ComboFix 11-05-27.02 - Moshe 05/29/2011 1:14.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2414 [GMT -7:00]
Running from: c:\users\Moshe\Desktop\cfsky.exe
Command switches used :: c:\users\Moshe\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"a:\blonder\Documents and Settings\Eynat\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache1326079376391305830.tmp"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache6940860146275876399.tmp"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\mia2907.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application"
"a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\OCSetupHlp.dll Win32/OpenCandy application"
"a:\blonder\Program Files\Windows Live\Messenger\msimg32.dll"
"a:\blonder\Program Files\Windows Live\Messenger\riched20.dll"
"c:\users\Moshe\Desktop\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest\DTPro4300305.exe"
"d:\downloads 4-14-10\videora-ipod-503-setup.exe"
"d:\installs\Driver_Genius_9_Professional_US_Full.EXE"
"D:\PowerISO 4.3.rar"
"q:\downloads backup\Miro_Installer.exe"
"q:\downloads backup\videora-ipod-503-setup.exe"
"t:\completed downloads\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
a:\blonder\Documents and Settings\Eynat\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar
a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache1326079376391305830.tmp
a:\blonder\Documents and Settings\Eynat\Local Settings\Temp\jar_cache6940860146275876399.tmp
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\CHROME.MANIFEST
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\chrome\v4ffxtbr.jar
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\INSTALL.RDF
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\LOGO.BMP
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4auxstb.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4barsvc.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4brmon.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4brstub.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4datact.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4dlghk.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4dyn.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4highin.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4html.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4htmlmu.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4httpct.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4idle.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4impipe.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4medint.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4msg.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4Plugin.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4regiet.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4skin.dll
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4skplay.exe
a:\blonder\Program Files\DictionaryBoss\bar\1.bin\v4SrcAs.dll
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C78B5D
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C78F55.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C79149.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C791B6.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C79214.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C79272.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C792C0.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C7932D.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\05C7939B.bmp
a:\blonder\Program Files\DictionaryBoss\bar\Cache\files.ini
a:\blonder\Program Files\DictionaryBoss\bar\History\search3
a:\blonder\Program Files\DictionaryBoss\bar\Message\COMMON.T8S
a:\blonder\Program Files\DictionaryBoss\bar\Settings\prevcfg2.htm
a:\blonder\Program Files\DictionaryBoss\bar\Settings\s_pid.dat
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016559.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016563.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016565.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016567.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016569.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016571.html
a:\blonder\Program Files\DictionaryBoss\Shared\Cache\PopupProperties100016752.html
a:\blonder\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
a:\blonder\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
a:\blonder\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
a:\blonder\Program Files\FunWebProducts\Installr\Cache\files.ini
a:\blonder\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
a:\blonder\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
a:\blonder\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
a:\blonder\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
a:\blonder\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
a:\blonder\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
a:\blonder\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
a:\blonder\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
a:\blonder\Program Files\MyWebSearch\bar\Cache\000210BF
a:\blonder\Program Files\MyWebSearch\bar\Cache\0007562C.bin
a:\blonder\Program Files\MyWebSearch\bar\Cache\00075755.bin
a:\blonder\Program Files\MyWebSearch\bar\Cache\000758AD.bin
a:\blonder\Program Files\MyWebSearch\bar\Cache\00075A04.bin
a:\blonder\Program Files\MyWebSearch\bar\Cache\00075A62.bin
a:\blonder\Program Files\MyWebSearch\bar\Cache\files.ini
a:\blonder\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
a:\blonder\Program Files\MyWebSearch\bar\Game\CHESS.F3S
a:\blonder\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
a:\blonder\Program Files\MyWebSearch\bar\History\search3
a:\blonder\Program Files\MyWebSearch\bar\icons\CM.ICO
a:\blonder\Program Files\MyWebSearch\bar\icons\MFC.ICO
a:\blonder\Program Files\MyWebSearch\bar\icons\PSS.ICO
a:\blonder\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
a:\blonder\Program Files\MyWebSearch\bar\icons\WB.ICO
a:\blonder\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON.F3S
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkez.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkgr.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkgs.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bklf.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkrg.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzc.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzl.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzn.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzq.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzr.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzu.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzv.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzw.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\rebut4.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\rebut4b.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\rebut4c.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\shield.png
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
a:\blonder\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
a:\blonder\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
a:\blonder\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
a:\blonder\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S
a:\blonder\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
a:\blonder\Program Files\MyWebSearch\bar\Settings\s_pid.dat
a:\blonder\Program Files\Uniblue\RegistryBooster\cache.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\cwebpage.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\intermediate_views.dat
a:\blonder\Program Files\Uniblue\RegistryBooster\Launcher.exe
a:\blonder\Program Files\Uniblue\RegistryBooster\library.dat
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\br\br.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\br\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\de\de.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\de\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\dk\dk.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\en\en.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\en\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\es\es.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\es\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\fi\fi.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\fi\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\fr\fr.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\gr\gr.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\it\it.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\it\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\jp\jp.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\nl\nl.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\no\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\no\no.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\pl\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\pl\pl.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\pt\pt.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\ru\ru.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\se\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\se\se.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\tr\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\tr\tr.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\xs\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\xs\xs.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\xt\LC_MESSAGES\messages.mo
a:\blonder\Program Files\Uniblue\RegistryBooster\locale\xt\xt.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\Microsoft.VC90.CRT.manifest
a:\blonder\Program Files\Uniblue\RegistryBooster\msvcp90.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\msvcr90.dll
a:\blonder\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe
a:\blonder\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
a:\blonder\Program Files\Uniblue\RegistryBooster\rbnotifier.exe
a:\blonder\Program Files\Uniblue\RegistryBooster\registrybooster.exe
a:\blonder\Program Files\Uniblue\RegistryBooster\repair_transform.xsl
a:\blonder\Program Files\Uniblue\RegistryBooster\settings.ini
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\comtypes.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\cwebpage.dll.html
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\decorator.py.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\ordereddict.py.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\py2exe.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\python-changes.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\python.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\simplejson.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\Third Party Terms\wmi.txt
a:\blonder\Program Files\Uniblue\RegistryBooster\views.dat
a:\blonder\Program Files\Windows Live\Messenger\msimg32.dll
a:\blonder\Program Files\Windows Live\Messenger\riched20.dll
a:\blonder\Program Files\Winferno\PC Confidential\DeleteIndex.exe
a:\blonder\Program Files\Winferno\PC Confidential\Graphics\HandPoint.ico
a:\blonder\Program Files\Winferno\PC Confidential\PCCL.DLL
a:\blonder\Program Files\Winferno\PC Confidential\PCConfidential.chm
a:\blonder\Program Files\Winferno\PC Confidential\PCConfidential.exe
a:\blonder\Program Files\Winferno\PC Confidential\unins000.dat
a:\blonder\Program Files\Winferno\PC Confidential\unins000.exe
a:\blonder\Program Files\Winferno\PC Confidential\WinCMR.dll
a:\blonder\Program Files\Winferno\PC Confidential\WinfernoSoftware.url
c:\users\Moshe\Desktop\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest\DTPro4300305.exe
d:\downloads 4-14-10\videora-ipod-503-setup.exe
d:\installs\Driver_Genius_9_Professional_US_Full.EXE
D:\PowerISO 4.3.rar
q:\downloads backup\Miro_Installer.exe
q:\downloads backup\videora-ipod-503-setup.exe
t:\completed downloads\Deamon (DAEMON) Tools Pro 4.30.305 32&64bit Latest.rar
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 08:21 . 2011-05-29 08:21 -------- d-----w- c:\users\GAmes\AppData\Local\temp
2011-05-29 08:21 . 2011-05-29 08:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 03:48 . 2011-05-29 04:16 -------- d-----w- C:\cfsky
2011-05-27 10:38 . 2011-05-27 10:38 -------- d-----w- c:\program files (x86)\ESET
2011-05-27 00:49 . 2011-05-27 00:49 -------- d-----w- c:\users\Moshe\AppData\Local\Apple
2011-05-24 05:29 . 2011-05-24 05:30 -------- d-----w- c:\users\Moshe\AppData\Local\Adobe
2011-05-24 04:04 . 2011-05-24 04:04 53248 ----a-r- c:\users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-24 04:04 . 2011-05-24 04:04 -------- d-----w- c:\users\Moshe\AppData\Local\Logishrd
2011-05-24 04:04 . 2011-05-24 04:04 -------- d-----w- c:\program files\Logitech
2011-05-24 04:02 . 2011-05-24 04:02 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-24 04:00 . 2011-05-24 04:00 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-05-24 04:00 . 2011-05-24 04:00 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-05-24 03:57 . 2011-05-24 03:57 -------- d-----w- c:\program files (x86)\Driver-Soft
2011-05-23 04:33 . 2011-05-23 04:33 -------- d-----w- c:\programdata\LightScribe
2011-05-22 06:54 . 2011-05-22 06:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\program files (x86)\Avira
2011-05-17 10:48 . 2011-04-02 00:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-17 10:48 . 2011-04-02 00:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-17 10:35 . 2011-05-17 10:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-05-16 00:24 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-05-16 00:24 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-16 00:24 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\programdata\QuestScan
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-15 09:55 . 2011-05-15 09:56 -------- d-----w- c:\users\Moshe\AppData\Local\Nero
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-05-13 11:31 . 2011-05-13 11:34 -------- d-----w- c:\users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31 . 2011-05-13 11:31 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-13 11:30 . 2011-05-13 11:31 -------- d-----w- c:\program files\TrueCrypt
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\Yzshadow
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\RocketDock
2011-05-12 22:33 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-05-12 22:33 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33 . 2006-12-04 00:15 111104 ----a-w- c:\windows\SysWow64\Uharc.exe
2011-05-12 22:33 . 2006-12-04 00:14 8636 ----a-w- c:\windows\SysWow64\modifype.exe
2011-05-06 00:44 . 2011-05-06 05:10 -------- dc----w- c:\users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54 . 2011-05-05 01:03 -------- d-----w- c:\users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48 . 2011-05-04 09:48 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46 . 2011-05-04 09:46 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-05-03 10:22 . 2011-05-03 10:22 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-05-03 10:22 . 2011-05-24 04:04 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-05-03 10:19 . 2009-11-11 22:17 729600 ----a-w- c:\windows\system32\cohelper.dll
2011-05-03 10:19 . 2009-11-11 16:22 9548 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 07:00 . 2010-09-14 07:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-12 22:33 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-05-12 22:33 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-12 22:33 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-04-11 09:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-11 09:58 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 09:19 . 2011-04-11 09:19 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-04-10 01:55 . 2011-04-10 01:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-10 01:55 . 2011-04-10 01:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-21 13:58 . 2011-01-26 08:14 152064 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-19 15:06 . 2011-01-26 08:14 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-19 15:04 . 2011-01-26 08:14 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-16 00:40 . 2011-03-16 00:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 13086208 ----a-w- c:\windows\system32\ieframe.dll.stp
2011-03-16 00:40 . 2011-03-16 00:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 00:39 . 2011-03-16 00:39 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 00:39 . 2011-03-16 00:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 00:39 . 2011-03-16 00:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 144384 ----a-w- c:\windows\system32\cdd.dll
2011-03-16 00:39 . 2011-03-16 00:39 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll.stp
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 206848 ----a-w- c:\windows\system32\mfps.dll
2011-03-16 00:39 . 2011-03-16 00:39 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-29_04.04.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-29 08:13 . 2011-05-29 08:13 9560 c:\windows\system32\NetworkList\Icons\{62C251C5-0528-4975-A6D7-B6E04E092F36}_48.bin
+ 2011-05-29 08:13 . 2011-05-29 08:13 4280 c:\windows\system32\NetworkList\Icons\{62C251C5-0528-4975-A6D7-B6E04E092F36}_32.bin
+ 2011-05-29 08:13 . 2011-05-29 08:13 2456 c:\windows\system32\NetworkList\Icons\{62C251C5-0528-4975-A6D7-B6E04E092F36}_24.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-05-27 400760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2011-01-27 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TaskTray"="" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2011-01-27 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-16 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001Core.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001UA.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-07-01 291872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-12 172032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 2306448]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - user.js: keyword.enabled - 1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3a,8d,38,65,cd,ba,ed,60,49,2a,2c,96,f3,f0,a1,c9,87,5f,a5,06,ac,68,2b,
d4,b5,9a,4c,2d,fc,61,b5,6c,51,6d,e6,fd,c2,51,24,4f,cc,49,1f,7b,68,8a,77,6b,\
"??"=hex:55,49,5f,38,8c,63,1b,2b,7c,7a,62,ef,a5,dd,dd,db
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\License information*]
"datasecu"=hex:02,e8,37,32,cb,ec,d6,d1,af,57,63,70,81,eb,49,17,f1,90,59,99,ab,
c0,42,fa,e4,66,7f,80,51,a7,46,17,35,a4,f0,a2,42,e4,f4,ac,a7,2e,6e,97,04,c3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-29 01:23:54
ComboFix-quarantined-files.txt 2011-05-29 08:23
ComboFix2.txt 2011-05-29 04:08
ComboFix3.txt 2011-05-20 01:57
ComboFix4.txt 2011-05-18 10:52
.
Pre-Run: 34,027,393,024 bytes free
Post-Run: 33,935,360,000 bytes free
.
- - End Of File - - 7FBDA94F6E0DF9C130FB5671B6D61843