPE 2
.
==================== Find3M ====================
.
2012-08-15 18:18:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 18:18:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 04:28:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-15 04:28:52 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-15 04:28:52 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-15 04:28:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-15 04:28:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-15 04:28:52 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-15 04:28:52 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-15 04:28:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-15 04:28:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-15 04:28:52 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-07-26 05:32:24 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-26 05:32:22 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-07-20 18:02:53 3993600 ----a-w- C:\Program Files (x86)\GUTDA58.tmp
2012-07-14 17:18:17 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-14 17:18:17 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-08 20:04:24 28528 ----a-w- C:\Windows\System32\drivers\povrtdev.sys
2012-07-06 02:06:30 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52 19600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-06-16 00:35:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-16 00:35:23 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-16 00:35:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-16 00:35:07 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-16 00:31:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-16 00:31:04 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-16 00:31:04 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-16 00:30:41 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-16 00:30:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-16 00:30:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-16 00:29:19 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-16 00:29:19 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-16 00:29:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-16 00:29:18 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-16 00:29:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-16 00:29:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-06 20:43:58 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-06 20:43:52 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-06 20:38:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-06 20:38:18 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 16:10:08.00 ===============
===================================================================================================

.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2011 7:23:36 PM
System Uptime: 8/24/2012 12:00:35 PM (76 hours ago)
.
Motherboard: ASRock | | M3A770DE
Processor: AMD Phenom(tm) II X4 955 Processor | CPUSocket | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 22.403 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is CDROM ()
H: is CDROM ()
M: is FIXED (NTFS) - 298 GiB total, 16.582 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Media Encoder 2.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Advanced SystemCare 5
aioscnnr
Alarm Clock v1.0
ALLDATA Repair
AMD OverDrive Beta
AMD System Monitor
AMD VISION Engine Control Center
Any Video Converter Professional 3.0.7
Apple Application Support
Apple Software Update
ASRock OC Tuner v2.3.77
Battlefield 3™
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Ccleaner Business Edition x64 x86 Tom_Da_Man
CDBurnerXP
center
Combined Community Codec Pack 2011-11-11
ConvertHelper 2.2
ConvertXtoDVD 4 english manual
ConvertXtoDVD 4.0.9.322
CORE Client
Counter-Strike: Source
D3DX10
DAEMON Tools Lite
DiRT 3
DivX Setup
Dota 2
Dropbox
essentials
ffdshow [rev 3154] [2009-12-09]
FNC 11 Installer
Free YouTube Downloader 3.5.126
Game Booster
Google Chrome
Google Drive
Google Earth
Google Update Helper
Grand Theft Auto: Episodes From Liberty City
Hi-Rez Studios Authenticate and Update Service
Hulu Desktop
ImageShack Uploader 2.2.0
Internet TV for Windows Media Center
IsoBuster 3.0
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
K-Lite Codec Pack 6.5.0 (Basic)
KODAK AiO Software
magicJack
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netflix in Windows Media Center
Norton Bootable Recovery Tool Wizard
Norton Internet Security
NVIDIA PhysX
ocr
OpenAL
PandoraRecovery (Remove Only)
Platform
PlayOn
Plex Media Server
PreReq
QuickTime
Rapture3D 2.4.8 Game
Sapphire TRIXX
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Smart File Advisor 1.1.1
Songbird 1.10.2 (Build 2199)
Steam
Tribes Ascend Closed Beta
UMPlayer 0.98 [Athlon]
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
Virtual DJ Pro Full - Atomix Productions
Visual Studio 2008 x64 Redistributables
webcamXP 5
WinAVI Video Converter
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinX DVD Ripper Platinum 6.0.2
Wxdfast
.
==== Event Viewer Messages From Past Week ========
.
8/27/2012 1:41:17 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/24/2012 9:58:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/24/2012 12:04:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.
8/24/2012 12:04:13 PM, Error: Service Control Manager [7000] - The Soluto PCGenome Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2012 12:02:28 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/24/2012 12:02:18 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/24/2012 12:02:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AODService service to connect.
8/24/2012 12:02:13 PM, Error: Service Control Manager [7000] - The AODService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2012 12:01:43 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
8/24/2012 11:59:52 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
8/24/2012 11:49:51 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/24/2012 11:46:53 AM, Error: Service Control Manager [7000] - The cpuz135 service failed to start due to the following error: The system cannot find the file specified.
8/24/2012 11:43:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.
8/24/2012 11:43:48 AM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2012 11:42:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect.
8/24/2012 11:42:40 AM, Error: Service Control Manager [7000] - The Kodak AiO Network Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/22/2012 3:34:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/22/2012 3:34:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/22/2012 3:34:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/22/2012 3:34:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/22/2012 3:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/22/2012 3:34:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss Soluto spldr sptd SRTSP SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:34:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/22/2012 3:33:40 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
8/21/2012 2:01:38 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
8/21/2012 11:31:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm
Advertisement
Register to Remove

Re: Reocurring Trojan

Unread postby askey127 » August 30th, 2012, 7:50 am

Hi Micscience,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program µTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Close all Open programs. Make sure Game Booster is not running.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

µTorrent
Advanced SystemCare 5
Game Booster
Java(TM) 6 Update 29
Java(TM) 6 Update 31

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Right click and choose "Run as administrator" in Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from RogueKiller and the two logs from OTL.
You may prefer to post each in a separate reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Reocurring Trojan

Unread postby Micscience » August 30th, 2012, 2:06 pm

Hello Askey127, I did what was requested however I would like to state that the infections detected in the picture posted above were confirmed false positives. They no longer show up however my Firefox browser is a bit buggy and sometimes I randomly get files being prompted threw my browser to download when I have not clicked any download link and another symptom would be loading the webpages my browser tends to freeze and if I hit refresh it will restart and load fine.

Roguekiller Report:

RogueKiller V8.0.1 [08/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mic [Admin rights]
Mode : Scan -- Date : 08/30/2012 13:45:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2902281652-3159124223-882470899-1000[...]\Run : cdloader ("C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 56248521bc4ffb45fbde58a1e548931d
[BSP] b17d50fce59c8f130ca38da89e94bcc6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200AAKS-00SBA0 ATA Device +++++
--- User ---
[MBR] 7de38da842f0e4ba0d9134296eba7034
[BSP] b4ebdc4c8c3f906e975d36f35b44608b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby Micscience » August 30th, 2012, 2:12 pm

OTL1


OTL logfile created on: 8/30/2012 1:51:03 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.68% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 31.53 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 17.23 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/06/04 14:58:02 | 003,029,112 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/06/04 14:58:02 | 001,329,272 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/03/14 12:26:48 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/04 14:59:18 | 000,044,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/06/04 14:59:18 | 000,032,888 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/06/04 14:59:16 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/06/04 14:59:14 | 000,195,704 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/06/04 14:59:14 | 000,057,464 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/06/04 14:59:12 | 000,841,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/06/04 14:59:10 | 000,824,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/06/04 14:59:10 | 000,049,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/06/04 14:59:08 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/06/04 14:59:06 | 000,365,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/06/04 14:59:04 | 000,093,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/06/04 14:59:02 | 000,589,944 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/06/04 14:59:00 | 000,134,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/06/04 14:59:00 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/06/04 14:58:56 | 000,141,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/06/04 14:58:54 | 008,494,712 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/06/04 14:58:54 | 000,628,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/06/04 14:58:50 | 000,586,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/06/04 14:58:48 | 000,150,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/06/04 14:58:48 | 000,086,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/06/04 14:58:40 | 001,009,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/06/04 14:58:40 | 000,173,176 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/06/04 14:58:36 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/06/04 14:58:32 | 001,290,872 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/06/04 14:58:16 | 000,373,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2012/06/04 14:58:14 | 000,178,296 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2012/06/04 14:58:12 | 000,952,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/06/04 14:58:10 | 001,038,456 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/06/04 14:58:08 | 001,254,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/06/04 14:58:08 | 000,271,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/06/04 14:58:06 | 005,827,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/11/07 12:58:44 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabmsghk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 08:58:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 14:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/08 00:29:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/07/27 15:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/08 16:04:24 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/06 18:27:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/27 16:23:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/27 16:23:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/08 00:58:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/17 07:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012/08/30 03:23:16 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120829.024\ex64.sys -- (NAVEX15)
DRV - [2012/08/30 03:23:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/30 03:23:16 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120829.024\eng64.sys -- (NAVENG)
DRV - [2012/08/27 13:51:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120829.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS -- (SABKUTIL)
DRV - [2005/09/21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys -- (SABDIFSV)
DRV - [2005/03/21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes\{CF777CF1-B1C7-4761-ADEB-1B21506E0D29}: "URL" = http://us.yhs4.search.yahoo.com/yhs/sea ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 14:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/30 13:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 08:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 10:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/05 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper [2012/04/29 00:01:01 | 000,000,000 | ---D | M]

[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions
[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions
[2012/07/28 12:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/20 23:24:45 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@djzig.com
[2012/02/03 23:15:15 | 000,000,000 | ---D | M] (wxDfast extension) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@wxdownloadmanager.com
[2012/04/29 00:01:01 | 000,000,000 | ---D | M] (Search Results Optimizator) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper
[2011/12/28 23:54:01 | 000,001,945 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\searchplugins\bing-zugo.xml
[2012/06/05 17:20:58 | 000,000,919 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\searchplugins\conduit.xml
[2012/07/19 09:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 14:56:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/08/30 13:32:02 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/08/17 15:41:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/12/08 18:44:44 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@EPICPLAY.COM
[2012/06/24 12:06:03 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJFGN1CU.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012/08/29 08:58:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 08:58:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 10:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/29 08:58:25 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: wxDfast extension = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgjgdnjolohlloakjnifiglajcmapc\1.0_0\
CHR - Extension: FreeMake = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.15.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\

O1 HOSTS File: ([2012/08/24 11:59:30 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Super Ad Blocker Toolbar) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
O3 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\x64\3\ekaio2mui.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe (Acresso Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [ASRockOCTuner] File not found
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [cdloader] C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000..\Run: [SuperAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (SuperAdBlocker.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 11:33:22 | 007,652,327 | ---- | M] () - M:\Automotive Computer Controlled Systems [h33t] [Malestrom].pdf -- [ NTFS ]
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell\AutoRun\command - "" = D:\/files/openindex.exe index.hta
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 13:47:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\RK_Quarantine
[2012/08/29 20:15:30 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTemp
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAdBlocker.com
[2012/08/29 08:57:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/08/29 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\Browser Guard
[2012/08/29 08:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2012/08/29 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Powerful Malware Tools
[2012/08/28 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\backups
[2012/08/28 00:35:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Security Justice League
[2012/08/27 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/08/27 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/08/27 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 19:45:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/27 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/08/27 18:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/08/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/08/27 15:08:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/24 11:27:17 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\NPE
[2012/08/17 16:14:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012/08/17 16:14:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012/08/17 16:14:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012/08/17 16:14:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012/08/17 16:14:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012/08/17 16:14:43 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012/08/17 16:14:43 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012/08/17 16:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012/08/17 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/17 13:12:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/08/17 13:12:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/17 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/15 00:31:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/08/12 11:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/08/12 11:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/08/11 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\Mic\Documents\VirtualDJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/08/07 21:55:37 | 000,000,000 | ---D | C] -- C:\ALLDATA
[2012/08/07 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\FLEXnet
[2012/08/07 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ALLDATA Shared
[2012/08/07 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
[2012/08/07 20:38:33 | 000,000,000 | ---D | C] -- C:\ALLDATAW
[2012/08/03 11:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/31 20:56:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2012/07/31 20:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2012/07/31 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2012/07/31 20:55:41 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2012/07/31 20:55:41 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2012/07/31 20:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2012/07/31 20:55:37 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/31 20:55:37 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/07/31 20:55:36 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/31 20:55:36 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/07/31 20:55:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/12/08 00:58:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mic\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/30 13:47:15 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:43:23 | 001,372,672 | ---- | M] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/30 13:42:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 13:42:28 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/30 13:32:18 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000UA.job
[2012/08/30 13:31:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/30 13:30:25 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/30 13:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/30 13:29:37 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/30 13:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 13:14:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/30 13:06:44 | 000,000,983 | ---- | M] () -- C:\Users\Mic\Desktop\magicJack.lnk
[2012/08/30 13:04:24 | 000,461,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/29 21:32:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000Core.job
[2012/08/29 20:14:59 | 000,000,318 | ---- | M] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | M] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:42 | 000,005,796 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:09 | 000,001,924 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:40 | 000,004,106 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 19:12:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/27 15:13:24 | 603,815,936 | ---- | M] () -- C:\NBRT.iso
[2012/08/27 15:08:58 | 001,394,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/24 12:20:15 | 000,001,034 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/24 11:59:30 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/24 11:59:30 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/24 11:27:03 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/21 23:18:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 16:14:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 16:14:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/15 23:15:36 | 000,001,173 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2012/08/15 14:18:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 14:18:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 00:31:12 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/12 15:35:48 | 000,001,513 | ---- | M] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/10 01:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/09 11:02:11 | 000,023,224 | ---- | M] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:14 | 000,010,162 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:35 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/05 16:26:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 11:22:55 | 000,002,110 | ---- | M] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/04 12:38:00 | 000,006,259 | ---- | M] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2012/07/31 20:55:38 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/31 20:55:37 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/07/31 20:55:36 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/31 20:55:36 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 13:47:15 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2012/08/30 13:43:22 | 001,372,672 | ---- | C] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/29 20:14:59 | 000,000,318 | ---- | C] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | C] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:40 | 000,005,796 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:07 | 000,001,924 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:38 | 000,004,106 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 15:12:53 | 603,815,936 | ---- | C] () -- C:\NBRT.iso
[2012/08/27 15:08:38 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/24 12:20:12 | 000,001,034 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/21 11:25:10 | 001,394,189 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/17 16:14:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012/08/17 16:14:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012/08/17 16:14:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012/08/17 16:14:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012/08/17 16:14:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012/08/17 16:14:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012/08/17 16:14:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012/08/17 16:14:43 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012/08/17 16:14:43 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012/08/17 16:14:43 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012/08/17 16:14:43 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012/08/17 16:14:43 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012/08/17 16:14:30 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symvtcer.dat
[2012/08/17 16:14:30 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012/08/17 16:14:30 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012/08/17 16:14:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/17 13:12:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 13:12:56 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:47 | 000,001,513 | ---- | C] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/09 11:02:07 | 000,023,224 | ---- | C] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:12 | 000,010,162 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:32 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/04 12:38:00 | 000,006,259 | ---- | C] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2012/07/27 15:25:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/06/21 11:35:27 | 000,034,764 | ---- | C] () -- C:\Users\Mic\AppData\Local\dt.dat
[2012/06/07 12:09:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/05/27 12:10:12 | 000,004,608 | ---- | C] () -- C:\Users\Mic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 14:57:26 | 000,011,388 | ---- | C] () -- C:\Users\Mic\gsview64.ini
[2012/05/11 11:58:59 | 000,000,706 | RHS- | C] () -- C:\Users\Mic\ntuser.pol
[2012/05/05 17:06:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/29 00:01:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/24 21:53:19 | 000,008,448 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_audio.Cache
[2012/04/24 21:52:41 | 000,000,288 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_image32.Cache
[2012/03/16 01:33:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 19:47:40 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\E302AF636FDE.ini
[2012/02/15 19:39:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 17:22:31 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/16 23:52:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2011/12/14 20:11:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 22:23:26 | 000,007,666 | ---- | C] () -- C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
[2011/12/08 00:59:34 | 000,001,173 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 00:58:36 | 000,099,384 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\inst.exe
[2011/12/08 00:58:36 | 000,007,859 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.cat
[2011/12/08 00:58:36 | 000,001,167 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.inf
[2011/12/07 22:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/04/28 22:47:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2011/12/25 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Temp
[2011/12/25 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/12/25 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/07/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\2K Sports
[2012/07/21 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AnvSoft
[2011/12/23 10:41:50 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Any Video Converter Professional
[2012/04/28 23:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Apowersoft
[2011/12/08 08:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AVG2012
[2012/02/01 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\BigHugeEngine
[2011/12/18 23:47:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Canneverbe Limited
[2012/01/20 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\CoreClient
[2012/08/23 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 10:36:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Pro
[2012/07/22 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Digiarty
[2012/08/30 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Dropbox
[2012/04/28 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DVDVideoSoft
[2011/12/09 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Electronic Arts
[2012/03/07 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\FK_Monitor
[2012/04/25 00:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Free Audio Editor
[2012/04/02 03:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\IObit
[2012/02/15 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\iolo
[2012/04/28 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\ManyCam
[2012/08/30 13:06:54 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\mjusbsp
[2012/05/02 12:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotionDSP
[2012/07/27 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotioninJoy
[2012/05/02 13:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\OpenCandy
[2012/05/20 13:14:31 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\OpenOffice.org
[2012/02/24 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\PandoraRecovery
[2012/02/26 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QFX Software
[2012/08/27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/05/16 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Songbird2
[2011/12/24 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Sony
[2012/04/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SourceTec
[2012/03/04 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SplitMediaLabs
[2012/08/29 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2011/12/11 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Temp
[2011/12/08 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Thunderbird
[2011/12/08 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Tomato
[2012/05/09 10:47:02 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\TuneUpMedia
[2011/12/23 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Ulead Systems
[2012/08/30 09:08:50 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\uTorrent
[2011/12/25 11:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Visan
[2012/08/15 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Vso
[2012/04/30 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Xilisoft
[2012/04/28 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\xVideoServiceThief
[2012/04/28 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Youtube Downloader HD
[2012/08/30 13:30:25 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/06/19 10:39:30 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/04 22:08:05 | 000,000,000 | ---D | M](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그
[2012/03/04 22:08:05 | 000,000,000 | ---D | C](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >
===================================================================================================
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby Micscience » August 30th, 2012, 2:13 pm

Extras


OTL Extras logfile created on: 8/30/2012 1:51:03 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 61.68% Memory free
8.00 Gb Paging File | 6.16 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 31.53 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 17.23 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A67EE0-ECB3-4442-B382-B55E97D12093}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1027E4D1-7941-41C1-9715-FE3D2A4A27CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{1BD7B720-D0B9-48C7-A7F6-29E49912E320}" = lport=445 | protocol=6 | dir=in | app=system |
"{1FB5D90F-0E6D-4D10-923B-B01430BA3BA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FD7752A-8310-4936-9D51-EFAB19E518D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{3453C58C-9BB8-4EF6-9035-C8C7DC762FB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3906D8AB-5526-4889-BE4D-66621F6F195F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{3CAD69C6-1725-4177-B451-1801F15651F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{463DCBF3-1838-45F1-B475-F2B286269725}" = rport=138 | protocol=17 | dir=out | app=system |
"{50CA72BA-5938-4C7C-BFE1-8F69C4F6AF8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5B7CB5F9-6C4F-4238-8C46-06F21A84F352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5C1E374D-A52B-4A28-92D4-E8EA8591A98A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5EA7BB31-B9F2-4126-B9BA-7F99F826D1BD}" = lport=138 | protocol=17 | dir=in | app=system |
"{65C6DD09-08AE-48D0-AEE7-BDE537F66B73}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6856C10E-8CFB-4EBA-90AC-4C481AC71D0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{77137031-9D6F-4EF9-B810-2E4945566A8B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77408106-5586-453F-94F2-0C104570F6FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8342B29F-9CD4-4056-9A89-CAE303D53509}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{85DFA6CB-A708-47B3-811D-26D9247F0821}" = rport=445 | protocol=6 | dir=out | app=system |
"{87177FEC-069B-40A2-A872-52F317EA2C6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{950114C2-86D0-49C4-BCD5-37B5F6B64AFF}" = lport=1701 | protocol=17 | dir=in | app=system |
"{99EA9579-953C-4331-A44F-226756D9AEA5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B987365D-EFD2-4133-8F8E-CA5521B64183}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BAAFC373-E52A-4C5E-A324-BDC76D1EA44D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB6BFE08-CDC9-403C-8DFC-438BFE739F4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD4CABF1-5D5D-41D7-A974-F0D36FBA6FF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE709A90-94B2-48BF-8403-C635CB1E034F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{CE6E41D1-BD99-4891-A124-FF03B3FE13C3}" = rport=1723 | protocol=6 | dir=out | app=system |
"{DCB92772-1834-4303-9EEF-C53BC3DBE7B2}" = lport=1723 | protocol=6 | dir=in | app=system |
"{DCF1542D-D60D-4377-BD10-1AEB8B675BC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1EC86FE-D8DC-4E54-AF58-8CD4065B228B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1D6B056-FFD1-424F-AE13-AD525250AD99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F7916C66-42DA-4052-AB42-F9912C4E63FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAF67392-015D-4543-BF69-1325C6176F4B}" = rport=1701 | protocol=17 | dir=out | app=system |
"{FB0360A9-FAE8-49FE-8448-209915EAB4EA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04116760-E5CF-470C-9C78-C9A3EAD72EC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{066949D9-BBF3-449A-A349-12B5EE71773B}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\asc.exe |
"{07897953-AF94-4E83-B6DE-FCD5A5579D89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{07D67879-DB18-4B78-893D-980CDA8457B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D825B21-8454-47C0-AD2C-9E1722BD2F6E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{0DDDDF56-2CE5-44DC-803D-8379E9566ED2}" = protocol=47 | dir=out | app=system |
"{0E7AFC6D-C872-4B15-8EE7-1CC523763EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0FE598B2-848A-4B01-9AFB-18D2D0A155E9}" = protocol=6 | dir=in | app=c:\program files (x86)\webcamxp 5\wservice.exe |
"{10371D31-D711-4C5B-A4CA-AE106DF14D86}" = dir=out | app=%programfiles% (x86)\prototype 2\prototype2.exe |
"{11F13C85-48FD-45BF-8D69-80F2CDF27051}" = protocol=17 | dir=in | app=c:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe |
"{1462E3FB-4FFF-4A51-B448-1B510C2BF78C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{162C3615-0277-4614-B293-65EDAF49CA00}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{18D697F4-B835-48A4-A604-21F5177756A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D8D35F9-81F3-464C-A869-0D136EB87BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{1E2FCE3A-4070-4CA2-AA7A-3A4B9718FEFF}" = protocol=6 | dir=in | app=c:\users\mic\appdata\roaming\mjusbsp\magicjack.exe |
"{235D038C-A7FF-4519-A6CC-ACFCF71F8CD3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{28B76781-001F-4CFF-A7DD-C9EAB30B138F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29337F84-FF34-4FB0-9AD1-F88A29D171CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{36AA979F-C92E-4032-9E30-15E9911FC441}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4395CD10-2238-4456-B4CB-F7319C8A98BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4B055D16-643C-4EEB-932F-568B2E088630}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D264F49-9EBD-4731-83C5-4A2F418C5CE8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5AC0A3FD-C8D6-473A-96D1-44303E8AF82C}" = protocol=17 | dir=in | app=z:\game\bin\nmservice.exe |
"{5D6D3126-0319-46EF-9C57-2E4C053DF498}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DA01720-2224-405B-B82B-91AD3460171A}" = dir=out | app=%programfiles%\diskeeper corporation\diskeeper\diskeeper.exe |
"{603E7FAA-6C32-4356-830B-A5D58B56460E}" = dir=out | app=%systemdrive%\alldataw\ace.exe |
"{61D566ED-3B0A-4B66-9ADC-8E01D08E747C}" = protocol=17 | dir=in | app=c:\users\mic\appdata\roaming\mjusbsp\magicjack.exe |
"{645AA252-7143-4209-8568-0823F239BA68}" = protocol=6 | dir=in | app=c:\users\mic\appdata\roaming\mjusbsp\magicjack.exe |
"{65F0CFBA-F008-468A-B0D5-8413B684494A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66FE135F-AA4D-474E-A584-404CECF1CB00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{68195074-2D5D-4936-BAE8-A23651AD3D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\webcamxp 5\wlite.exe |
"{6BF04C99-9044-400B-83F0-8D2D0C3F9EC5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C431E00-CA2E-4931-8F1D-8DA37E546FAD}" = dir=out | app=%systemdrive%\alldataw\pc_checker.exe |
"{6CED4929-15CF-4C95-B919-07E7CFE27863}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{73BB5C25-638F-4C4B-B0AD-9D63F42655E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlclient.exe |
"{746D0CE7-D947-4988-A924-155C5EAA58F7}" = protocol=17 | dir=in | app=c:\program files (x86)\webcamxp 5\wlite.exe |
"{78C58E00-E857-4FAE-BFE1-774966434BD7}" = protocol=6 | dir=in | app=z:\game\bin\cstrike-online.exe |
"{7A110A88-948A-4D77-845F-F3ABCE9977AA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{7A45FABC-75C3-4B8D-B833-3242816006C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7A6224C3-F13B-4998-89ED-F604AC2758CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B10DAC1-429E-4A90-97D5-08177FF3A993}" = protocol=6 | dir=in | app=c:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3717F8-8EA6-4A9E-BB12-FA6ECC377F3E}" = dir=in | app=%systemdrive%\alldataw\pc_checker.exe |
"{85C343C8-7486-478E-9A6B-D885C7A0AA62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F7D390D-DDB1-4508-B0F8-7F7973CC6269}" = dir=in | app=%systemdrive%\alldataw\ace.exe |
"{9D30B9D5-774A-4206-831E-FF2B9EC5269A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A20DD12A-C4B8-4F51-98DB-FB8AA451C16D}" = protocol=6 | dir=out | app=system |
"{A5B21389-3B3C-402F-A5E4-810AC0BB7A93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AB0EA1CF-9CF1-4793-B7A5-3C68CFF9C9B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEF5AC1A-598D-47E4-A069-D68236E87E8A}" = protocol=17 | dir=in | app=z:\game\bin\cstrike-online.exe |
"{B73E987E-2DEC-4E9F-B45C-E356CF8E4454}" = protocol=47 | dir=in | app=system |
"{B8BA378D-B2DD-40E1-91A3-2C11B07B05F2}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\convertx\4\convertxtodvd.exe |
"{BC947976-0034-47B5-8CE6-5569C5809FA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2FD599-3A98-40F8-B38E-C75C281879AF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1F2C339-B61E-4773-A932-7C46F06B6C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlclient.exe |
"{C4F846B6-FA10-474F-AF71-0DDE3AB4E8F4}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{C7810C8D-5551-41D5-8C1E-835B69A0BF46}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\convertx\4\convertxtodvd.exe |
"{C78D78BA-F419-4337-82CF-45DA23D1BEF2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CA5B83E9-E1F3-42A0-8A5F-CF34A7D24166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D064F12F-2388-4051-A06A-CF2060F75799}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3.exe |
"{D220A57F-B34C-44F4-AC46-9D5BC9022A6A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D350A934-FDCA-46EA-88C8-8925D8E6329E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D58F058C-6973-431D-9D8E-248A66BFAD15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{D890D246-FD8D-4542-B1F1-8B10C99E132F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{DB1BEBDD-98F8-4220-881C-25F3036AFAED}" = protocol=17 | dir=in | app=c:\users\mic\appdata\roaming\mjusbsp\magicjack.exe |
"{DC41F958-9855-4D85-9772-7F76219E54C2}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{DC4D526C-830A-4B82-BD59-2EB52CCAFA95}" = protocol=17 | dir=in | app=c:\program files (x86)\webcamxp 5\wservice.exe |
"{DD99755F-1970-4855-BD60-ABBE4230E7DD}" = dir=out | app=%programfiles% (x86)\iobit\advanced systemcare 5\autoupdate.exe |
"{E2D7DEFE-A5DF-4856-A1A5-C2996A475F21}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E8B1A15D-699C-475B-9F3B-BE2A736AF26A}" = protocol=6 | dir=in | app=z:\game\bin\nmservice.exe |
"{EEED6BFC-5961-4963-924D-4ADFD4CB3B2B}" = dir=out | app=%programfiles% (x86)\vso\convertx\4\convertxtodvd.exe |
"{F29F8BCF-3456-4238-B219-ABC4C33888BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2DC9843-88A8-4235-A60F-497439CF774B}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{F63DCACE-EAE4-4CC4-918B-D97C19FC972E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games for windows - live\client\gfwlive.exe |
"{FCA4FA42-8B8F-4A8F-868B-223708160B81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{FCC903B8-7B02-4CEF-A97C-95EC9D3B9838}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDC72924-4176-41EE-9814-20968DF39B0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0428A0A7-466C-44D3-A777-D124CDDAECD9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{19F4FE78-1E55-4EC0-A1B3-CEE3A020C1E2}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"TCP Query User{1DCB23DE-9BAD-4DE1-9ACD-68C392122F17}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{203FD860-D2B9-467A-816A-4D12375CC05C}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{97C0DC64-B246-46DB-B346-BC685B32F9BC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{CE7A4708-6EF7-4B63-BFF3-46F1A15F8861}C:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{12B8AAC2-AAAF-44F4-AB6A-77E67297BE9D}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{BCC6450E-516B-4444-882A-316C4BBD2079}C:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mic\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C0BC9FA2-D73C-43C8-B971-F2162E7B6191}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{C575BC82-B18E-46EA-A4B1-057722F6AD77}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{D5A3CD0C-58FE-40AC-88DB-9C326FBBE02A}C:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{DDF2F589-19E3-4D40-8CA7-1880C17F4C3A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7ECE8B97-924C-4886-857D-B5F144C8F7B8}" = Diskeeper 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{375B0ACB-49BA-463E-96D0-E95F994DF594}" = AMD OverDrive Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{634033F4-3E94-4F5E-B3E4-3928A46A78D7}_is1" = ConvertXtoDVD 4 english manual
"{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718B4425-80EA-4F64-A05C-48285CE63F73}" = AMD System Monitor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A625369-34A4-4D62-9165-2EFCFA41DA1D}" = CORE Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.126
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BF334108-A7B2-4861-9A93-C0AE6EB40D11}" = Plex Media Server
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4ADDB2A-EE3C-41A7-88DF-99333DAE18E3}" = Browser Guard v3.0
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8BA8B13-856D-4DFB-A28F-7EC868142453}" = Super Ad Blocker
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alarm Clock_is1" = Alarm Clock v1.0
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.77
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IsoBuster_is1" = IsoBuster 3.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Sapphire TRIXX" = Sapphire TRIXX
"Security Task Manager" = Security Task Manager 1.8d
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Songbird-release-2199" = Songbird 1.10.2 (Build 2199)
"Steam App 240" = Counter-Strike: Source
"Steam App 44320" = DiRT 3
"Steam App 570" = Dota 2
"UMPlayer" = UMPlayer 0.98 [Athlon]
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.2
"wLite" = webcamXP 5
"Wxdfast" = Wxdfast

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2902281652-3159124223-882470899-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ccleaner Business Edition x64 x86 Tom_Da_Man" = Ccleaner Business Edition x64 x86 Tom_Da_Man
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2012 11:35:15 PM | Computer Name = Mic-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Mic\Downloads\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/30/2012 4:55:11 AM | Computer Name = Mic-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Mic\downloads\esetsmartinstaller_enu
(1).exe".Error in manifest or policy file "" on line . A component version required
by the application conflicts with another component version already active. Conflicting
components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/30/2012 4:55:12 AM | Computer Name = Mic-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Mic\downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/30/2012 1:03:53 PM | Computer Name = Mic-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 1:07:34 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in Mic-PC._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

Error - 8/30/2012 1:07:34 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in ._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

Error - 8/30/2012 1:07:34 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in Mic-PC._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

Error - 8/30/2012 1:31:59 PM | Computer Name = Mic-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 1:35:10 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in Mic-PC._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

Error - 8/30/2012 1:35:10 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in ._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

Error - 8/30/2012 1:35:10 PM | Computer Name = Mic-PC | Source = Bonjour Service | ID = 100
Description = Bad service type in Mic-PC._plexmediaserver_lge._tcp.local. Application
protocol name must be underscore plus 1-15 characters. See <http://www.dns-sd.org/ServiceTypes.html>

[ Media Center Events ]
Error - 5/19/2012 7:33:30 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 7:33:29 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 8:33:38 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 8:33:37 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 5:42:35 PM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:42:33 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 5:38:55 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:38:55 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 5:41:14 PM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:41:11 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 5:51:09 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:51:09 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 5:50:45 PM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:50:41 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 5:05:24 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:05:24 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 5:22:32 PM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:22:28 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 5:59:09 AM | Computer Name = Mic-PC | Source = MCUpdate | ID = 0
Description = 5:59:09 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 8/30/2012 1:30:54 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the Function
Discovery Provider Host service which failed to start because of the following error:
%%1058

Error - 8/30/2012 1:31:55 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABDIFSV SABKUTIL SMR310

Error - 8/30/2012 1:32:01 PM | Computer Name = Mic-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\ has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 8/30/2012 1:32:01 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7000
Description = The SABDIFSV service failed to start due to the following error: %%1275

Error - 8/30/2012 1:32:01 PM | Computer Name = Mic-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\ has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 8/30/2012 1:32:01 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7000
Description = The SABKUTIL service failed to start due to the following error: %%1275

Error - 8/30/2012 1:32:34 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 8/30/2012 1:32:36 PM | Computer Name = Mic-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\ has
been blocked from loading due to incompatibility with this system. Please contact
your software vendor for a compatible version of the driver.

Error - 8/30/2012 1:32:36 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7000
Description = The SABProcEnum service failed to start due to the following error:
%%1275

Error - 8/30/2012 1:37:16 PM | Computer Name = Mic-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby askey127 » August 30th, 2012, 3:36 pm

Micscience,
Good that was a false positive.
Let's continue until we are sure there are no gremlins hiding in your machine, and we are sure it's properly protected.
----------------------------------------------
New Java Infection Threat
This just came to my attention today.
You may want to shut off Java in your browsers until Oracle gets the problem fixed.
Lots of PC infections expected.
http://www.pcworld.com/article/261615/j ... #tk.hp_new

How to Disable Java in your Browser:
http://www.geekstogo.com/2600/how-to-di ... b-browser/
(This may cause failure of some websites to display or interact correctly).
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :OTL
    O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
    O3 - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    [2011/12/28 23:54:01 | 000,001,945 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\searchplugins\bing-zugo.xml
    [2012/06/05 17:20:58 | 000,000,919 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\searchplugins\conduit.xml
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=3&q={searchTerms}"
    IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2902281652-3159124223-882470899-1000\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3
    
    :Files
    C:\Program Files (x86)\IObit\
    C:\Users\Mic\AppData\Roaming\uTorrent
    C:\Users\Mic\AppData\Roaming\OpenCandy
    C:\Users\Mic\AppData\Roaming\IObit
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Reocurring Trojan

Unread postby Micscience » August 31st, 2012, 9:55 am

Ok I disabled Java in my browser and uninstalled both installations from my system.
I also applied the custom fix with OTL and here is the log you requested.

OTL logfile created on: 8/31/2012 9:41:11 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.42% Memory free
8.00 Gb Paging File | 6.19 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 27.66 Gb Free Space | 11.88% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 17.23 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/06/04 14:58:02 | 003,029,112 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/06/04 14:58:02 | 001,329,272 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\Mic\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2012/02/01 13:34:52 | 000,103,840 | ---- | M] (magicJack L.P.) -- C:\Users\Mic\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/03/14 12:26:48 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/04 14:59:18 | 000,044,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/06/04 14:59:18 | 000,032,888 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/06/04 14:59:16 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/06/04 14:59:14 | 000,195,704 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/06/04 14:59:14 | 000,057,464 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/06/04 14:59:12 | 000,841,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/06/04 14:59:10 | 000,824,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/06/04 14:59:10 | 000,049,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/06/04 14:59:08 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/06/04 14:59:06 | 000,365,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/06/04 14:59:04 | 000,093,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/06/04 14:59:02 | 000,589,944 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/06/04 14:59:00 | 000,134,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/06/04 14:59:00 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/06/04 14:58:56 | 000,141,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/06/04 14:58:54 | 008,494,712 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/06/04 14:58:54 | 000,628,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/06/04 14:58:50 | 000,586,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/06/04 14:58:48 | 000,150,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/06/04 14:58:48 | 000,086,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/06/04 14:58:40 | 001,009,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/06/04 14:58:40 | 000,173,176 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/06/04 14:58:36 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/06/04 14:58:32 | 001,290,872 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/06/04 14:58:16 | 000,373,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2012/06/04 14:58:14 | 000,178,296 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2012/06/04 14:58:12 | 000,952,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/06/04 14:58:10 | 001,038,456 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/06/04 14:58:08 | 001,254,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/06/04 14:58:08 | 000,271,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/06/04 14:58:06 | 005,827,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/02/01 13:42:32 | 000,083,352 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\mjusbsp\octvqem_apiw.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/11/07 12:58:44 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabmsghk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 08:58:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 14:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/08 00:29:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/07/27 15:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Running] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/08 16:04:24 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/06 18:27:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/27 16:23:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/27 16:23:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/08 00:58:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/17 07:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012/08/31 03:32:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120830.025\ex64.sys -- (NAVEX15)
DRV - [2012/08/31 03:32:42 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120830.025\eng64.sys -- (NAVENG)
DRV - [2012/08/30 03:23:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 13:51:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120830.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS -- (SABKUTIL)
DRV - [2005/09/21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys -- (SABDIFSV)
DRV - [2005/03/21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{CF777CF1-B1C7-4761-ADEB-1B21506E0D29}: "URL" = http://us.yhs4.search.yahoo.com/yhs/sea ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 14:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/31 09:32:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 08:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 10:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/05 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper [2012/04/29 00:01:01 | 000,000,000 | ---D | M]

[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions
[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions
[2012/07/28 12:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/20 23:24:45 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@djzig.com
[2012/02/03 23:15:15 | 000,000,000 | ---D | M] (wxDfast extension) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@wxdownloadmanager.com
[2012/04/29 00:01:01 | 000,000,000 | ---D | M] (Search Results Optimizator) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper
[2012/07/19 09:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 14:56:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/08/31 09:32:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/08/17 15:41:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/12/08 18:44:44 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@EPICPLAY.COM
[2012/06/24 12:06:03 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJFGN1CU.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012/08/29 08:58:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 08:58:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 10:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/29 08:58:25 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: wxDfast extension = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgjgdnjolohlloakjnifiglajcmapc\1.0_0\
CHR - Extension: FreeMake = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.15.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\

O1 HOSTS File: ([2012/08/24 11:59:30 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Super Ad Blocker Toolbar) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\x64\3\ekaio2mui.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe (Acresso Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SuperAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (SuperAdBlocker.com)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 11:33:22 | 007,652,327 | ---- | M] () - M:\Automotive Computer Controlled Systems [h33t] [Malestrom].pdf -- [ NTFS ]
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell\AutoRun\command - "" = D:\/files/openindex.exe index.hta
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 09:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 13:47:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\RK_Quarantine
[2012/08/29 20:15:30 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTemp
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAdBlocker.com
[2012/08/29 08:57:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/08/29 08:50:32 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\Browser Guard
[2012/08/29 08:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2012/08/29 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Powerful Malware Tools
[2012/08/28 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\backups
[2012/08/28 00:35:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Security Justice League
[2012/08/27 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/08/27 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/08/27 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 19:45:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/08/27 15:08:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/24 11:27:17 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\NPE
[2012/08/17 16:14:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012/08/17 16:14:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012/08/17 16:14:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012/08/17 16:14:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012/08/17 16:14:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012/08/17 16:14:43 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012/08/17 16:14:43 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012/08/17 16:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012/08/17 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/17 13:12:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/08/17 13:12:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/17 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/15 00:31:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/08/12 11:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/08/12 11:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/08/11 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\Mic\Documents\VirtualDJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/08/07 21:55:37 | 000,000,000 | ---D | C] -- C:\ALLDATA
[2012/08/07 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\FLEXnet
[2012/08/07 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ALLDATA Shared
[2012/08/07 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
[2012/08/07 20:38:33 | 000,000,000 | ---D | C] -- C:\ALLDATAW
[2012/08/03 11:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/08 00:58:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mic\AppData\Roaming\pcouffin.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 09:43:53 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 09:43:53 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 09:36:46 | 000,000,983 | ---- | M] () -- C:\Users\Mic\Desktop\magicJack.lnk
[2012/08/31 09:32:34 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/31 09:32:22 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/31 09:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 09:31:48 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 09:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 09:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/31 08:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000UA.job
[2012/08/30 22:11:49 | 000,001,173 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2012/08/30 21:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000Core.job
[2012/08/30 20:12:44 | 000,010,159 | ---- | M] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | M] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | M] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:43:23 | 001,372,672 | ---- | M] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/30 13:04:24 | 000,461,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/29 20:14:59 | 000,000,318 | ---- | M] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | M] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:42 | 000,005,796 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:09 | 000,001,924 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:40 | 000,004,106 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 19:12:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/27 15:13:24 | 603,815,936 | ---- | M] () -- C:\NBRT.iso
[2012/08/27 15:08:58 | 001,394,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/24 12:20:15 | 000,001,034 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/24 11:59:30 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/24 11:59:30 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/24 11:27:03 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/21 23:18:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 16:14:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 16:14:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/15 14:18:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 14:18:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 00:31:12 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/12 15:35:48 | 000,001,513 | ---- | M] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/10 01:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/09 11:02:11 | 000,023,224 | ---- | M] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:14 | 000,010,162 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:35 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/05 16:26:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 11:22:55 | 000,002,110 | ---- | M] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/04 12:38:00 | 000,006,259 | ---- | M] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 20:12:44 | 000,010,159 | ---- | C] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | C] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | C] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:43:22 | 001,372,672 | ---- | C] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/29 20:14:59 | 000,000,318 | ---- | C] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | C] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:40 | 000,005,796 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:07 | 000,001,924 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:38 | 000,004,106 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 15:12:53 | 603,815,936 | ---- | C] () -- C:\NBRT.iso
[2012/08/27 15:08:38 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/24 12:20:12 | 000,001,034 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/21 11:25:10 | 001,394,189 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/17 16:14:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012/08/17 16:14:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012/08/17 16:14:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012/08/17 16:14:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012/08/17 16:14:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012/08/17 16:14:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012/08/17 16:14:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012/08/17 16:14:43 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012/08/17 16:14:43 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012/08/17 16:14:43 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012/08/17 16:14:43 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012/08/17 16:14:43 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012/08/17 16:14:30 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symvtcer.dat
[2012/08/17 16:14:30 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012/08/17 16:14:30 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012/08/17 16:14:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/17 13:12:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 13:12:56 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:47 | 000,001,513 | ---- | C] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/09 11:02:07 | 000,023,224 | ---- | C] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:12 | 000,010,162 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:32 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/04 12:38:00 | 000,006,259 | ---- | C] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2012/07/27 15:25:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/06/21 11:35:27 | 000,034,764 | ---- | C] () -- C:\Users\Mic\AppData\Local\dt.dat
[2012/06/07 12:09:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/05/27 12:10:12 | 000,004,608 | ---- | C] () -- C:\Users\Mic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 14:57:26 | 000,011,388 | ---- | C] () -- C:\Users\Mic\gsview64.ini
[2012/05/11 11:58:59 | 000,000,706 | RHS- | C] () -- C:\Users\Mic\ntuser.pol
[2012/05/05 17:06:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/29 00:01:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/24 21:53:19 | 000,008,448 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_audio.Cache
[2012/04/24 21:52:41 | 000,000,288 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_image32.Cache
[2012/03/16 01:33:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 19:47:40 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\E302AF636FDE.ini
[2012/02/15 19:39:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 17:22:31 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/16 23:52:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2011/12/14 20:11:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 22:23:26 | 000,007,666 | ---- | C] () -- C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
[2011/12/08 00:59:34 | 000,001,173 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 00:58:36 | 000,099,384 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\inst.exe
[2011/12/08 00:58:36 | 000,007,859 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.cat
[2011/12/08 00:58:36 | 000,001,167 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.inf
[2011/12/07 22:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Files - Unicode (All) ==========
[2012/03/04 22:08:05 | 000,000,000 | ---D | M](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그
[2012/03/04 22:08:05 | 000,000,000 | ---D | C](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그

< End of report >
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby askey127 » August 31st, 2012, 4:33 pm

Micscience,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3214568&SearchSource=2&q="
    O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
    O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
    
    :Files
    C:\Program Files (x86)\Trend Micr
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
    C:\Users\Mic\AppData\Local\Browser Guard
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

-------------------------------------------------
Run the ESET Online Scanner
Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.
(You can use either Internet Explorer or Mozilla FireFox for this scan.)
You will also need to disable your current installed Anti-Virus this way before you begin.
Easiest way is to right click on Norton Icon in System Tray and select Disable Antivirus Auto-Protect, select a duration and OK.

If no tray Icon, Start Norton, click on Settings > Antivirus > Auto-Protect to OFF > Apply > Set Duration ( 5 hours) > OK

  • Please go HERE to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
    All of the instructions below are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives IS checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • Give permission again if necessary.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard any more than necessary during the scan, otherwise it may stall.
  • When it completes, give it a few minutes to write the logfile, then click on Image
  • Use (My) Computer to navigate to C:\Program Files(x86)\ESET\Eset Online Scanner\log.txt.
  • Double click the log.txt file to open it in Notepad.
  • Copy and paste that log as a reply to this topic.

Don't forget to click the Norton icon in the system tray and turn it back on.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Reocurring Trojan

Unread postby Micscience » September 1st, 2012, 2:45 pm

OTL logfile created on: 9/1/2012 2:39:51 PM - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 52.95% Memory free
8.00 Gb Paging File | 5.85 Gb Available in Paging File | 73.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 25.99 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 17.23 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
PRC - [2012/08/29 08:58:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/06/04 14:58:02 | 003,029,112 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/06/04 14:58:02 | 001,329,272 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\Mic\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/03/14 12:26:48 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/29 08:58:25 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/04 14:59:18 | 000,044,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/06/04 14:59:18 | 000,032,888 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/06/04 14:59:16 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/06/04 14:59:14 | 000,195,704 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/06/04 14:59:14 | 000,057,464 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/06/04 14:59:12 | 000,841,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/06/04 14:59:10 | 000,824,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/06/04 14:59:10 | 000,049,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/06/04 14:59:08 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/06/04 14:59:06 | 000,365,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/06/04 14:59:04 | 000,093,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/06/04 14:59:02 | 000,589,944 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/06/04 14:59:00 | 000,134,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/06/04 14:59:00 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/06/04 14:58:56 | 000,141,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/06/04 14:58:54 | 008,494,712 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/06/04 14:58:54 | 000,628,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/06/04 14:58:50 | 000,586,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/06/04 14:58:48 | 000,150,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/06/04 14:58:48 | 000,086,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/06/04 14:58:40 | 001,009,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/06/04 14:58:40 | 000,173,176 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/06/04 14:58:36 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/06/04 14:58:32 | 001,290,872 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/06/04 14:58:16 | 000,373,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2012/06/04 14:58:14 | 000,178,296 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2012/06/04 14:58:12 | 000,952,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/06/04 14:58:10 | 001,038,456 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/06/04 14:58:08 | 001,254,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/06/04 14:58:08 | 000,271,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/06/04 14:58:06 | 005,827,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/02/01 13:42:32 | 000,083,352 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\mjusbsp\octvqem_apiw.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 08:58:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 14:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/08 00:29:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/07/27 15:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Running] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/08 16:04:24 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/06 18:27:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/27 16:23:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/27 16:23:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/08 00:58:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/17 07:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012/09/01 02:24:09 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120831.032\ex64.sys -- (NAVEX15)
DRV - [2012/09/01 02:24:09 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120831.032\eng64.sys -- (NAVENG)
DRV - [2012/08/30 03:23:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 13:51:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120831.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS -- (SABKUTIL)
DRV - [2005/09/21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys -- (SABDIFSV)
DRV - [2005/03/21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{CF777CF1-B1C7-4761-ADEB-1B21506E0D29}: "URL" = http://us.yhs4.search.yahoo.com/yhs/sea ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 14:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/09/01 11:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 08:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 10:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/05 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper [2012/04/29 00:01:01 | 000,000,000 | ---D | M]

[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions
[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions
[2012/07/28 12:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/20 23:24:45 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@djzig.com
[2012/02/03 23:15:15 | 000,000,000 | ---D | M] (wxDfast extension) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@wxdownloadmanager.com
[2012/04/29 00:01:01 | 000,000,000 | ---D | M] (Search Results Optimizator) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper
[2012/07/19 09:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 14:56:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/01 11:47:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/08/17 15:41:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/12/08 18:44:44 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@EPICPLAY.COM
[2012/06/24 12:06:03 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJFGN1CU.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012/08/29 08:58:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 08:58:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 10:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/29 08:58:25 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: wxDfast extension = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgjgdnjolohlloakjnifiglajcmapc\1.0_0\
CHR - Extension: FreeMake = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.15.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\

O1 HOSTS File: ([2012/09/01 11:42:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Super Ad Blocker Toolbar) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll ()
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\x64\3\ekaio2mui.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe (Acresso Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SuperAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (SuperAdBlocker.com)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 11:33:22 | 007,652,327 | ---- | M] () - M:\Automotive Computer Controlled Systems [h33t] [Malestrom].pdf -- [ NTFS ]
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell\AutoRun\command - "" = D:\/files/openindex.exe index.hta
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/01 11:49:33 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\Browser Guard
[2012/08/31 09:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 13:47:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\RK_Quarantine
[2012/08/29 20:15:30 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTemp
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAdBlocker.com
[2012/08/29 08:57:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2012/08/29 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Powerful Malware Tools
[2012/08/28 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\backups
[2012/08/28 00:35:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Security Justice League
[2012/08/27 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/08/27 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/08/27 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 19:45:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/22 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\NPE
[2012/08/17 16:14:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012/08/17 16:14:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012/08/17 16:14:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012/08/17 16:14:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012/08/17 16:14:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012/08/17 16:14:43 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012/08/17 16:14:43 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012/08/17 16:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012/08/17 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/17 13:12:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/08/17 13:12:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/17 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/08/12 11:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/08/12 11:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/08/11 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\Mic\Documents\VirtualDJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/08/07 21:55:37 | 000,000,000 | ---D | C] -- C:\ALLDATA
[2012/08/07 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\FLEXnet
[2012/08/07 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ALLDATA Shared
[2012/08/07 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
[2012/08/07 20:38:33 | 000,000,000 | ---D | C] -- C:\ALLDATAW
[2012/08/03 11:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/12/08 00:58:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mic\AppData\Roaming\pcouffin.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/01 14:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000UA.job
[2012/09/01 14:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/01 14:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/01 14:14:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/01 11:58:37 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 11:58:37 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 11:51:09 | 000,000,983 | ---- | M] () -- C:\Users\Mic\Desktop\magicJack.lnk
[2012/09/01 11:46:06 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/09/01 11:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 11:45:25 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 11:42:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/31 21:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000Core.job
[2012/08/30 22:11:49 | 000,001,173 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2012/08/30 20:12:44 | 000,010,159 | ---- | M] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | M] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | M] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:43:23 | 001,372,672 | ---- | M] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/30 13:04:24 | 000,461,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/29 20:14:59 | 000,000,318 | ---- | M] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | M] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:42 | 000,005,796 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:09 | 000,001,924 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:40 | 000,004,106 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 19:12:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/27 15:13:24 | 603,815,936 | ---- | M] () -- C:\NBRT.iso
[2012/08/27 15:08:58 | 001,394,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/24 12:20:15 | 000,001,034 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/24 11:59:30 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/21 23:18:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 16:14:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 16:14:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:48 | 000,001,513 | ---- | M] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/10 01:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/09 11:02:11 | 000,023,224 | ---- | M] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:14 | 000,010,162 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:35 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/05 16:26:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 11:22:55 | 000,002,110 | ---- | M] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/04 12:38:00 | 000,006,259 | ---- | M] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/30 20:12:44 | 000,010,159 | ---- | C] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | C] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | C] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:43:22 | 001,372,672 | ---- | C] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/29 20:14:59 | 000,000,318 | ---- | C] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | C] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:40 | 000,005,796 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:07 | 000,001,924 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:38 | 000,004,106 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 15:12:53 | 603,815,936 | ---- | C] () -- C:\NBRT.iso
[2012/08/27 15:08:38 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/24 12:20:12 | 000,001,034 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/21 11:25:10 | 001,394,189 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/17 16:14:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012/08/17 16:14:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012/08/17 16:14:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012/08/17 16:14:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012/08/17 16:14:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012/08/17 16:14:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012/08/17 16:14:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012/08/17 16:14:43 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012/08/17 16:14:43 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012/08/17 16:14:43 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012/08/17 16:14:43 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012/08/17 16:14:43 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012/08/17 16:14:30 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symvtcer.dat
[2012/08/17 16:14:30 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012/08/17 16:14:30 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012/08/17 16:14:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/17 13:12:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 13:12:56 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:47 | 000,001,513 | ---- | C] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/09 11:02:07 | 000,023,224 | ---- | C] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:12 | 000,010,162 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:32 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/04 12:38:00 | 000,006,259 | ---- | C] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2012/07/27 15:25:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/06/21 11:35:27 | 000,034,764 | ---- | C] () -- C:\Users\Mic\AppData\Local\dt.dat
[2012/06/07 12:09:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/05/27 12:10:12 | 000,004,608 | ---- | C] () -- C:\Users\Mic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 14:57:26 | 000,011,388 | ---- | C] () -- C:\Users\Mic\gsview64.ini
[2012/05/11 11:58:59 | 000,000,706 | RHS- | C] () -- C:\Users\Mic\ntuser.pol
[2012/05/05 17:06:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/29 00:01:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/24 21:53:19 | 000,008,448 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_audio.Cache
[2012/04/24 21:52:41 | 000,000,288 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_image32.Cache
[2012/03/16 01:33:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 19:47:40 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\E302AF636FDE.ini
[2012/02/15 19:39:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 17:22:31 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/16 23:52:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2011/12/14 20:11:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 22:23:26 | 000,007,666 | ---- | C] () -- C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
[2011/12/08 00:59:34 | 000,001,173 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 00:58:36 | 000,099,384 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\inst.exe
[2011/12/08 00:58:36 | 000,007,859 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.cat
[2011/12/08 00:58:36 | 000,001,167 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.inf
[2011/12/07 22:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/07/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\2K Sports
[2012/07/21 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AnvSoft
[2011/12/23 10:41:50 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Any Video Converter Professional
[2012/04/28 23:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Apowersoft
[2011/12/08 08:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AVG2012
[2012/02/01 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\BigHugeEngine
[2011/12/18 23:47:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Canneverbe Limited
[2012/01/20 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\CoreClient
[2012/08/23 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 10:36:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Pro
[2012/07/22 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Digiarty
[2012/09/01 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Dropbox
[2012/04/28 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DVDVideoSoft
[2011/12/09 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Electronic Arts
[2012/03/07 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\FK_Monitor
[2012/04/25 00:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Free Audio Editor
[2012/02/15 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\iolo
[2012/04/28 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\ManyCam
[2012/09/01 11:51:14 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\mjusbsp
[2012/05/02 12:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotionDSP
[2012/07/27 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotioninJoy
[2012/05/20 13:14:31 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\OpenOffice.org
[2012/02/24 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\PandoraRecovery
[2012/02/26 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QFX Software
[2012/08/27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/05/16 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Songbird2
[2011/12/24 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Sony
[2012/04/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SourceTec
[2012/03/04 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SplitMediaLabs
[2012/08/29 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2011/12/11 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Temp
[2011/12/08 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Thunderbird
[2011/12/08 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Tomato
[2012/05/09 10:47:02 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\TuneUpMedia
[2011/12/23 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Ulead Systems
[2011/12/25 11:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Visan
[2012/08/30 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Vso
[2012/04/30 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Xilisoft
[2012/04/28 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\xVideoServiceThief
[2012/04/28 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Youtube Downloader HD
[2012/09/01 11:46:06 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/06/19 10:39:30 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/04 22:08:05 | 000,000,000 | ---D | M](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그
[2012/03/04 22:08:05 | 000,000,000 | ---D | C](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그

< End of report >
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby Micscience » September 1st, 2012, 5:30 pm

ESET Log:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9b3c0f5263574e459c654af21c3dcc90
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-01 08:26:32
# local_time=2012-09-01 04:26:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 67 331981 14311010 0 0
# compatibility_mode=5893 16776574 100 94 380376 98069144 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=232327
# found=2
# cleaned=2
# scan_time=5519
C:\Users\Mic\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08312012_092840\C_Users\Mic\AppData\Roaming\OpenCandy\89B6C34C2C404C5EBFD15555E5DF0095\TuneUp_OpenCandy_PC_2.4.4.3_CMPID_319.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby askey127 » September 2nd, 2012, 7:37 am

Micscience,
In general, your system looks clean.
Both of your hard drives do appear to have very little free space left.
Windows really wants 15% of the drive free, or it will begin to slow down.
You need to pay attention to this, and offload some extra photos or videos, or other seldom used files.
(Computer > C: drive > Right click and choose Properties to see free space)
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_05)
    [2012/04/29 00:01:01 | 000,000,000 | ---D | M] (Search Results Optimizator) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Reocurring Trojan

Unread postby Micscience » September 2nd, 2012, 1:51 pm

Thank You sir , So far my Puter runs good with windows explorer the only thing that seems off I would say is firefox, but I think that may have happened due to me using Advanced System Care Firefox Optimizer. Also I started deleting files to give my hard drive some breathing room thanks for the tip much appreciated here is my log.


OTL logfile created on: 9/2/2012 1:24:39 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.77% Memory free
8.00 Gb Paging File | 5.51 Gb Available in Paging File | 68.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 48.13 Gb Free Space | 20.68% Space Free | Partition Type: NTFS
Drive E: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 17.59 Mb Total Space | 17.23 Mb Free Space | 97.91% Space Free | Partition Type: FAT
Drive M: | 298.09 Gb Total Space | 17.23 Gb Free Space | 5.78% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
PRC - [2012/08/29 08:58:25 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/06/04 14:58:02 | 003,029,112 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/06/04 14:58:02 | 001,329,272 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/03/14 12:26:48 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007/08/01 09:28:42 | 001,564,672 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
PRC - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/08/29 08:58:25 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/06/04 14:59:18 | 000,044,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/06/04 14:59:18 | 000,032,888 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/06/04 14:59:16 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/06/04 14:59:14 | 000,195,704 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/06/04 14:59:14 | 000,057,464 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/06/04 14:59:12 | 000,841,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/06/04 14:59:10 | 000,824,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/06/04 14:59:10 | 000,049,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/06/04 14:59:08 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/06/04 14:59:06 | 000,365,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/06/04 14:59:04 | 000,093,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/06/04 14:59:02 | 000,589,944 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/06/04 14:59:00 | 000,134,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/06/04 14:59:00 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/06/04 14:58:56 | 000,141,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/06/04 14:58:54 | 008,494,712 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/06/04 14:58:54 | 000,628,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/06/04 14:58:50 | 000,586,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/06/04 14:58:48 | 000,150,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/06/04 14:58:48 | 000,086,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/06/04 14:58:40 | 001,009,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/06/04 14:58:40 | 000,173,176 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/06/04 14:58:36 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/06/04 14:58:32 | 001,290,872 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/06/04 14:58:16 | 000,373,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2012/06/04 14:58:14 | 000,178,296 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2012/06/04 14:58:12 | 000,952,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/06/04 14:58:10 | 001,038,456 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/06/04 14:58:08 | 001,254,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/06/04 14:58:08 | 000,271,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/06/04 14:58:06 | 005,827,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/11/07 12:58:44 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabmsghk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 08:58:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 14:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/08 00:29:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/07/27 15:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2011/04/06 08:38:58 | 000,180,224 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\KAward64\aklservice64.exe -- (SKLService64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Running] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/08 16:04:24 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/06 18:27:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/27 16:23:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/27 16:23:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/08 00:58:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/17 07:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012/09/01 21:33:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120901.008\ex64.sys -- (NAVEX15)
DRV - [2012/09/01 21:33:00 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120901.008\eng64.sys -- (NAVENG)
DRV - [2012/08/30 03:23:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 13:51:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120831.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS -- (SABKUTIL)
DRV - [2005/09/21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys -- (SABDIFSV)
DRV - [2005/03/21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {CF777CF1-B1C7-4761-ADEB-1B21506E0D29}
IE - HKCU\..\SearchScopes\{CF777CF1-B1C7-4761-ADEB-1B21506E0D29}: "URL" = http://us.yhs4.search.yahoo.com/yhs/sea ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 14:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/09/02 11:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 08:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 10:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/05 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper

[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions
[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions
[2012/07/28 12:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/20 23:24:45 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@djzig.com
[2012/02/03 23:15:15 | 000,000,000 | ---D | M] (wxDfast extension) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@wxdownloadmanager.com
[2012/07/19 09:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 14:56:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/02 11:41:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/08/17 15:41:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/12/08 18:44:44 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@EPICPLAY.COM
[2012/06/24 12:06:03 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJFGN1CU.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012/08/29 08:58:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 08:58:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 10:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/29 08:58:25 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: wxDfast extension = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgjgdnjolohlloakjnifiglajcmapc\1.0_0\
CHR - Extension: FreeMake = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.15.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\

O1 HOSTS File: ([2012/09/01 11:42:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Super Ad Blocker Toolbar) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll ()
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\x64\3\ekaio2mui.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe (Acresso Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SuperAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (SuperAdBlocker.com)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 09:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 000,016,158 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 000,000,308 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 09:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - E:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - F:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2012/03/29 11:33:22 | 007,652,327 | ---- | M] () - M:\Automotive Computer Controlled Systems [h33t] [Malestrom].pdf -- [ NTFS ]
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell\AutoRun\command - "" = D:\/files/openindex.exe index.hta
O33 - MountPoints2\{7dcff216-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/07/21 09:20:07 | 000,027,992 | R--- | M] (magicJack L.P.)
O33 - MountPoints2\{7dcff216-2147-11e1-a87a-002522c98db6}\Shell\phone\command - "" = E:\autorun.exe -- [2008/07/21 09:20:07 | 000,027,992 | R--- | M] (magicJack L.P.)
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 11:56:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\AKLogData64
[2012/09/02 11:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Award Keylogger x64 Edition
[2012/09/02 11:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KAward64
[2012/09/02 11:54:15 | 001,736,704 | ---- | C] (Award Software, Inc) -- C:\Users\Mic\Desktop\klsetup.exe
[2012/09/01 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\uTorrent
[2012/09/01 14:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/01 14:50:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mic\Desktop\esetsmartinstaller_enu.exe
[2012/09/01 11:49:33 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\Browser Guard
[2012/08/31 09:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 13:47:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\RK_Quarantine
[2012/08/29 20:15:30 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTemp
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAdBlocker.com
[2012/08/29 08:57:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2012/08/29 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Powerful Malware Tools
[2012/08/28 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\backups
[2012/08/28 00:35:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Security Justice League
[2012/08/27 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/08/27 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/08/27 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 19:45:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/22 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\NPE
[2012/08/17 16:14:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012/08/17 16:14:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012/08/17 16:14:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012/08/17 16:14:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012/08/17 16:14:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012/08/17 16:14:43 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012/08/17 16:14:43 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012/08/17 16:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012/08/17 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/17 13:12:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/08/17 13:12:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/17 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/08/12 11:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/08/12 11:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/08/11 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\Mic\Documents\VirtualDJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/08/07 21:55:37 | 000,000,000 | ---D | C] -- C:\ALLDATA
[2012/08/07 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\FLEXnet
[2012/08/07 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ALLDATA Shared
[2012/08/07 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
[2012/08/07 20:38:33 | 000,000,000 | ---D | C] -- C:\ALLDATAW
[2011/12/08 00:58:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mic\AppData\Roaming\pcouffin.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/02 13:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/02 13:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 12:32:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000UA.job
[2012/09/02 12:10:00 | 000,000,983 | ---- | M] () -- C:\Users\Mic\Desktop\magicJack.lnk
[2012/09/02 11:56:30 | 000,000,046 | ---- | M] () -- C:\Windows\SysNative\4E37A837910D.ini
[2012/09/02 11:56:25 | 000,000,919 | ---- | M] () -- C:\Users\Mic\Desktop\Award Keylogger x64 Edition.lnk
[2012/09/02 11:53:08 | 001,044,103 | ---- | M] () -- C:\Users\Mic\Desktop\klsetup.zip
[2012/09/02 11:50:48 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 11:50:48 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/02 11:40:55 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/02 11:40:01 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/09/02 11:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/02 11:39:22 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/02 11:22:29 | 002,277,522 | ---- | M] () -- C:\Users\Mic\Desktop\DSCF2118.jpg
[2012/09/02 11:21:52 | 000,020,929 | ---- | M] () -- C:\Users\Mic\Desktop\Painted-Concrete-Floor-Designs-687.jpg
[2012/09/02 11:21:35 | 000,009,356 | ---- | M] () -- C:\Users\Mic\Desktop\concrete floor painted 1.jpg
[2012/09/02 11:21:03 | 000,032,902 | ---- | M] () -- C:\Users\Mic\Desktop\5-af.jpg
[2012/09/02 11:20:07 | 000,225,788 | ---- | M] () -- C:\Users\Mic\Desktop\painted-concrete-floor.jpg
[2012/09/02 11:19:38 | 000,048,618 | ---- | M] () -- C:\Users\Mic\Desktop\concrete-flooring.jpg
[2012/09/01 21:39:09 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000Core.job
[2012/09/01 14:50:44 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mic\Desktop\esetsmartinstaller_enu.exe
[2012/09/01 11:42:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/30 22:11:49 | 000,001,173 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2012/08/30 20:12:44 | 000,010,159 | ---- | M] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | M] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | M] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:43:23 | 001,372,672 | ---- | M] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/30 13:04:24 | 000,461,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/29 20:14:59 | 000,000,318 | ---- | M] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | M] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:42 | 000,005,796 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:09 | 000,001,924 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:40 | 000,004,106 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 19:12:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/27 15:13:24 | 603,815,936 | ---- | M] () -- C:\NBRT.iso
[2012/08/27 15:08:58 | 001,394,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/24 12:20:15 | 000,001,034 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/24 11:59:30 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/21 23:18:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 16:14:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 16:14:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:48 | 000,001,513 | ---- | M] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/10 01:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/09 11:02:11 | 000,023,224 | ---- | M] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:14 | 000,010,162 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:35 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/05 16:26:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 11:22:55 | 000,002,110 | ---- | M] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/04 12:38:00 | 000,006,259 | ---- | M] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 11:56:30 | 000,000,046 | ---- | C] () -- C:\Windows\SysNative\4E37A837910D.ini
[2012/09/02 11:56:25 | 000,000,919 | ---- | C] () -- C:\Users\Mic\Desktop\Award Keylogger x64 Edition.lnk
[2012/09/02 11:53:07 | 001,044,103 | ---- | C] () -- C:\Users\Mic\Desktop\klsetup.zip
[2012/09/02 11:22:28 | 002,277,522 | ---- | C] () -- C:\Users\Mic\Desktop\DSCF2118.jpg
[2012/09/02 11:21:52 | 000,020,929 | ---- | C] () -- C:\Users\Mic\Desktop\Painted-Concrete-Floor-Designs-687.jpg
[2012/09/02 11:21:35 | 000,009,356 | ---- | C] () -- C:\Users\Mic\Desktop\concrete floor painted 1.jpg
[2012/09/02 11:21:02 | 000,032,902 | ---- | C] () -- C:\Users\Mic\Desktop\5-af.jpg
[2012/09/02 11:20:07 | 000,225,788 | ---- | C] () -- C:\Users\Mic\Desktop\painted-concrete-floor.jpg
[2012/09/02 11:19:37 | 000,048,618 | ---- | C] () -- C:\Users\Mic\Desktop\concrete-flooring.jpg
[2012/08/30 20:12:44 | 000,010,159 | ---- | C] () -- C:\Users\Mic\Desktop\images.jpg
[2012/08/30 20:12:28 | 000,263,484 | ---- | C] () -- C:\Users\Mic\Desktop\prometheus-movie-wallpaper-10.jpg
[2012/08/30 20:11:02 | 000,532,448 | ---- | C] () -- C:\Users\Mic\Desktop\movies-prometheus_00278679.png
[2012/08/30 14:39:23 | 000,001,235 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:43:22 | 001,372,672 | ---- | C] () -- C:\Users\Mic\Desktop\RogueKiller.exe
[2012/08/29 20:14:59 | 000,000,318 | ---- | C] () -- C:\Users\Mic\Desktop\SUPERFileRecover - Free Trial.lnk
[2012/08/29 20:14:58 | 000,003,009 | ---- | C] () -- C:\Users\Mic\Desktop\Super Ad Blocker.lnk
[2012/08/29 20:02:40 | 000,005,796 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/29 08:57:18 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/08/28 01:36:07 | 000,001,924 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:38 | 000,004,106 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 15:12:53 | 603,815,936 | ---- | C] () -- C:\NBRT.iso
[2012/08/27 15:08:38 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/24 12:20:12 | 000,001,034 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/21 11:25:10 | 001,394,189 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/17 16:14:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012/08/17 16:14:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012/08/17 16:14:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012/08/17 16:14:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012/08/17 16:14:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012/08/17 16:14:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012/08/17 16:14:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012/08/17 16:14:43 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012/08/17 16:14:43 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012/08/17 16:14:43 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012/08/17 16:14:43 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012/08/17 16:14:43 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012/08/17 16:14:30 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symvtcer.dat
[2012/08/17 16:14:30 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012/08/17 16:14:30 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012/08/17 16:14:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/17 13:12:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 13:12:56 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/12 15:35:47 | 000,001,513 | ---- | C] () -- C:\Users\Mic\Desktop\DTLite - Shortcut.lnk
[2012/08/09 11:02:07 | 000,023,224 | ---- | C] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:12 | 000,010,162 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:32 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/08/04 12:38:00 | 000,006,259 | ---- | C] () -- C:\Users\Mic\Desktop\80's playlist.m3u
[2012/07/27 15:25:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/06/21 11:35:27 | 000,034,764 | ---- | C] () -- C:\Users\Mic\AppData\Local\dt.dat
[2012/06/07 12:09:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/05/27 12:10:12 | 000,004,608 | ---- | C] () -- C:\Users\Mic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 14:57:26 | 000,011,388 | ---- | C] () -- C:\Users\Mic\gsview64.ini
[2012/05/11 11:58:59 | 000,000,706 | RHS- | C] () -- C:\Users\Mic\ntuser.pol
[2012/05/05 17:06:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/29 00:01:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/24 21:53:19 | 000,008,448 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_audio.Cache
[2012/04/24 21:52:41 | 000,000,288 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_image32.Cache
[2012/03/16 01:33:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 19:47:40 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\E302AF636FDE.ini
[2012/02/15 19:39:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 17:22:31 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/16 23:52:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2011/12/14 20:11:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 22:23:26 | 000,007,666 | ---- | C] () -- C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
[2011/12/08 00:59:34 | 000,001,173 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 00:58:36 | 000,099,384 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\inst.exe
[2011/12/08 00:58:36 | 000,007,859 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.cat
[2011/12/08 00:58:36 | 000,001,167 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.inf
[2011/12/07 22:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/07/27 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\2K Sports
[2012/07/21 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AnvSoft
[2011/12/23 10:41:50 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Any Video Converter Professional
[2012/04/28 23:47:38 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Apowersoft
[2011/12/08 08:33:09 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\AVG2012
[2012/02/01 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\BigHugeEngine
[2011/12/18 23:47:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Canneverbe Limited
[2012/01/20 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\CoreClient
[2012/08/23 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Lite
[2012/02/12 10:36:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DAEMON Tools Pro
[2012/07/22 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Digiarty
[2012/09/02 11:44:25 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Dropbox
[2012/04/28 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\DVDVideoSoft
[2011/12/09 15:26:35 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Electronic Arts
[2012/03/07 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\FK_Monitor
[2012/04/25 00:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Free Audio Editor
[2012/02/15 19:39:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\iolo
[2012/04/28 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\ManyCam
[2012/09/02 12:10:02 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\mjusbsp
[2012/05/02 12:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotionDSP
[2012/07/27 15:49:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\MotioninJoy
[2012/05/20 13:14:31 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\OpenOffice.org
[2012/02/24 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\PandoraRecovery
[2012/02/26 16:34:41 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QFX Software
[2012/08/27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/05/16 17:48:39 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Songbird2
[2011/12/24 14:12:37 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Sony
[2012/04/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SourceTec
[2012/03/04 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SplitMediaLabs
[2012/08/29 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2011/12/11 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Temp
[2011/12/08 21:58:43 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Thunderbird
[2011/12/08 13:20:32 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Tomato
[2012/05/09 10:47:02 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\TuneUpMedia
[2011/12/23 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Ulead Systems
[2012/09/02 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\uTorrent
[2011/12/25 11:41:53 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Visan
[2012/08/30 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Vso
[2012/04/30 20:57:57 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Xilisoft
[2012/04/28 23:22:42 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\xVideoServiceThief
[2012/04/28 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Mic\AppData\Roaming\Youtube Downloader HD
[2012/09/02 11:40:01 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/06/19 10:39:30 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/04 22:08:05 | 000,000,000 | ---D | M](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그
[2012/03/04 22:08:05 | 000,000,000 | ---D | C](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그

< End of report >
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby askey127 » September 3rd, 2012, 8:40 am

Micscience,
Let's remove some of the settings in Firefox per the Fix below, to see if that will cure it.
If it doesn't work, you can remove Mozilla Firefox, and re-install it.
You also can start Firefox with all the add-ons disabled to see whether one of them is causing the problem.
Start Fiefox,hit the Alt key to get the top menu and click Help > Start Firefox with Add-ons Disabled
There have been serious issues with IObit programs in the past. Not surprising it could have been a problem.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :OTL
    FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=937811"
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
    
    :Files
    C:\Users\Mic\AppData\Roaming\uTorrent
    C:\Users\Mic\AppData\Roaming\AVG2012
    C:\Users\Mic\AppData\Roaming\uTorrent
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Reocurring Trojan

Unread postby Micscience » September 5th, 2012, 2:59 pm

I tried safe mode with Firefox and the Firefox is still acting funky. Did you reset the settings back to default?

OTL logfile created on: 9/5/2012 12:38:03 PM - Run 5
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Mic\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.21% Memory free
8.00 Gb Paging File | 5.83 Gb Available in Paging File | 72.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 35.89 Gb Free Space | 15.42% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 42.86 Gb Free Space | 14.38% Space Free | Partition Type: NTFS

Computer Name: MIC-PC | User Name: Mic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/28 05:05:00 | 002,160,024 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/06/13 22:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/06/04 14:58:02 | 003,029,112 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/06/04 14:58:02 | 001,329,272 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/04/20 15:26:00 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\KAward64\kl.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\Mic\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/03/14 12:26:48 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007/08/01 09:28:42 | 001,564,672 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
PRC - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/09/05 12:21:53 | 000,033,792 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\YTMP7MC8AA\TAABCC5.tmp
MOD - [2012/09/05 12:21:44 | 000,086,016 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM98A7.tmp
MOD - [2012/09/05 12:21:43 | 000,086,016 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM9808.tmp
MOD - [2012/09/05 12:21:43 | 000,086,016 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM96AF.tmp
MOD - [2012/09/05 12:21:43 | 000,086,016 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM945B.tmp
MOD - [2012/09/05 12:21:42 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM934E.tmp
MOD - [2012/09/05 12:21:42 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM9291.tmp
MOD - [2012/09/05 12:21:42 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM91D3.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM906A.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM9029.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8FF9.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8F4B.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8EEB.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8E6C.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8DFD.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8DAC.tmp
MOD - [2012/09/05 12:21:41 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8BA7.tmp
MOD - [2012/09/05 12:21:40 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8B57.tmp
MOD - [2012/09/05 12:21:40 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8A1C.tmp
MOD - [2012/09/05 12:21:40 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8920.tmp
MOD - [2012/09/05 12:21:39 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM88A1.tmp
MOD - [2012/09/05 12:21:39 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8728.tmp
MOD - [2012/09/05 12:21:39 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM86F7.tmp
MOD - [2012/09/05 12:21:39 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM86B7.tmp
MOD - [2012/09/05 12:21:39 | 000,120,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8637.tmp
MOD - [2012/09/05 12:21:39 | 000,072,704 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM84E9.tmp
MOD - [2012/09/05 12:21:39 | 000,072,192 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM85C7.tmp
MOD - [2012/09/05 12:21:39 | 000,072,192 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8568.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM83D3.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM83B2.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8350.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8310.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM82A0.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM823E.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM821D.tmp
MOD - [2012/09/05 12:21:38 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM81DD.tmp
MOD - [2012/09/05 12:21:38 | 000,072,192 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8489.tmp
MOD - [2012/09/05 12:21:38 | 000,068,608 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM81AC.tmp
MOD - [2012/09/05 12:21:38 | 000,064,000 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8425.tmp
MOD - [2012/09/05 12:21:38 | 000,057,344 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8468.tmp
MOD - [2012/09/05 12:21:38 | 000,056,832 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM826F.tmp
MOD - [2012/09/05 12:21:38 | 000,056,320 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8381.tmp
MOD - [2012/09/05 12:21:38 | 000,053,760 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM8446.tmp
MOD - [2012/09/05 12:21:38 | 000,053,760 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM83F4.tmp
MOD - [2012/09/05 12:21:37 | 000,075,776 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM7D9F.tmp
MOD - [2012/09/05 12:21:37 | 000,056,320 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM7DFE.tmp
MOD - [2012/09/05 12:21:37 | 000,055,296 | ---- | M] () -- C:\Users\Mic\AppData\Local\Temp\XTMP1MC3VE\DEM7F68.tmp
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/06/28 05:05:02 | 000,124,312 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\CrashRpt.dll
MOD - [2012/06/04 14:59:18 | 000,044,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/06/04 14:59:18 | 000,032,888 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/06/04 14:59:16 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/06/04 14:59:14 | 000,195,704 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/06/04 14:59:14 | 000,057,464 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/06/04 14:59:12 | 000,841,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/06/04 14:59:10 | 000,824,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/06/04 14:59:10 | 000,049,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/06/04 14:59:08 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/06/04 14:59:06 | 000,365,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/06/04 14:59:04 | 000,093,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/06/04 14:59:02 | 000,589,944 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/06/04 14:59:00 | 000,134,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/06/04 14:59:00 | 000,017,016 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/06/04 14:58:56 | 000,141,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/06/04 14:58:54 | 008,494,712 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/06/04 14:58:54 | 000,628,856 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/06/04 14:58:50 | 000,586,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/06/04 14:58:48 | 000,150,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/06/04 14:58:48 | 000,086,648 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/06/04 14:58:40 | 001,009,784 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/06/04 14:58:40 | 000,173,176 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/06/04 14:58:36 | 000,063,096 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/06/04 14:58:32 | 001,290,872 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/06/04 14:58:16 | 000,373,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
MOD - [2012/06/04 14:58:14 | 000,178,296 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
MOD - [2012/06/04 14:58:12 | 000,952,440 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/06/04 14:58:10 | 001,038,456 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/06/04 14:58:08 | 001,254,560 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/06/04 14:58:08 | 000,271,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/06/04 14:58:06 | 005,827,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/06/04 14:58:04 | 000,033,400 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/04/20 10:37:00 | 002,793,472 | ---- | M] () -- C:\Program Files (x86)\KAward64\kl.dll
MOD - [2012/02/01 13:42:32 | 000,083,352 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\mjusbsp\octvqem_apiw.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/04 22:38:12 | 000,241,152 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2010/12/04 22:38:06 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
MOD - [2010/12/04 22:38:06 | 000,201,216 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll
MOD - [2010/12/04 22:38:04 | 001,242,112 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2010/12/04 22:38:02 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2006/11/07 12:58:44 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabmsghk.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/03 14:49:44 | 002,627,920 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 08:58:25 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 14:18:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 12:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/12/08 00:29:51 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2011/07/27 15:58:30 | 005,023,744 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcamXP 5\wService.exe -- (wxpSvc)
SRV - [2011/04/06 08:38:58 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\KAward64\aklservice64.exe -- (SKLService64)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/08/31 14:26:34 | 000,065,536 | ---- | M] (SuperAdBlocker.com) [Auto | Running] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- (SABSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/08 16:04:24 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/05/06 18:27:30 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/27 16:23:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/27 16:23:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/08 00:58:36 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/02/14 02:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/17 07:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2012/09/05 04:42:23 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120904.032\ex64.sys -- (NAVEX15)
DRV - [2012/09/05 04:42:23 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120904.032\eng64.sys -- (NAVENG)
DRV - [2012/08/31 20:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120901.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/30 03:23:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 13:51:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/01/19 07:21:46 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/20 16:02:54 | 000,032,256 | R--- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS -- (SABKUTIL)
DRV - [2005/09/21 11:17:26 | 000,005,632 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys -- (SABDIFSV)
DRV - [2005/03/21 11:00:24 | 000,004,096 | R--- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {CF777CF1-B1C7-4761-ADEB-1B21506E0D29}
IE - HKCU\..\SearchScopes\{CF777CF1-B1C7-4761-ADEB-1B21506E0D29}: "URL" = http://us.yhs4.search.yahoo.com/yhs/sea ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "FreeMake Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mic\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/14 14:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/08/17 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/09/05 12:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 08:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 10:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/05 11:22:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\search@helper: C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\SearchHelper

[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions
[2012/05/16 17:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions
[2012/07/28 12:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/27 17:07:35 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/06/20 23:24:45 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@djzig.com
[2012/02/03 23:15:15 | 000,000,000 | ---D | M] (wxDfast extension) -- C:\Users\Mic\AppData\Roaming\Mozilla\Firefox\Profiles\kjfgn1cu.default\extensions\info@wxdownloadmanager.com
[2012/07/19 09:29:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 14:56:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/05 12:17:15 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/08/17 15:41:01 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011/12/08 18:44:44 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@EPICPLAY.COM
[2012/06/24 12:06:03 | 000,456,182 | ---- | M] () (No name found) -- C:\USERS\MIC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KJFGN1CU.DEFAULT\EXTENSIONS\STEFANVANDAMME@STEFANVD.NET.XPI
[2012/08/29 08:58:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 08:58:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 10:42:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/29 08:58:25 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Mic\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - Extension: wxDfast extension = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcgjgdnjolohlloakjnifiglajcmapc\1.0_0\
CHR - Extension: FreeMake = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.15.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: DVDVideoSoftTB = C:\Users\Mic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.15.10_0\

O1 HOSTS File: ([2012/09/01 11:42:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SuperAdBlockerBHO Class) - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll (SuperAdBlocker.com)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Super Ad Blocker Toolbar) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll ()
O4:64bit: - HKLM..\Run: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\x64\3\ekaio2mui.exe File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe (VIA)
O4 - HKLM..\Run: [ISUSPM] c:\programdata\flexnet\connect\11\isuspm.exe (Acresso Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axautomntsrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Mic\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SuperAdBlocker] C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe (SuperAdBlocker.com)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mic\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325908C8-D558-4235-BDBD-6BB2E9F10279}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SABWinLogon: DllName - (C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL) - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL (SuperAdBlocker.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} - C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/29 11:33:22 | 007,652,327 | ---- | M] () - M:\Automotive Computer Controlled Systems [h33t] [Malestrom].pdf -- [ NTFS ]
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdd6721-05a8-11df-9b54-806e6f6e6963}\Shell\AutoRun\command - "" = D:\/files/openindex.exe index.hta
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell - "" = AutoRun
O33 - MountPoints2\{7dcff280-2147-11e1-a87a-002522c98db6}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/04 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\uTorrent
[2012/09/03 14:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2012/09/03 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\ManyCam
[2012/09/03 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
[2012/09/02 11:56:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\AKLogData64
[2012/09/02 11:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Award Keylogger x64 Edition
[2012/09/02 11:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KAward64
[2012/09/01 14:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/01 11:49:33 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\Browser Guard
[2012/08/31 09:28:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 13:47:10 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/29 20:15:30 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTemp
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperAdBlocker.com
[2012/08/29 20:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAdBlocker.com
[2012/08/29 08:57:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/29 08:50:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2012/08/29 08:49:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Powerful Malware Tools
[2012/08/28 00:49:20 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\backups
[2012/08/28 00:35:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 00:21:21 | 000,000,000 | ---D | C] -- C:\Users\Mic\Desktop\Security Justice League
[2012/08/27 21:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/08/27 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/08/27 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 19:45:29 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 19:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/27 17:07:41 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\QuickScan
[2012/08/27 15:08:54 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/27 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/27 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/24 11:27:17 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:10 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/22 09:51:18 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Local\NPE
[2012/08/17 16:14:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012/08/17 16:14:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012/08/17 16:14:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012/08/17 16:14:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012/08/17 16:14:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012/08/17 16:14:43 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012/08/17 16:14:43 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012/08/17 16:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012/08/17 13:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/17 13:12:56 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/17 13:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/17 13:12:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012/08/17 13:12:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/08/17 13:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012/08/17 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/15 00:31:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMall
[2012/08/12 11:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/08/12 11:09:38 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/08/11 13:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Users\Mic\Documents\VirtualDJ
[2012/08/11 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2012/08/07 21:55:37 | 000,000,000 | ---D | C] -- C:\ALLDATA
[2012/08/07 20:39:38 | 000,000,000 | ---D | C] -- C:\Users\Mic\AppData\Roaming\FLEXnet
[2012/08/07 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ALLDATA Shared
[2012/08/07 20:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
[2012/08/07 20:38:33 | 000,000,000 | ---D | C] -- C:\ALLDATAW
[2011/12/08 00:58:36 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Mic\AppData\Roaming\pcouffin.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/05 12:32:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000UA.job
[2012/09/05 12:27:29 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 12:27:29 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 12:25:27 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2012/09/05 12:22:00 | 000,000,983 | ---- | M] () -- C:\Users\Mic\Desktop\magicJack.lnk
[2012/09/05 12:20:07 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/05 12:19:40 | 000,000,046 | ---- | M] () -- C:\Windows\SysNative\4E37A837910D.ini
[2012/09/05 12:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/05 12:16:11 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/09/05 12:15:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 12:15:28 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 11:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/04 21:32:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902281652-3159124223-882470899-1000Core.job
[2012/09/04 00:17:19 | 000,780,164 | ---- | M] () -- C:\Users\Mic\Desktop\Fall12Brochure.pdf
[2012/09/03 22:56:49 | 000,001,173 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2012/09/03 14:50:56 | 000,001,101 | ---- | M] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2012/09/01 11:42:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/30 14:39:23 | 000,001,235 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/30 13:47:10 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Mic\Desktop\OTL.exe
[2012/08/30 13:04:24 | 000,461,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/29 20:02:42 | 000,005,796 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | M] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/28 01:36:09 | 000,001,924 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:40 | 000,004,106 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 19:12:39 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/08/27 15:13:24 | 603,815,936 | ---- | M] () -- C:\NBRT.iso
[2012/08/27 15:08:58 | 001,394,189 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/24 12:20:15 | 000,001,034 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/24 11:59:30 | 000,000,864 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/08/24 11:27:03 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/24 11:27:03 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/21 23:18:21 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/17 16:14:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/17 16:14:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 16:14:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/15 14:18:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 14:18:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/15 00:31:12 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 00:31:12 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 00:31:12 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 00:30:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 00:30:52 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 00:30:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 00:30:06 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 00:29:49 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:28:52 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 00:28:52 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 00:28:52 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 00:28:52 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 00:28:52 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 00:28:52 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 00:28:52 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 00:28:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 00:28:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 00:28:52 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 00:28:52 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 00:28:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 00:28:52 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/10 01:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/09 11:02:11 | 000,023,224 | ---- | M] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:14 | 000,010,162 | ---- | M] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:35 | 000,020,152 | ---- | M] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | M] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 07:21:01 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2012/09/04 00:17:19 | 000,780,164 | ---- | C] () -- C:\Users\Mic\Desktop\Fall12Brochure.pdf
[2012/09/03 14:50:56 | 000,001,101 | ---- | C] () -- C:\Users\Mic\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2012/09/02 11:56:30 | 000,000,046 | ---- | C] () -- C:\Windows\SysNative\4E37A837910D.ini
[2012/08/30 14:39:23 | 000,001,235 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/08/29 20:02:40 | 000,005,796 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120829_200238.reg
[2012/08/29 09:03:49 | 000,001,045 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/28 01:36:07 | 000,001,924 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_013605.reg
[2012/08/28 00:45:38 | 000,004,106 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120828_004533.reg
[2012/08/27 15:12:53 | 603,815,936 | ---- | C] () -- C:\NBRT.iso
[2012/08/27 15:08:38 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0501000.01A\isolate.ini
[2012/08/24 12:20:12 | 000,001,034 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120824_121951.reg
[2012/08/21 11:25:10 | 001,394,189 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/17 16:14:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012/08/17 16:14:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012/08/17 16:14:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012/08/17 16:14:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012/08/17 16:14:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012/08/17 16:14:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012/08/17 16:14:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012/08/17 16:14:43 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012/08/17 16:14:43 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012/08/17 16:14:43 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012/08/17 16:14:43 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012/08/17 16:14:43 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012/08/17 16:14:30 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symvtcer.dat
[2012/08/17 16:14:30 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012/08/17 16:14:30 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012/08/17 16:14:30 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/08/17 13:12:56 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/17 13:12:56 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/09 11:02:07 | 000,023,224 | ---- | C] () -- C:\Users\Public\Documents\DiscCopyUtility.exe
[2012/08/09 00:03:12 | 000,010,162 | ---- | C] () -- C:\Users\Mic\Documents\cc_20120809_000259.reg
[2012/08/08 14:30:32 | 000,020,152 | ---- | C] () -- C:\Users\Public\Documents\CatalogSupportUtility.exe
[2012/08/07 22:54:04 | 000,003,811 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA vehicle reference page.rtf
[2012/08/07 22:53:20 | 000,002,888 | ---- | C] () -- C:\Users\Mic\Documents\ALLDATA USAGE GUIDE.rtf
[2012/07/27 15:25:40 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012/06/21 11:35:27 | 000,034,764 | ---- | C] () -- C:\Users\Mic\AppData\Local\dt.dat
[2012/06/07 12:09:19 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/05/27 12:10:12 | 000,004,608 | ---- | C] () -- C:\Users\Mic\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 14:57:26 | 000,011,388 | ---- | C] () -- C:\Users\Mic\gsview64.ini
[2012/05/11 11:58:59 | 000,000,706 | RHS- | C] () -- C:\Users\Mic\ntuser.pol
[2012/05/05 17:06:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/04/29 00:01:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/24 21:53:19 | 000,008,448 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_audio.Cache
[2012/04/24 21:52:41 | 000,000,288 | ---- | C] () -- C:\Users\Mic\AppData\Local\rx_image32.Cache
[2012/03/16 01:33:22 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 19:47:40 | 000,000,047 | ---- | C] () -- C:\Windows\SysWow64\E302AF636FDE.ini
[2012/02/15 19:39:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWOW64mfc45.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/17 17:22:31 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/16 23:52:32 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2011/12/14 20:11:32 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 22:23:26 | 000,007,666 | ---- | C] () -- C:\Users\Mic\AppData\Local\Resmon.ResmonCfg
[2011/12/08 00:59:34 | 000,001,173 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 00:58:36 | 000,099,384 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\inst.exe
[2011/12/08 00:58:36 | 000,007,859 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.cat
[2011/12/08 00:58:36 | 000,001,167 | ---- | C] () -- C:\Users\Mic\AppData\Roaming\pcouffin.inf
[2011/12/07 22:51:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Files - Unicode (All) ==========
[2012/03/04 22:08:05 | 000,000,000 | ---D | M](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그
[2012/03/04 22:08:05 | 000,000,000 | ---D | C](C:\Users\Mic\Documents\?? ???) -- C:\Users\Mic\Documents\넥슨 플러그

< End of report >
Micscience
Active Member
 
Posts: 13
Joined: August 27th, 2012, 4:14 pm

Re: Reocurring Trojan

Unread postby askey127 » September 6th, 2012, 7:10 am

Micscience,
No I did not reset back to default. I did disable the plug-ins for DivX, Java, Perfect World, and Hulu.
(Right now the Java plug-in is a security risk, and probably should remain disabled, even with a fresh copy of Firefox)
Since we have no way of knowing what changes were made by the "Optimizer". I would suggest Uninstalling Mozilla Firefox, and installing a new copy.

You still have an Avast driver running, and it could interfere with other programs.
Download the Avast remover from here and run it.
http://files.avast.com/files/eng/aswclear6.exe

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware