Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows 7 Home Security 2012 Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows 7 Home Security 2012 Malware

Unread postby prfek » June 25th, 2011, 6:32 pm

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Rob at 10:37:19 on 2011-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3832.1659 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Preton\PretonSaver\PretonClientService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dailymail.co.uk/ushome/index.html
uSearch Page =
uSearch Bar = Preserve
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: &Crawler Toolbar Helper: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [cdloader] "C:\Users\Rob\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [VirIT Uninst] cmd.exe /C rmdir /S /Q C:\VEXPLite
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resour ... cctrl2.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2D74C385-1955-48A7-AA22-E7832B650627}\2456C6B696E6F5E4F575962756C6563737F5636373233363 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DAD28796-0FC8-4778-8CE0-7F80A254299A} : DhcpNameServer = 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\ProgramData\iaspolcy32.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: &Crawler Toolbar Helper: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Immunet Protect] "C:\Program Files\Immunet Protect\2.0.17\iptray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [VirIT Uninst] cmd.exe /C rmdir /S /Q C:\VEXPLite
AppInit_DLLs-X64: C:\ProgramData\iaspolcy32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.huffingtonpost.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =380920&p=
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\system32\DRIVERS\ImmunetProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetProtect.sys [?]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys --> C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-4-28 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-4-28 61200]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-6-25 2978720]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-21 353168]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 ImmunetProtect;Immunet Protect;C:\Program Files\Immunet Protect\2.0.17\agent.exe [2011-6-23 272080]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-12-2 218432]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-6-21 36792]
R2 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2011-2-2 91136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-23 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
R3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
R3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 XoftSpyService;XoftSpyService;C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe [2010-9-29 582424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-26 136176]
S3 atillk64;atillk64;C:\Program Files\PC-Doctor for Windows\atillk64.sys [2010-1-19 14608]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-25 13:32:05 -------- d-----w- C:\ProgramData\ParetoLogic
2011-06-25 13:32:03 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2011-06-25 13:31:59 -------- d-----w- C:\Program Files (x86)\Common Files\XoftSpySE
2011-06-25 13:31:58 -------- d-----w- C:\ProgramData\XoftSpySE
2011-06-25 13:19:27 -------- d-----w- C:\Users\Rob\AppData\Local\{C4D7226D-F140-47DA-B171-50D882CC2633}
2011-06-25 13:12:15 -------- d-----w- C:\Program Files (x86)\SpyZooka
2011-06-25 12:01:47 -------- d-----w- C:\rei
2011-06-25 12:01:38 -------- d-----w- C:\Program Files\Reimage
2011-06-25 10:58:26 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2011-06-25 08:27:08 10240 ----a-w- C:\Windows\listcmd.bin
2011-06-25 08:22:30 81144 ----a-w- C:\Windows\SysWow64\drivers\viragtlt.sys
2011-06-25 08:18:51 -------- dc-h--w- C:\ProgramData\~0
2011-06-25 01:19:03 -------- d-----w- C:\Users\Rob\AppData\Local\{EEDDD675-4D88-4BE0-8B85-578671610928}
2011-06-25 00:03:25 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-06-24 23:59:47 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-06-24 23:59:42 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-06-24 23:58:18 -------- d-----w- C:\ProgramData\Hitman Pro
2011-06-24 14:09:27 -------- d-----w- C:\Users\Rob\AppData\Roaming\FixIt
2011-06-24 13:57:47 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-24 13:57:36 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53DB6AA6-5A88-41E7-A03E-3E9EFA4B6041}\mpengine.dll
2011-06-24 13:18:38 -------- d-----w- C:\Users\Rob\AppData\Local\{ACC9A7EA-5FF0-4AD8-8A22-AB88A37B8D51}
2011-06-24 00:49:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-23 21:03:26 -------- d-----w- C:\Users\Rob\AppData\Local\{D5B5A8CD-C56C-42F4-BDC6-A45D5121C0A2}
2011-06-23 15:15:09 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-23 15:15:08 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-23 13:17:39 -------- d-----w- C:\Users\Rob\AppData\Roaming\QuickScan
2011-06-23 11:45:40 -------- d-----w- C:\Users\Rob\AppData\Roaming\IObit
2011-06-23 11:32:48 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{048D1300-CAF1-490E-A8AA-E78E44E5C698}\gapaengine.dll
2011-06-23 11:29:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-06-23 11:29:05 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-23 11:16:28 -------- d-----w- C:\WINSSLog
2011-06-23 10:33:54 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-23 10:33:53 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-23 10:33:53 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-06-23 10:33:52 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-06-23 10:33:52 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-23 10:33:52 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 10:33:52 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-23 10:33:52 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-23 09:49:44 -------- d-----w- C:\Program Files (x86)\Crawler
2011-06-23 09:33:40 -------- d-----w- C:\Users\Rob\AppData\Local\Immunet
2011-06-23 09:33:40 -------- d-----w- C:\ProgramData\Immunet
2011-06-23 02:00:07 -------- d-----w- C:\Users\Rob\AppData\Local\{7CDB9C1F-EFE4-4A21-9E74-DEEC4E473B81}
2011-06-22 12:31:58 -------- d-----w- C:\Users\Rob\AppData\Local\{25E607D3-3AFB-4999-9196-87650F621EDB}
2011-06-21 16:10:29 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2011-06-21 16:10:29 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-06-21 16:10:00 -------- d-----w- C:\Program Files (x86)\IObit
2011-06-21 15:29:31 -------- d-----w- C:\Users\Rob\AppData\Local\{56008EDC-A9D9-4231-A2B7-4BD8B6F5B4FF}
2011-06-21 11:50:38 -------- d-----w- C:\Users\Rob\AppData\Roaming\PC Tools
2011-06-21 11:50:38 -------- d-----w- C:\ProgramData\PC Tools
2011-06-21 11:49:30 -------- d-----w- C:\Users\Rob\AppData\Roaming\GetRightToGo
2011-06-21 11:43:33 388096 ----a-r- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-21 11:43:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-06-21 10:10:20 -------- d-----w- C:\Program Files (x86)\PCPitstop
2011-06-21 08:05:38 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5A9ED11-9184-4399-B9E8-71FC3171E8B8}\mpengine.dll
2011-06-21 04:25:54 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-20 17:56:30 -------- d-----w- C:\Users\Rob\AppData\Local\{34FA15AE-F992-431D-AED0-D3459C24F550}
2011-06-20 05:14:11 -------- d-----w- C:\Users\Rob\AppData\Local\{09ADF9F1-22F7-4D52-B4ED-05B840F1443D}
2011-06-19 12:43:57 -------- d-----w- C:\Users\Rob\AppData\Local\{DF1DA17F-15F6-4E6B-8D3B-8948FD2DE602}
2011-06-18 22:12:02 -------- d-----w- C:\Users\Rob\AppData\Local\{1E72350B-B695-466C-A71C-F5C33F8297BB}
2011-06-18 12:26:21 -------- d-----w- C:\Users\Rob\AppData\Roaming\SuperUtils.com
2011-06-18 12:26:20 -------- d-----w- C:\Program Files (x86)\SuperUtils.com
2011-06-18 05:32:24 -------- d-----w- C:\Users\Rob\AppData\Local\{3B843EB8-82D7-4765-A464-587DFF42B6F4}
2011-06-17 15:46:10 -------- d-----w- C:\Users\Rob\AppData\Local\{8C7565A2-7B25-4C4E-87C1-80FC9D5A6E90}
2011-06-16 23:58:55 -------- d-----w- C:\Users\Rob\AppData\Local\{2DBEDE87-52AA-4C68-A516-E2BF6EFCF724}
2011-06-16 05:10:10 -------- d-----w- C:\Users\Rob\AppData\Local\{A4DE7215-C06E-4922-91FE-FD801FFFF873}
2011-06-15 13:09:27 -------- d-----w- C:\Users\Rob\AppData\Local\{28F1EBBB-186E-4A19-B8B2-E02CCF82AD1E}
2011-06-14 16:25:24 -------- d-----w- C:\Users\Rob\AppData\Local\{79306C2E-4D05-4DA6-B8C8-F775EBD12E01}
2011-06-14 14:36:01 -------- d-----w- C:\ProgramData\ZA_PreservedFiles
2011-06-14 03:55:43 -------- d-----w- C:\Users\Rob\AppData\Local\{617B4F33-A7AF-4FD0-B4FD-1C3CFB893ED2}
2011-06-13 13:54:57 -------- d-----w- C:\Users\Rob\AppData\Local\{4B26F1C6-6878-4FA2-917E-A3A8CF40B684}
2011-06-12 14:30:48 -------- d-----w- C:\Users\Rob\AppData\Local\{3F051E22-ED9E-4CDA-8638-87EEC93E8815}
2011-06-11 15:58:41 -------- d-----w- C:\ProgramData\Drivers For Free
2011-06-11 15:58:17 -------- d-----w- C:\Users\Rob\AppData\Local\Drivers_For_Free
2011-06-11 15:58:08 -------- d-----w- C:\ProgramData\UAB
2011-06-11 15:58:03 -------- d-----w- C:\Users\Rob\AppData\Roaming\Drivers For Free
2011-06-11 15:36:41 -------- d-----w- C:\ProgramData\Uniblue
2011-06-11 13:28:00 -------- d-----w- C:\Users\Rob\AppData\Local\{6B4A4B35-644B-4472-8A16-093D806CD884}
2011-06-10 13:53:46 -------- d-----w- C:\Users\Rob\AppData\Local\{9D0D7E0F-AFCC-4CB0-9F32-91A2999B24FF}
2011-06-09 20:52:09 -------- d-----w- C:\Users\Rob\AppData\Local\{6FA2DBF5-2813-4955-9B32-6E865AF651E0}
2011-06-09 06:47:07 -------- d-----w- C:\Users\Rob\AppData\Local\{29AD2085-FA2A-40E7-A7A5-775DFB30BD05}
2011-06-08 15:32:26 -------- d-----w- C:\Users\Rob\AppData\Local\{A8787725-83D6-40FB-B8D8-5095B6096241}
2011-06-08 00:38:36 -------- d-----w- C:\Users\Rob\AppData\Local\{824784F3-8182-4978-B3C6-F7E212CEB3F9}
2011-06-07 12:17:41 -------- d-----w- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
2011-06-07 12:17:02 4603616 ----a-w- C:\Windows\SysWow64\DevComponents.DotNetBar2.dll
2011-06-07 12:17:02 -------- d-----w- C:\Program Files (x86)\Smarty Uninstaller
2011-06-07 12:12:39 -------- d-----w- C:\Users\Rob\AppData\Local\{4D4DF58B-E5C5-4AC5-914A-C9B8F3A5C7FC}
2011-06-07 00:04:20 -------- d-----w- C:\Users\Rob\AppData\Local\{837C700F-B582-4BB7-B05B-1B2AB52C62FA}
2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-06 11:33:39 -------- d-----w- C:\Users\Rob\AppData\Local\{6E6201D5-BB43-471F-9364-C996BB98E7D6}
2011-06-05 17:12:50 -------- d-----w- C:\Users\Rob\AppData\Local\{AA6B5B91-6BAD-4321-AD5E-9C495E3BBCF3}
2011-06-05 02:41:55 -------- d-----w- C:\Users\Rob\AppData\Local\{39ED6CBF-995F-414A-8D24-9DD121230134}
2011-06-04 13:44:57 -------- d-----w- C:\Users\Rob\AppData\Local\{A6CDE405-DB88-498D-A0CB-DC4C16ADB415}
2011-06-03 23:44:43 -------- d-----w- C:\Users\Rob\AppData\Local\{7CBC8BA1-1594-4267-A64F-378C89569B58}
2011-06-03 01:01:21 -------- d-----w- C:\Users\Rob\AppData\Local\{AAA6B11B-E1E0-44D5-B850-D9ABFC30DD11}
2011-06-02 11:31:25 -------- d-----w- C:\Users\Rob\AppData\Local\{2F4401A0-E74C-42DA-B5FB-386F0F0806D3}
2011-06-01 13:42:41 -------- d-----w- C:\Users\Rob\AppData\Local\{4B285E89-3824-4610-AE6F-6DE53BE6B7F2}
2011-05-31 14:48:20 -------- d-----w- C:\Users\Rob\AppData\Local\{00CB839A-31C5-41EA-995B-1F0411B4FBAA}
2011-05-30 22:26:10 -------- d-----w- C:\Users\Rob\AppData\Local\{2AD558D6-95C2-4FDE-B8DD-D25C1D249802}
2011-05-29 21:56:38 -------- d-----w- C:\Users\Rob\AppData\Local\{70176E97-6502-4115-92A1-EAF88A8B376E}
2011-05-29 15:57:47 -------- d-----w- C:\Program Files (x86)\WebEnhancements
2011-05-29 15:57:47 -------- d-----w- C:\Program Files (x86)\Viasheep Games
2011-05-29 15:57:47 -------- d-----w- C:\Program Files (x86)\Search Dock
2011-05-29 15:57:47 -------- d-----w- C:\Program Files (x86)\Click Coupon
2011-05-29 15:51:42 -------- d-----w- C:\Program Files (x86)\Real Alternative
2011-05-29 06:01:03 -------- d-----w- C:\Users\Rob\AppData\Local\{EB874F50-837C-4ED5-8F1F-4270063FA937}
2011-05-28 14:29:37 -------- d-----w- C:\Users\Rob\AppData\Local\{72647BC4-32E5-4AB0-94BF-96F769A733E6}
2011-05-27 11:46:11 -------- d-----w- C:\Users\Rob\AppData\Local\{2DE1B0F5-7267-4A54-9D37-0C421D4DACB8}
2011-05-27 11:45:01 -------- d-----w- C:\Users\Rob\AppData\Local\CrashDumps
2011-05-26 15:36:50 -------- d-----w- C:\Program Files (x86)\WizMouse
2011-05-26 15:15:49 -------- d-----w- C:\ProgramData\Soluto
.
==================== Find3M ====================
.
2011-06-23 09:27:11 46160 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
2011-06-23 09:27:11 29776 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
2011-06-14 14:32:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-08 16:54:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-08 16:54:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-04-08 14:17:46 64272 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
.
============= FINISH: 10:37:42.87 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2010 11:46:49 PM
System Uptime: 6/25/2011 4:23:36 AM (6 hours ago)
.
Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 444.902 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.386 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NAVEX15
Device ID: ROOT\LEGACY_NAVEX15\0000
Manufacturer:
Name: NAVEX15
PNP Device ID: ROOT\LEGACY_NAVEX15\0000
Service: NAVEX15
.
==== System Restore Points ===================
.
RP486: 5/8/2011 12:43:48 PM - Windows 7 Service Pack 1
RP487: 5/8/2011 11:48:31 PM - Windows Update
RP488: 5/9/2011 3:00:12 AM - Windows Update
RP489: 5/9/2011 8:37:58 AM - Installed Rapport
RP490: 5/11/2011 3:00:12 AM - Windows Update
RP491: 5/11/2011 7:43:13 AM - Windows Update
RP492: 5/13/2011 9:42:22 AM - Installed PretonSaver Home Edition.
RP493: 5/17/2011 3:16:52 AM - Windows Update
RP494: 5/24/2011 3:46:02 AM - Windows Update
RP495: 5/26/2011 3:00:11 AM - Windows Update
RP496: 5/26/2011 11:16:06 AM - Soluto
RP497: 5/26/2011 12:46:52 PM - Removed Soluto
RP498: 5/28/2011 4:40:36 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus
RP499: 5/28/2011 4:41:37 PM - Revo Uninstaller's restore point - WizMouse v1.6.0.1
RP500: 5/31/2011 2:33:34 AM - Windows Update
RP501: 6/3/2011 3:57:35 AM - Windows Update
RP502: 6/6/2011 8:11:53 AM - Installed HiJackThis
RP503: 6/6/2011 7:53:14 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus
RP504: 6/6/2011 7:54:31 PM - Revo Uninstaller's restore point - Mamutu 3.0
RP505: 6/7/2011 5:56:35 AM - Windows Update
RP506: 6/7/2011 8:18:03 AM - SmartyUninstaller06-07-2011
RP507: 6/11/2011 11:41:29 AM - Installed Drivers For Free.
RP508: 6/11/2011 12:01:24 PM - SmartyUninstall06-11-201112:01:20
RP509: 6/11/2011 12:01:39 PM - Removed Drivers For Free.
RP510: 6/14/2011 2:43:23 AM - Windows Update
RP511: 6/14/2011 10:26:26 AM - Windows Modules Installer
RP512: 6/14/2011 10:33:45 AM - SmartyUninstall06-14-201110:33:28
RP513: 6/15/2011 9:28:53 AM - Auslogics Regisry Defrag - before defragmentation
RP514: 6/15/2011 11:10:24 PM - HPSF Restore Point
RP515: 6/16/2011 10:38:46 AM - Windows Update
RP516: 6/18/2011 3:00:22 AM - Windows Update
RP517: 6/19/2011 7:34:01 PM - SmartyUninstall06-19-201119:33:49
RP519: 6/20/2011 10:52:07 PM - Windows Defender Checkpoint
RP520: 6/21/2011 4:05:16 AM - Windows Update
RP521: 6/21/2011 8:12:41 AM - Spyware Doctor: Cleaning Threats
RP522: 6/21/2011 8:48:49 AM - SmartyUninstall06-21-201108:48:45
RP523: 6/21/2011 11:57:17 AM - SmartyUninstall06-21-201111:56:53
RP524: 6/21/2011 11:59:33 AM - Revo Uninstaller's restore point - Spyware Doctor with AntiVirus 8.0
RP525: 6/21/2011 12:01:10 PM - Revo Uninstaller's restore point - Bing Bar
RP526: 6/23/2011 3:56:03 AM - SmartyUninstall06-23-201103:55:46
RP527: 6/23/2011 5:07:22 AM - avast! Free Antivirus Setup
RP528: 6/23/2011 5:15:00 AM - Windows Modules Installer
RP529: 6/23/2011 5:31:21 AM - avast! Free Antivirus Setup
RP530: 6/23/2011 5:41:54 AM - Spyware Doctor: Cleaning Threats
RP531: 6/23/2011 6:16:44 AM - Revo Uninstaller's restore point - Spyware Doctor with AntiVirus 8.0
RP532: 6/23/2011 6:27:43 AM - Revo Uninstaller's restore point - Google Toolbar for Firefox
RP533: 6/23/2011 6:28:26 AM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer
RP534: 6/23/2011 6:36:06 AM - Revo Uninstaller's restore point - ZoneAlarm
RP535: 6/23/2011 6:56:48 AM - avast! Free Antivirus Setup
RP536: 6/23/2011 7:20:33 AM - avast! Free Antivirus Setup
RP537: 6/23/2011 7:43:38 AM - Spyware Terminator - restore point
RP538: 6/23/2011 7:37:52 PM - Spyware Terminator - restore point
RP539: 6/24/2011 3:00:12 AM - Windows Update
RP540: 6/24/2011 9:14:49 AM - Spyware Terminator - restore point
RP541: 6/24/2011 10:09:12 AM - Installed Microsoft Fix it 50378
RP542: 6/25/2011 9:17:56 AM - Installed SpyZooka
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Advanced SystemCare 4
Aiseesoft Blu-ray Ripper
Aiseesoft DVD Ripper 6.1.10
Aiseesoft Streaming Video Recorder
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 2010 Advanced
Ashampoo MyAutoplay Menu 1.0.3
Ashampoo Photo Commander 7.60
Audiobook Downloader Pro 1.2
Auslogics BoostSpeed
Auslogics Disk Defrag
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Build-a-lot 2
Cake Mania
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Chuzzle Deluxe
CodedColor PhotoStudio 2010, 6.1.2
Compatibility Pack for the 2007 Office system
Crawler Toolbar with Web Security Guard
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
DVDFab 8.0.7.2 (26/01/2011)
EASEUS Photo Recovery 3.0.1
Emsisoft Anti-Malware 5.1
Escape Rosecliff Island
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Faerie Solitaire
FATE
FUJIFILM MyFinePix Studio 1.0
Google Apps
Google Chrome
Google Earth
Google Update Helper
Google Updater
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Hulu Desktop
iCare Data Recovery 4.0
Immunet Protect
Inpaint 3.0
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
kgcbase
Kodak EasyShare software
KSU
LabelPrint
LightScribe System Software
magicJack
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MotoHelper 2.0.40 Driver 4.9.0
MotoHelper MergeModules
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
netbrdg
Notifier
OfotoXMI
PCHand Media Converter Pro 1.2.0.0
PDF Viewer 0.1
Penguins!
PhotoNow!
Picasa 3
PictureMover
Pixpedia Publisher 3.0.8
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Protected Folder
QuickTime
Ralink RT2860 Wireless LAN Card
Rapport
Real Alternative 2.0.2
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.92
RingtoneJunkiez Desktop
Roxio CinemaNow 2.0
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SFR
SHASTA
skin0001
SKINXSDK
Smarty Uninstaller Pro
Spybot - Search & Destroy
staticcr
TaxACT 2010
TextTwist 2
The Cleaner 2012
The Lord of the Rings FREE Trial
tooltips
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.9
VPRINTOL
wGXe Photo Recovery
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinUtilities 10.21 Professional Edition
WinUtilities 10.22 Free Edition
WinX DVD Author 5.9
WinX DVD Copy Pro 2.0.0
WIRELESS
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/25/2011 4:25:20 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
6/25/2011 4:25:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/25/2011 4:25:12 AM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/25/2011 4:25:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
6/25/2011 4:23:55 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
6/25/2011 4:23:55 AM, Error: SRTSP [4] - Error loading virus definitions.
6/25/2011 4:21:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/25/2011 4:18:50 AM, Error: Service Control Manager [7030] - The VirIT eXplorer Lite service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/25/2011 4:12:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/25/2011 10:26:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Rob-HP\Rob SID (S-1-5-21-3250728646-3849637711-2225151899-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/25/2011 10:02:08 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
6/25/2011 10:02:08 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
6/25/2011 10:02:08 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
6/24/2011 3:17:08 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
6/24/2011 10:22:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/23/2011 7:37:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
6/23/2011 7:34:22 AM, Error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).
6/23/2011 4:51:10 AM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/21/2011 8:05:51 AM, Error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).
6/21/2011 7:58:20 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/21/2011 12:04:14 PM, Error: volmgr [46] - Crash dump initialization failed!
6/21/2011 10:39:59 AM, Error: Service Control Manager [7000] - The PC Tools Spyware Doctor Driver service failed to start due to the following error: Incorrect function.
6/21/2011 10:27:58 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am
Advertisement
Register to Remove

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » June 27th, 2011, 8:38 pm

Looking at your log.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » June 29th, 2011, 7:37 am

prfek,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Advanced SystemCare 4
Auslogics BoostSpeed
Auslogics Disk Defrag
Immunet Protect
Crawler Toolbar with Web Security Guard

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • Download OTL to your desktop.
  • You can also download OTL from HERE
  • Right click the the icon to run it and choose "Run as administrator".. Make sure all other windows are closed to let it run uninterrupted.
  • Click Scan All Users. Also click Include 64-bit Scans if your Windows is 64-bit.
  • When the window appears, In the Standard Registry box, click All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
      as OTL (should be on your desktop).
    • Make sure Notepad's Format, Wordwrap is unchecked.
    • Please copy the contents of each of these files, one at a time, and post them in your next reply.
  • Use separate replies if you wish.
The Extras.txt file will only show up the very first time you run OTL.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • OTL.txt
  • Extras.txt
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » June 29th, 2011, 10:20 am

OTL logfile created on: 6/29/2011 10:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
7.48 Gb Paging File | 5.73 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 427.07 Gb Free Space | 62.17% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.39 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive J: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.59 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ROB-HP | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 11:54:02 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/02/02 01:02:42 | 000,091,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/29 14:43:22 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2010/12/27 12:31:42 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/12/03 15:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/19 15:45:16 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\atillk64.sys -- (atillk64)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/04/28 14:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 14:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/16 18:59:28 | 000,036,792 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 75 E6 06 62 B3 CD 4F 87 90 45 EB 9A DA 4F B3 [binary data]
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 75 E6 06 62 B3 CD 4F 87 90 45 EB 9A DA 4F B3 [binary data]
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/whatstrending?tag=nl.e400
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 75 E6 06 62 B3 CD 4F 87 90 45 EB 9A DA 4F B3 [binary data]
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.huffingtonpost.com/"
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.25
FF - prefs.js..extensions.enabledItems: {CAD77134-400A-41f9-83BE-5FBF5F1A42C0}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23b080b4-5ebd-4d55-be73-c68d05e338bc}:1.0
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 06:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/23 06:33:51 | 000,000,000 | ---D | M]

[2010/08/26 09:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2010/08/26 09:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/25 08:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions
[2011/06/23 10:27:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{23b080b4-5ebd-4d55-be73-c68d05e338bc}
[2011/06/23 06:34:04 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2011/06/25 08:02:35 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] (Coupon Cabin Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{CAD77134-400A-41f9-83BE-5FBF5F1A42C0}
[2011/03/24 22:36:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\engine@conduit.com
[2011/02/25 11:56:16 | 000,001,919 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\searchplugins\bing-zugo.xml
[2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\searchplugins\conduit.xml
[2011/06/23 06:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/23 06:33:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/06 12:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/28 11:20:14 | 000,435,402 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14982 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001..\Run: [cdloader] C:\Users\Rob\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001..\Run: [ctfmon.exe] C:\Windows\SysWOW64\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKU\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resour ... cctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/17 12:17:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,728,816 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/29 10:01:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D42971B8-50AC-4937-81D9-B1EF337E7726}
[2011/06/28 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C8D2D45D-B885-434D-86AC-54C592DD5CF5}
[2011/06/27 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{832F2F25-D9E9-4B7F-81D2-67EB1D90E04A}
[2011/06/26 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DDB1CFE1-9CBF-4635-9886-15F2A5F90722}
[2011/06/26 09:20:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{02FBBC36-6ECB-4252-B74B-A927E6BAC9C6}
[2011/06/25 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{E3A2DCF7-6602-46E0-A3C1-99C9748CF0CA}
[2011/06/25 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/06/25 09:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/06/25 09:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2011/06/25 09:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XoftSpySE
[2011/06/25 09:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2011/06/25 09:19:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C4D7226D-F140-47DA-B171-50D882CC2633}
[2011/06/25 09:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyZooka
[2011/06/25 06:58:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Anti-Malware
[2011/06/25 04:22:30 | 000,081,144 | ---- | C] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/25 04:18:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/24 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{EEDDD675-4D88-4BE0-8B85-578671610928}
[2011/06/24 20:03:25 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/24 19:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/24 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/24 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{ACC9A7EA-5FF0-4AD8-8A22-AB88A37B8D51}
[2011/06/23 20:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/23 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D5B5A8CD-C56C-42F4-BDC6-A45D5121C0A2}
[2011/06/23 11:14:19 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/23 11:14:18 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/23 11:14:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/23 11:14:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/23 09:17:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/06/23 07:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/23 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/23 07:16:28 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/06/23 06:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/23 05:33:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Immunet
[2011/06/23 05:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/06/23 05:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps
[2011/06/23 05:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/23 05:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/06/23 05:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/06/23 05:07:52 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CDB9C1F-EFE4-4A21-9E74-DEEC4E473B81}
[2011/06/22 08:31:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{25E607D3-3AFB-4999-9196-87650F621EDB}
[2011/06/21 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2011/06/21 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/06/21 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/06/21 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/06/21 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{56008EDC-A9D9-4231-A2B7-4BD8B6F5B4FF}
[2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\PC Tools
[2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/21 07:49:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/06/21 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/21 06:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2011/06/21 00:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/20 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{34FA15AE-F992-431D-AED0-D3459C24F550}
[2011/06/20 01:14:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{09ADF9F1-22F7-4D52-B4ED-05B840F1443D}
[2011/06/19 09:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/19 08:43:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DF1DA17F-15F6-4E6B-8D3B-8948FD2DE602}
[2011/06/18 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1E72350B-B695-466C-A71C-F5C33F8297BB}
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperUtils.com
[2011/06/18 01:32:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3B843EB8-82D7-4765-A464-587DFF42B6F4}
[2011/06/17 11:46:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8C7565A2-7B25-4C4E-87C1-80FC9D5A6E90}
[2011/06/16 19:58:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2DBEDE87-52AA-4C68-A516-E2BF6EFCF724}
[2011/06/16 10:19:22 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/16 01:10:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A4DE7215-C06E-4922-91FE-FD801FFFF873}
[2011/06/15 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{28F1EBBB-186E-4A19-B8B2-E02CCF82AD1E}
[2011/06/14 12:25:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{79306C2E-4D05-4DA6-B8C8-F775EBD12E01}
[2011/06/14 10:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/06/13 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{617B4F33-A7AF-4FD0-B4FD-1C3CFB893ED2}
[2011/06/13 09:54:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4B26F1C6-6878-4FA2-917E-A3A8CF40B684}
[2011/06/12 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3F051E22-ED9E-4CDA-8638-87EEC93E8815}
[2011/06/11 11:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2011/06/11 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Drivers_For_Free
[2011/06/11 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/06/11 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/11 11:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/06/11 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6B4A4B35-644B-4472-8A16-093D806CD884}
[2011/06/10 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9D0D7E0F-AFCC-4CB0-9F32-91A2999B24FF}
[2011/06/09 16:52:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6FA2DBF5-2813-4955-9B32-6E865AF651E0}
[2011/06/09 02:47:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{29AD2085-FA2A-40E7-A7A5-775DFB30BD05}
[2011/06/08 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A8787725-83D6-40FB-B8D8-5095B6096241}
[2011/06/07 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{824784F3-8182-4978-B3C6-F7E212CEB3F9}
[2011/06/07 08:17:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/06/07 08:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smarty Uninstaller
[2011/06/07 08:17:02 | 004,603,616 | ---- | C] (DevComponents.com) -- C:\Windows\SysWow64\DevComponents.DotNetBar2.dll
[2011/06/07 08:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smarty Uninstaller
[2011/06/07 08:12:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4D4DF58B-E5C5-4AC5-914A-C9B8F3A5C7FC}
[2011/06/06 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{837C700F-B582-4BB7-B05B-1B2AB52C62FA}
[2011/06/06 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6E6201D5-BB43-471F-9364-C996BB98E7D6}
[2011/06/05 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AA6B5B91-6BAD-4321-AD5E-9C495E3BBCF3}
[2011/06/04 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{39ED6CBF-995F-414A-8D24-9DD121230134}
[2011/06/04 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A6CDE405-DB88-498D-A0CB-DC4C16ADB415}
[2011/06/03 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CBC8BA1-1594-4267-A64F-378C89569B58}
[2011/06/02 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AAA6B11B-E1E0-44D5-B850-D9ABFC30DD11}
[2011/06/02 07:31:25 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2F4401A0-E74C-42DA-B5FB-386F0F0806D3}
[2011/06/01 09:42:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4B285E89-3824-4610-AE6F-6DE53BE6B7F2}
[2011/05/31 10:48:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{00CB839A-31C5-41EA-995B-1F0411B4FBAA}
[2011/05/30 18:26:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2AD558D6-95C2-4FDE-B8DD-D25C1D249802}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/29 10:02:41 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 10:02:41 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 10:02:41 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 10:01:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/29 09:58:13 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/29 09:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 09:57:36 | 3013,521,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/29 09:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/06/29 09:42:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/29 09:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/29 02:21:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/28 19:51:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 19:51:49 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 19:45:30 | 000,000,993 | ---- | M] () -- C:\Users\Rob\Desktop\magicJack.lnk
[2011/06/28 13:43:03 | 000,002,395 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/28 11:20:14 | 000,435,402 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/28 11:02:14 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2011/06/28 09:47:43 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/06/27 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/26 23:00:12 | 000,003,584 | ---- | M] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 17:23:52 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRob.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 12:32:42 | 000,002,997 | ---- | M] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:49:38 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/25 05:16:23 | 000,010,240 | ---- | M] () -- C:\Windows\listcmd.bin
[2011/06/25 04:22:10 | 000,081,144 | ---- | M] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/24 20:03:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 19:59:43 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 19:54:00 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/06/24 13:09:06 | 000,022,068 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/24 09:34:14 | 000,001,443 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 20:50:23 | 000,001,280 | ---- | M] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 07:38:24 | 000,001,915 | ---- | M] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/23 07:29:37 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/23 07:25:07 | 000,000,024 | ---- | M] () -- C:\ProgramData\3c5a746c
[2011/06/23 06:34:26 | 000,002,060 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 06:33:56 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:33:22 | 001,694,734 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/23 05:32:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/23 05:28:50 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:27 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 04:07:05 | 000,021,221 | ---- | M] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 19:38:05 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:08:39 | 000,000,115 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/06/21 10:01:19 | 000,000,206 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 10:00:02 | 000,037,218 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 09:58:53 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/20 23:14:29 | 000,009,984 | -HS- | M] () -- C:\ProgramData\l37cuo5nom40nacrll711adf06x256r324
[2011/06/20 23:14:28 | 000,009,984 | -HS- | M] () -- C:\Users\Rob\AppData\Local\l37cuo5nom40nacrll711adf06x256r324
[2011/06/18 08:26:21 | 000,001,320 | ---- | M] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/16 12:47:35 | 000,328,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/14 10:32:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/07 08:17:03 | 000,001,146 | ---- | M] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/06/02 08:23:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 10:52:54 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 23:00:12 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 12:32:42 | 000,002,997 | ---- | C] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:32:50 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/25 09:32:07 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 09:32:05 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/25 08:02:12 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/25 04:27:08 | 000,010,240 | ---- | C] () -- C:\Windows\listcmd.bin
[2011/06/24 19:59:47 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/24 19:59:43 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 13:09:02 | 000,022,068 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/23 20:50:23 | 000,001,280 | ---- | C] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 07:38:24 | 000,001,915 | ---- | C] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:08 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/23 06:33:55 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/23 06:24:58 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 05:28:50 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:26 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 05:27:33 | 000,002,060 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 05:27:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:26:22 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/23 04:07:05 | 000,021,221 | ---- | C] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 20:56:09 | 000,000,024 | ---- | C] () -- C:\ProgramData\3c5a746c
[2011/06/22 19:08:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:39:56 | 001,694,734 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/21 10:01:16 | 000,000,206 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 09:59:51 | 000,037,218 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 07:50:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\Users\Rob\AppData\Local\l37cuo5nom40nacrll711adf06x256r324
[2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\ProgramData\l37cuo5nom40nacrll711adf06x256r324
[2011/06/19 09:38:08 | 000,002,395 | ---- | C] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/19 09:37:30 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/06/19 09:37:29 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/18 08:26:21 | 000,001,320 | ---- | C] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/07 08:17:03 | 000,001,146 | ---- | C] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/05/26 11:18:06 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/02/17 19:35:13 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/01/06 09:17:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 09:34:08 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/11/14 22:51:29 | 000,855,641 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\PandaIDProtectHelp.chm
[2010/10/30 10:09:36 | 000,033,134 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\UserTile.png
[2010/10/12 10:33:14 | 000,000,546 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\wklnhst.dat
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/29 10:06:06 | 000,007,604 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/28 21:17:52 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/27 17:30:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/04/27 17:20:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/09 08:39:06 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/05/09 08:39:06 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2010/09/17 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo
[2010/12/25 09:19:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Burn4U
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Byngo
[2011/06/02 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/06/23 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Catalina Marketing Corp
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CodedColor
[2010/10/19 12:20:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1
[2011/04/23 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Digiarty
[2011/06/11 11:58:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/24 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/21 07:50:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/02/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2011/06/28 19:45:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\mjusbsp
[2010/09/01 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\My.Freeze.com NetAssistant
[2011/02/17 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Panda Security
[2010/08/15 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Viewer
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PictureMover
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Pixpedia Publisher
[2011/06/25 08:43:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/02/19 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SanDisk
[2011/06/28 10:13:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Software Informer
[2010/08/29 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Stardock
[2011/06/18 08:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2010/10/29 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SurfSecret Privacy Suite
[2011/03/21 11:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2011/04/07 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\thecleaner
[2011/04/13 08:34:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Trusteer
[2011/02/16 10:23:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TweakNow RegCleaner 2011
[2010/08/14 10:22:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinBatch
[2010/10/21 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2011/06/11 12:22:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinPatrol
[2011/04/27 14:13:38 | 000,000,004 | -HS- | M] () -- C:\Windows\Tasks\FOLDER.TSX
[2011/06/27 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/05/31 10:52:54 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/21 10:10:47 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:CB9FA647
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B1CD2545
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1069 bytes -> C:\Users\Rob\Documents\Meathead Goldwyn_ No Marshmallows! Sweet & Savory Sweet Potato Steak Fries.eml:OECustomProperty

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » June 29th, 2011, 10:21 am

AOTL Extras logfile created on: 6/29/2011 10:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.29% Memory free
7.48 Gb Paging File | 5.73 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 427.07 Gb Free Space | 62.17% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.39 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive J: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.59 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ROB-HP | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB1CF8F1-C0B8-4EDD-B5B1-E6B19B6CBCA4}" = PretonSaver Home Edition
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D7F7D7C0-6832-4687-B8EB-92555DA859A8}" = Motorola Mobile Drivers Installation 4.9.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B13694E-0119-43B0-9DE3-2647BB634B14}" = wGXe Photo Recovery
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish
"{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian
"{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light
"{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish
"{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C20A5184-E994-4CF4-A388-30236A94AD41}_is1" = Smarty Uninstaller Pro
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}" = RingtoneJunkiez Desktop
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
"{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing
"{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish
"{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation
"{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 10.21 Professional Edition
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.22 Free Edition
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish
"{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aiseesoft Blu-ray Ripper_is1" = Aiseesoft Blu-ray Ripper
"Aiseesoft DVD Ripper_is1" = Aiseesoft DVD Ripper 6.1.10
"Aiseesoft Streaming Video Recorder_is1" = Aiseesoft Streaming Video Recorder
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo MyAutoplay Menu_is1" = Ashampoo MyAutoplay Menu 1.0.3
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Audiobook Downloader Pro" = Audiobook Downloader Pro 1.2
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CodedColor_is1" = CodedColor PhotoStudio 2010, 6.1.2
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"EASEUS Photo Recovery 3.0.1_is1" = EASEUS Photo Recovery 3.0.1
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Google Updater" = Google Updater
"iCare Data Recovery_is1" = iCare Data Recovery 4.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MotoHelper" = MotoHelper 2.0.40 Driver 4.9.0
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"My HP Game Console" = HP Game Console
"PCHand Media Converter Pro_is1" = PCHand Media Converter Pro 1.2.0.0
"PDF Viewer" = PDF Viewer 0.1
"Picasa 3" = Picasa 3
"pixpedia-en_is1" = Pixpedia Publisher 3.0.8
"Protected Folder_is1" = Protected Folder
"Rapport_msi" = Rapport
"RealAlt_is1" = Real Alternative 2.0.2
"Revo Uninstaller" = Revo Uninstaller 1.92
"TaxACT 2010" = TaxACT 2010
"The Cleaner_is1" = The Cleaner 2012
"VLC media player" = VLC media player 1.1.9
"WildTangent hp Master Uninstall" = HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinX DVD Author_is1" = WinX DVD Author 5.9
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 2.0.0
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3250728646-3849637711-2225151899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"magicJack" = magicJack
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » June 29th, 2011, 10:22 am

Thanks for all of the help. It is greatly appreciated.....
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » June 29th, 2011, 2:28 pm

prfek,
Download this file and save it to your desktop. DO NOT RUN IT or Double click it yet.
http://download.bleepingcomputer.com/reg/FixNCR.reg
Let me know if you can download it and save it OK.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » June 30th, 2011, 6:24 pm

Download complete. No problem Have it on the desktop.
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » June 30th, 2011, 7:07 pm

prfek,
Good work.
Right click on FixNCR.reg on your desktop and choose "run as administrator".
DO NOT REBOOT.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 5 different versions. If one of them won't run, then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill or eXplorer desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » June 30th, 2011, 7:36 pm

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6989

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/30/2011 7:33:31 PM
mbam-log-2011-06-30 (19-33-31).txt

Scan type: Quick scan
Objects scanned: 169660
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » July 1st, 2011, 7:33 am

prfek,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/03/24 22:36:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\engine@conduit.com
    [2011/02/25 11:56:16 | 000,001,919 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\searchplugins\bing-zugo.xml
    [2011/06/23 06:34:04 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
    engine@conduit.com
    [2011/03/23 20:42:20 | 000,000,939 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\searchplugins\conduit.xml
    [2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
    [2011/06/25 09:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/06/25 09:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
    [2011/06/25 09:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XoftSpySE
    [2011/06/25 09:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
    [2011/06/25 09:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyZooka
    [2011/06/24 19:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2011/06/24 19:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2011/06/23 05:33:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Immunet
    [2011/06/23 05:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
    [2011/06/21 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2011/06/21 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2011/06/11 11:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » July 1st, 2011, 11:24 am

OTL logfile created on: 7/1/2011 11:20:58 AM - Run 2
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 58.83% Memory free
7.48 Gb Paging File | 5.69 Gb Available in Paging File | 76.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 421.16 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.39 Gb Free Space | 12.08% Space Free | Partition Type: NTFS

Computer Name: ROB-HP | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/02/02 01:02:42 | 000,091,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2010/12/27 12:31:42 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/12/03 15:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/19 15:45:16 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\atillk64.sys -- (atillk64)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/04/28 14:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 14:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/03/16 18:59:28 | 000,036,792 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/whatstrending?tag=nl.e400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 75 E6 06 62 B3 CD 4F 87 90 45 EB 9A DA 4F B3 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.huffingtonpost.com/"
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.25
FF - prefs.js..extensions.enabledItems: {CAD77134-400A-41f9-83BE-5FBF5F1A42C0}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23b080b4-5ebd-4d55-be73-c68d05e338bc}:1.0
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/30 20:07:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 20:07:03 | 000,000,000 | ---D | M]

[2010/08/26 09:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2011/07/01 11:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions
[2011/06/23 10:27:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{23b080b4-5ebd-4d55-be73-c68d05e338bc}
[2011/06/25 08:02:35 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] (Coupon Cabin Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{CAD77134-400A-41f9-83BE-5FBF5F1A42C0}
[2011/06/23 06:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PLVF7VE.DEFAULT\EXTENSIONS\{5835466C-49AF-4CBE-B102-A8C8B6313749}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/28 11:20:14 | 000,435,402 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14982 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Rob\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resour ... cctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/17 12:17:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 11:00:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{627DA201-8F96-4BBF-AA00-4C277DBCD778}
[2011/06/30 20:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/30 20:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/30 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1B323C5F-2FAC-45CD-957C-1AF683DDC7C6}
[2011/06/29 17:33:16 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0C5184B7-6FA4-4174-9E94-D72D33E11739}
[2011/06/29 10:01:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D42971B8-50AC-4937-81D9-B1EF337E7726}
[2011/06/28 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C8D2D45D-B885-434D-86AC-54C592DD5CF5}
[2011/06/27 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{832F2F25-D9E9-4B7F-81D2-67EB1D90E04A}
[2011/06/26 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DDB1CFE1-9CBF-4635-9886-15F2A5F90722}
[2011/06/26 09:20:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{02FBBC36-6ECB-4252-B74B-A927E6BAC9C6}
[2011/06/25 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{E3A2DCF7-6602-46E0-A3C1-99C9748CF0CA}
[2011/06/25 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/06/25 09:19:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C4D7226D-F140-47DA-B171-50D882CC2633}
[2011/06/25 06:58:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Anti-Malware
[2011/06/25 04:22:30 | 000,081,144 | ---- | C] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/25 04:18:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/24 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{EEDDD675-4D88-4BE0-8B85-578671610928}
[2011/06/24 20:03:25 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/24 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{ACC9A7EA-5FF0-4AD8-8A22-AB88A37B8D51}
[2011/06/23 20:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/23 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D5B5A8CD-C56C-42F4-BDC6-A45D5121C0A2}
[2011/06/23 09:17:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/06/23 07:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/23 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/23 07:16:28 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/06/23 06:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/23 05:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps
[2011/06/23 05:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/23 05:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/06/23 05:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/06/23 05:07:52 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CDB9C1F-EFE4-4A21-9E74-DEEC4E473B81}
[2011/06/22 08:31:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{25E607D3-3AFB-4999-9196-87650F621EDB}
[2011/06/21 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2011/06/21 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/06/21 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/06/21 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{56008EDC-A9D9-4231-A2B7-4BD8B6F5B4FF}
[2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\PC Tools
[2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/06/21 07:49:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/06/21 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/21 06:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2011/06/21 00:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/20 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{34FA15AE-F992-431D-AED0-D3459C24F550}
[2011/06/20 01:14:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{09ADF9F1-22F7-4D52-B4ED-05B840F1443D}
[2011/06/19 09:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/19 08:43:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DF1DA17F-15F6-4E6B-8D3B-8948FD2DE602}
[2011/06/18 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1E72350B-B695-466C-A71C-F5C33F8297BB}
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperUtils.com
[2011/06/18 01:32:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3B843EB8-82D7-4765-A464-587DFF42B6F4}
[2011/06/17 11:46:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8C7565A2-7B25-4C4E-87C1-80FC9D5A6E90}
[2011/06/16 19:58:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2DBEDE87-52AA-4C68-A516-E2BF6EFCF724}
[2011/06/16 01:10:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A4DE7215-C06E-4922-91FE-FD801FFFF873}
[2011/06/15 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{28F1EBBB-186E-4A19-B8B2-E02CCF82AD1E}
[2011/06/14 12:25:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{79306C2E-4D05-4DA6-B8C8-F775EBD12E01}
[2011/06/14 10:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/06/13 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{617B4F33-A7AF-4FD0-B4FD-1C3CFB893ED2}
[2011/06/13 09:54:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4B26F1C6-6878-4FA2-917E-A3A8CF40B684}
[2011/06/12 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3F051E22-ED9E-4CDA-8638-87EEC93E8815}
[2011/06/11 11:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2011/06/11 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Drivers_For_Free
[2011/06/11 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/06/11 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/11 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6B4A4B35-644B-4472-8A16-093D806CD884}
[2011/06/10 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9D0D7E0F-AFCC-4CB0-9F32-91A2999B24FF}
[2011/06/09 16:52:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6FA2DBF5-2813-4955-9B32-6E865AF651E0}
[2011/06/09 02:47:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{29AD2085-FA2A-40E7-A7A5-775DFB30BD05}
[2011/06/08 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A8787725-83D6-40FB-B8D8-5095B6096241}
[2011/06/07 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{824784F3-8182-4978-B3C6-F7E212CEB3F9}
[2011/06/07 08:17:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/06/07 08:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smarty Uninstaller
[2011/06/07 08:17:02 | 004,603,616 | ---- | C] (DevComponents.com) -- C:\Windows\SysWow64\DevComponents.DotNetBar2.dll
[2011/06/07 08:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smarty Uninstaller
[2011/06/07 08:12:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4D4DF58B-E5C5-4AC5-914A-C9B8F3A5C7FC}
[2011/06/06 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{837C700F-B582-4BB7-B05B-1B2AB52C62FA}
[2011/06/06 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6E6201D5-BB43-471F-9364-C996BB98E7D6}
[2011/06/05 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AA6B5B91-6BAD-4321-AD5E-9C495E3BBCF3}
[2011/06/04 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{39ED6CBF-995F-414A-8D24-9DD121230134}
[2011/06/04 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A6CDE405-DB88-498D-A0CB-DC4C16ADB415}
[2011/06/03 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CBC8BA1-1594-4267-A64F-378C89569B58}
[2011/06/02 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AAA6B11B-E1E0-44D5-B850-D9ABFC30DD11}
[2011/06/02 07:31:25 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2F4401A0-E74C-42DA-B5FB-386F0F0806D3}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 11:21:18 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/01 11:18:30 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 11:18:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 11:17:54 | 3013,521,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 10:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/07/01 10:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 09:42:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/30 19:38:00 | 000,000,993 | ---- | M] () -- C:\Users\Rob\Desktop\magicJack.lnk
[2011/06/30 19:24:56 | 001,008,041 | ---- | M] () -- C:\Users\Rob\Desktop\rkill.exe
[2011/06/30 19:24:17 | 000,001,134 | ---- | M] () -- C:\Users\Rob\Desktop\FixNCR.reg
[2011/06/30 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/30 14:56:58 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/06/30 02:31:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 02:31:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 14:07:52 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 14:07:52 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 14:07:52 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 11:19:31 | 000,328,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 02:21:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/28 13:43:03 | 000,002,395 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/28 11:20:14 | 000,435,402 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/28 11:02:14 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2011/06/28 09:47:43 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/06/26 23:00:12 | 000,003,584 | ---- | M] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 17:23:52 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRob.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 12:32:42 | 000,002,997 | ---- | M] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:49:38 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/25 05:16:23 | 000,010,240 | ---- | M] () -- C:\Windows\listcmd.bin
[2011/06/25 04:22:10 | 000,081,144 | ---- | M] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/24 20:03:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 19:59:43 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 19:54:00 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/06/24 13:09:06 | 000,022,068 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/24 09:34:14 | 000,001,443 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 20:50:23 | 000,001,280 | ---- | M] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 07:38:24 | 000,001,915 | ---- | M] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/23 07:29:37 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/23 07:25:07 | 000,000,024 | ---- | M] () -- C:\ProgramData\3c5a746c
[2011/06/23 06:34:26 | 000,002,060 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 06:33:56 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:33:22 | 001,694,734 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/23 05:32:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/23 05:28:50 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:27 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 04:07:05 | 000,021,221 | ---- | M] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 19:38:05 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:08:39 | 000,000,115 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/06/21 10:01:19 | 000,000,206 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 10:00:02 | 000,037,218 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 09:58:53 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/20 23:14:29 | 000,009,984 | -HS- | M] () -- C:\ProgramData\l37cuo5nom40nacrll711adf06x256r324
[2011/06/20 23:14:28 | 000,009,984 | -HS- | M] () -- C:\Users\Rob\AppData\Local\l37cuo5nom40nacrll711adf06x256r324
[2011/06/18 08:26:21 | 000,001,320 | ---- | M] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/07 08:17:03 | 000,001,146 | ---- | M] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/06/02 08:23:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 19:24:53 | 001,008,041 | ---- | C] () -- C:\Users\Rob\Desktop\rkill.exe
[2011/06/30 18:24:10 | 000,001,134 | ---- | C] () -- C:\Users\Rob\Desktop\FixNCR.reg
[2011/06/26 23:00:12 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 12:32:42 | 000,002,997 | ---- | C] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:32:50 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/25 09:32:07 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 09:32:05 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/25 08:02:12 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/25 04:27:08 | 000,010,240 | ---- | C] () -- C:\Windows\listcmd.bin
[2011/06/24 19:59:47 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/24 19:59:43 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 13:09:02 | 000,022,068 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/23 20:50:23 | 000,001,280 | ---- | C] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 07:38:24 | 000,001,915 | ---- | C] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:08 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/23 06:33:55 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/23 06:24:58 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 05:28:50 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:26 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 05:27:33 | 000,002,060 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 05:27:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:26:22 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/23 04:07:05 | 000,021,221 | ---- | C] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 20:56:09 | 000,000,024 | ---- | C] () -- C:\ProgramData\3c5a746c
[2011/06/22 19:08:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:39:56 | 001,694,734 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/21 10:01:16 | 000,000,206 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 09:59:51 | 000,037,218 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 07:50:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\Users\Rob\AppData\Local\l37cuo5nom40nacrll711adf06x256r324
[2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\ProgramData\l37cuo5nom40nacrll711adf06x256r324
[2011/06/19 09:38:08 | 000,002,395 | ---- | C] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/19 09:37:30 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/06/19 09:37:29 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/18 08:26:21 | 000,001,320 | ---- | C] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/07 08:17:03 | 000,001,146 | ---- | C] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/05/26 11:18:06 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/02/17 19:35:13 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/01/06 09:17:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 09:34:08 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/11/14 22:51:29 | 000,855,641 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\PandaIDProtectHelp.chm
[2010/10/30 10:09:36 | 000,033,134 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\UserTile.png
[2010/10/12 10:33:14 | 000,000,546 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\wklnhst.dat
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/29 10:06:06 | 000,007,604 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/28 21:17:52 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/27 17:30:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/04/27 17:20:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/17 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo
[2010/12/25 09:19:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Burn4U
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Byngo
[2011/06/02 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/06/23 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Catalina Marketing Corp
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CodedColor
[2010/10/19 12:20:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1
[2011/04/23 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Digiarty
[2011/06/11 11:58:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/24 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/21 07:50:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/02/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2011/06/30 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\mjusbsp
[2010/09/01 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\My.Freeze.com NetAssistant
[2011/02/17 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Panda Security
[2010/08/15 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Viewer
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PictureMover
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Pixpedia Publisher
[2011/06/25 08:43:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/02/19 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SanDisk
[2011/06/28 10:13:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Software Informer
[2010/08/29 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Stardock
[2011/06/18 08:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2010/10/29 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SurfSecret Privacy Suite
[2011/03/21 11:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2011/04/07 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\thecleaner
[2011/04/13 08:34:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Trusteer
[2011/02/16 10:23:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TweakNow RegCleaner 2011
[2010/08/14 10:22:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinBatch
[2010/10/21 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2011/06/11 12:22:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinPatrol
[2011/04/27 14:13:38 | 000,000,004 | -HS- | M] () -- C:\Windows\Tasks\FOLDER.TSX
[2011/06/30 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/06/30 14:56:58 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/21 10:10:47 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:CB9FA647
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B1CD2545
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1069 bytes -> C:\Users\Rob\Documents\Meathead Goldwyn_ No Marshmallows! Sweet & Savory Sweet Potato Steak Fries.eml:OECustomProperty

< End of report >
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » July 1st, 2011, 11:27 am

When the OTL rebooted the computer, after it came back a huge notebook file appeared. I have it on the desktop, but I did not know if I should attach it.
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am

Re: Windows 7 Home Security 2012 Malware

Unread postby askey127 » July 1st, 2011, 11:55 am

prfek,
We are removing Spybot here, so it won't interfere with corrections.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Spybot Search & Destroy

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.

(Be sure you get this done before running the OTL fix below, or Spybot's Teatimer may put the removed items back)!

-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2010/09/01 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\My.Freeze.com NetAssistant
    [2011/02/16 10:23:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TweakNow RegCleaner 2011
    [2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\Users\Rob\AppData\Local\l37cuo5nom40nacrll711adf06x256r324
    [2011/06/20 22:15:37 | 000,009,984 | -HS- | C] () -- C:\ProgramData\l37cuo5nom40nacrll711adf06x256r324
    [2011/06/21 12:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
    [2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\PC Tools
    [2011/06/21 07:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PLVF7VE.DEFAULT\EXTENSIONS\{5835466C-49AF-4CBE-B102-A8C8B6313749}
    [2011/02/17 17:17:48 | 000,000,000 | ---D | M] (Coupon Cabin Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{CAD77134-400A-41f9-83BE-5FBF5F1A42C0}
    [2011/06/23 10:27:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{23b080b4-5ebd-4d55-be73-c68d05e338bc}
    FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.25
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 75 E6 06 62 B3 CD 4F 87 90 45 EB 9A DA 4F B3 [binary data]
    DRV - [2011/03/16 18:59:28 | 000,036,792 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
    
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Tell me how it's running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Windows 7 Home Security 2012 Malware

Unread postby prfek » July 1st, 2011, 5:04 pm

Appears to be running fine. I don't detect any sign of the original problem.OTL logfile created on: 7/1/2011 4:55:55 PM - Run 3
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 63.02% Memory free
7.48 Gb Paging File | 5.92 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.92 Gb Total Space | 415.43 Gb Free Space | 60.48% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.39 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive J: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 17.59 Mb Total Space | 17.59 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: ROB-HP | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 19:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 08:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/02/02 01:02:42 | 000,091,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Preton\PretonSaver\PretonClientService.exe -- (PretonClientService)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/29 15:41:46 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/12/02 19:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/10/14 18:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/08 10:17:46 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2010/12/27 12:31:42 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2010/12/03 15:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/12/03 05:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2010/09/29 18:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 12:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/19 15:45:16 | 000,014,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\atillk64.sys -- (atillk64)
DRV:64bit: - [2009/12/18 23:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/10/19 17:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 20:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 20:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/29 20:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 20:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 21:32:26 | 000,231,224 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/04/28 14:34:54 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/04/28 14:34:54 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbsnews.com/whatstrending?tag=nl.e400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.huffingtonpost.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAD77134-400A-41f9-83BE-5FBF5F1A42C0}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23b080b4-5ebd-4d55-be73-c68d05e338bc}:1.0
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p="

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/30 20:07:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 20:07:03 | 000,000,000 | ---D | M]

[2010/08/26 09:11:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2011/07/01 16:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions
[2011/06/25 08:02:35 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\7plvf7ve.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/06/23 06:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
File not found (No name found) -- C:\USERS\ROB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7PLVF7VE.DEFAULT\EXTENSIONS\{5835466C-49AF-4CBE-B102-A8C8B6313749}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/28 11:20:14 | 000,435,402 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14982 more lines...
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\Rob\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resour ... cctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-be ... canner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/17 12:17:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,027,992 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 13:04:35 | 000,728,816 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 11:00:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/01 08:42:56 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{627DA201-8F96-4BBF-AA00-4C277DBCD778}
[2011/06/30 20:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/30 20:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/30 14:57:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1B323C5F-2FAC-45CD-957C-1AF683DDC7C6}
[2011/06/29 17:33:16 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0C5184B7-6FA4-4174-9E94-D72D33E11739}
[2011/06/29 10:01:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D42971B8-50AC-4937-81D9-B1EF337E7726}
[2011/06/28 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C8D2D45D-B885-434D-86AC-54C592DD5CF5}
[2011/06/27 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{832F2F25-D9E9-4B7F-81D2-67EB1D90E04A}
[2011/06/26 22:35:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DDB1CFE1-9CBF-4635-9886-15F2A5F90722}
[2011/06/26 09:20:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{02FBBC36-6ECB-4252-B74B-A927E6BAC9C6}
[2011/06/25 21:19:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{E3A2DCF7-6602-46E0-A3C1-99C9748CF0CA}
[2011/06/25 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 11:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/06/25 09:19:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C4D7226D-F140-47DA-B171-50D882CC2633}
[2011/06/25 06:58:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\Anti-Malware
[2011/06/25 04:22:30 | 000,081,144 | ---- | C] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/25 04:18:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/24 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{EEDDD675-4D88-4BE0-8B85-578671610928}
[2011/06/24 20:03:25 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/24 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{ACC9A7EA-5FF0-4AD8-8A22-AB88A37B8D51}
[2011/06/23 20:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/23 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D5B5A8CD-C56C-42F4-BDC6-A45D5121C0A2}
[2011/06/23 09:17:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/06/23 07:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/23 07:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/23 07:16:28 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/06/23 06:24:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/23 05:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps
[2011/06/23 05:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/23 05:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Updater
[2011/06/23 05:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2011/06/23 05:07:52 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/22 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CDB9C1F-EFE4-4A21-9E74-DEEC4E473B81}
[2011/06/22 08:31:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{25E607D3-3AFB-4999-9196-87650F621EDB}
[2011/06/21 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[2011/06/21 12:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/06/21 11:29:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{56008EDC-A9D9-4231-A2B7-4BD8B6F5B4FF}
[2011/06/21 07:49:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/06/21 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/06/21 06:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPitstop
[2011/06/21 00:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/06/20 13:56:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{34FA15AE-F992-431D-AED0-D3459C24F550}
[2011/06/20 01:14:11 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{09ADF9F1-22F7-4D52-B4ED-05B840F1443D}
[2011/06/19 09:38:06 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/19 08:43:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DF1DA17F-15F6-4E6B-8D3B-8948FD2DE602}
[2011/06/18 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1E72350B-B695-466C-A71C-F5C33F8297BB}
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperUtils.com
[2011/06/18 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperUtils.com
[2011/06/18 01:32:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3B843EB8-82D7-4765-A464-587DFF42B6F4}
[2011/06/17 11:46:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8C7565A2-7B25-4C4E-87C1-80FC9D5A6E90}
[2011/06/16 19:58:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2DBEDE87-52AA-4C68-A516-E2BF6EFCF724}
[2011/06/16 01:10:10 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A4DE7215-C06E-4922-91FE-FD801FFFF873}
[2011/06/15 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{28F1EBBB-186E-4A19-B8B2-E02CCF82AD1E}
[2011/06/14 12:25:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{79306C2E-4D05-4DA6-B8C8-F775EBD12E01}
[2011/06/14 10:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/06/13 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{617B4F33-A7AF-4FD0-B4FD-1C3CFB893ED2}
[2011/06/13 09:54:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4B26F1C6-6878-4FA2-917E-A3A8CF40B684}
[2011/06/12 10:30:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3F051E22-ED9E-4CDA-8638-87EEC93E8815}
[2011/06/11 11:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2011/06/11 11:58:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Drivers_For_Free
[2011/06/11 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011/06/11 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/11 09:28:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6B4A4B35-644B-4472-8A16-093D806CD884}
[2011/06/10 09:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9D0D7E0F-AFCC-4CB0-9F32-91A2999B24FF}
[2011/06/09 16:52:09 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6FA2DBF5-2813-4955-9B32-6E865AF651E0}
[2011/06/09 02:47:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{29AD2085-FA2A-40E7-A7A5-775DFB30BD05}
[2011/06/08 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A8787725-83D6-40FB-B8D8-5095B6096241}
[2011/06/07 20:38:36 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{824784F3-8182-4978-B3C6-F7E212CEB3F9}
[2011/06/07 08:17:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/06/07 08:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smarty Uninstaller
[2011/06/07 08:17:02 | 004,603,616 | ---- | C] (DevComponents.com) -- C:\Windows\SysWow64\DevComponents.DotNetBar2.dll
[2011/06/07 08:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smarty Uninstaller
[2011/06/07 08:12:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4D4DF58B-E5C5-4AC5-914A-C9B8F3A5C7FC}
[2011/06/06 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{837C700F-B582-4BB7-B05B-1B2AB52C62FA}
[2011/06/06 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{6E6201D5-BB43-471F-9364-C996BB98E7D6}
[2011/06/05 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AA6B5B91-6BAD-4321-AD5E-9C495E3BBCF3}
[2011/06/04 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{39ED6CBF-995F-414A-8D24-9DD121230134}
[2011/06/04 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A6CDE405-DB88-498D-A0CB-DC4C16ADB415}
[2011/06/03 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7CBC8BA1-1594-4267-A64F-378C89569B58}
[2011/06/02 21:01:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AAA6B11B-E1E0-44D5-B850-D9ABFC30DD11}
[2011/06/02 07:31:25 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2F4401A0-E74C-42DA-B5FB-386F0F0806D3}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/01 16:56:11 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/07/01 16:53:24 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 16:53:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 16:52:48 | 3013,521,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 16:42:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/07/01 16:32:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 16:27:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 16:27:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 16:24:18 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/01 16:24:18 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/01 16:24:18 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/01 11:29:52 | 000,000,993 | ---- | M] () -- C:\Users\Rob\Desktop\magicJack.lnk
[2011/07/01 09:42:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/30 19:24:56 | 001,008,041 | ---- | M] () -- C:\Users\Rob\Desktop\rkill.exe
[2011/06/30 19:24:17 | 000,001,134 | ---- | M] () -- C:\Users\Rob\Desktop\FixNCR.reg
[2011/06/30 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/30 14:56:58 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/06/29 11:19:31 | 000,328,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/29 10:01:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/29 02:21:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/28 13:43:03 | 000,002,395 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/28 11:20:14 | 000,435,402 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/28 11:02:14 | 000,000,046 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2011/06/28 09:47:43 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/06/26 23:00:12 | 000,003,584 | ---- | M] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 17:23:52 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRob.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 12:32:42 | 000,002,997 | ---- | M] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:49:38 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/25 05:16:23 | 000,010,240 | ---- | M] () -- C:\Windows\listcmd.bin
[2011/06/25 04:22:10 | 000,081,144 | ---- | M] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys
[2011/06/24 20:03:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/06/24 19:59:43 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 19:54:00 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/06/24 13:09:06 | 000,022,068 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/24 09:34:14 | 000,001,443 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/23 07:38:24 | 000,001,915 | ---- | M] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/23 07:29:37 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/23 07:25:07 | 000,000,024 | ---- | M] () -- C:\ProgramData\3c5a746c
[2011/06/23 06:34:26 | 000,002,060 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 06:33:56 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:33:22 | 001,694,734 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/23 05:32:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/23 05:28:50 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:27 | 000,002,296 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 04:07:05 | 000,021,221 | ---- | M] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 19:38:05 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:08:39 | 000,000,115 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2011/06/21 10:01:19 | 000,000,206 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 10:00:02 | 000,037,218 | ---- | M] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 09:58:53 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/06/18 08:26:21 | 000,001,320 | ---- | M] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/07 08:17:03 | 000,001,146 | ---- | M] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/06/02 08:23:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 19:24:53 | 001,008,041 | ---- | C] () -- C:\Users\Rob\Desktop\rkill.exe
[2011/06/30 18:24:10 | 000,001,134 | ---- | C] () -- C:\Users\Rob\Desktop\FixNCR.reg
[2011/06/26 23:00:12 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 12:32:42 | 000,002,997 | ---- | C] () -- C:\Users\Rob\Desktop\HiJackThis.lnk
[2011/06/25 11:04:13 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/25 09:32:50 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/25 09:32:07 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/25 09:32:05 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\XoftSpySE.job
[2011/06/25 08:02:12 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/25 04:27:08 | 000,010,240 | ---- | C] () -- C:\Windows\listcmd.bin
[2011/06/24 19:59:47 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/06/24 19:59:43 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/24 13:09:02 | 000,022,068 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110624_130858.reg
[2011/06/23 07:38:24 | 000,001,915 | ---- | C] () -- C:\Users\Rob\Desktop\Microsoft Security Essentials.lnk
[2011/06/23 07:29:08 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/23 06:33:55 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/23 06:24:58 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 05:28:50 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Google Mail.lnk
[2011/06/23 05:28:26 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/06/23 05:27:33 | 000,002,060 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 05:27:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/23 05:26:22 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/23 04:07:05 | 000,021,221 | ---- | C] () -- C:\Users\Rob\Desktop\bookmarks-2011-06-23.json
[2011/06/22 20:56:09 | 000,000,024 | ---- | C] () -- C:\ProgramData\3c5a746c
[2011/06/22 19:08:03 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\376726556
[2011/06/21 10:39:56 | 001,694,734 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/06/21 10:01:16 | 000,000,206 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_100114.reg
[2011/06/21 09:59:51 | 000,037,218 | ---- | C] () -- C:\Users\Rob\Documents\cc_20110621_095942.reg
[2011/06/21 07:50:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2011/06/19 09:38:08 | 000,002,395 | ---- | C] () -- C:\Users\Rob\Desktop\Google Chrome.lnk
[2011/06/19 09:37:30 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001UA.job
[2011/06/19 09:37:29 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3250728646-3849637711-2225151899-1001Core.job
[2011/06/18 08:26:21 | 000,001,320 | ---- | C] () -- C:\Users\Rob\Desktop\Audiobook Downloader Pro.lnk
[2011/06/07 08:17:03 | 000,001,146 | ---- | C] () -- C:\Users\Rob\Desktop\Smarty Uninstaller.lnk
[2011/05/26 11:18:06 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/02/17 19:35:13 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/01/06 09:17:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 09:34:08 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/11/14 22:51:29 | 000,855,641 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\PandaIDProtectHelp.chm
[2010/10/30 10:09:36 | 000,033,134 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\UserTile.png
[2010/10/12 10:33:14 | 000,000,546 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\wklnhst.dat
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/29 10:06:06 | 000,007,604 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/28 21:17:52 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/27 17:30:19 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/04/27 17:20:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/09/17 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo
[2010/12/25 09:19:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Burn4U
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Byngo
[2011/06/02 11:09:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/06/23 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Catalina Marketing Corp
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CodedColor
[2010/10/19 12:20:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1
[2011/04/23 11:33:33 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Digiarty
[2011/06/11 11:58:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Drivers For Free
[2011/06/24 10:09:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FixIt
[2011/06/21 07:50:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2011/02/17 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2011/07/01 11:29:53 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\mjusbsp
[2011/02/17 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Panda Security
[2010/08/15 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Viewer
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PictureMover
[2011/02/17 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Pixpedia Publisher
[2011/06/25 08:43:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\QuickScan
[2011/02/19 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SanDisk
[2011/07/01 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Smarty Uninstaller
[2011/02/17 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Software Informer
[2010/08/29 12:38:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Stardock
[2011/06/18 08:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SuperUtils.com
[2010/10/29 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SurfSecret Privacy Suite
[2011/03/21 11:15:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2011/04/07 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\thecleaner
[2011/04/13 08:34:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Trusteer
[2010/08/14 10:22:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinBatch
[2010/10/21 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2011/06/11 12:22:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinPatrol
[2011/04/27 14:13:38 | 000,000,004 | -HS- | M] () -- C:\Windows\Tasks\FOLDER.TSX
[2011/06/30 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/06/26 01:47:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/06/30 14:56:58 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/06/21 10:10:47 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:CB9FA647
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B1CD2545
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 1069 bytes -> C:\Users\Rob\Documents\Meathead Goldwyn_ No Marshmallows! Sweet & Savory Sweet Potato Steak Fries.eml:OECustomProperty

< End of report >
I believe that all of the problems are solved. I really appreciate all of the help. Now are you ready to try the same with my laptop?
prfek
Regular Member
 
Posts: 20
Joined: June 25th, 2011, 8:53 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 378 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware