how-to block ads
|
|
Uniqs:
2946 |
Share Topic
 |
 |
|
|
|
lbcamera
join:2011-12-20
Staten Island, NY | I have been Hijacked! Please Help Gulp.... I believe my computer has been Hijacked. I was sent a notification from facebook last night that an unknown device logged into my facebook account. No one has my password or access to my computer. Then I went to my facebook account all my info was gone. At any rate I am uploading all the scans as per the guidlines here so someone can view them and we can go from here. At this point I don't know how much of my personal data has been compromised. Thank you I await your recommendations. | |
lbcamera
join:2011-12-20
Staten Island, NY | Opps just read you can't use attachments. I will post the results in multiple post so I don't exceed the limit.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8399
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/20/2011 3:20:24 PM
mbam-log-2011-12-20 (15-20-24).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 368313
Time elapsed: 1 hour(s), 5 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected) | |
lbcamera
join:2011-12-20
Staten Island, NY | reply to lbcamera
OTL Extras logfile created on: 12/20/2011 12:16:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\LAURI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.80% Memory free
7.71 Gb Paging File | 5.90 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 193.31 Gb Free Space | 42.90% Space Free | Partition Type: NTFS
Computer Name: LAURI-PC | User Name: LAURI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CAAPH2" = APH placeholder
"eTrust Suite Personal" = CA Internet Security Suite
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5796F3D8-2679-4C14-94D4-5FA852D553E1}" = AVCHD converter
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9869D4DD-D553-40D3-8859-F8911D406C69}" = Ulead DVD Workshop 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF397F20-24BB-11D7-AC6F-0050DA09345C}" = Advanced Analyzer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BF1B93F7-2908-4F41-A48A-EF1F6F745982}" = Imaginate
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D26F7C78-E2D7-49AB-8E64-53CB8AE99074}" = XDCAM EX Clip Browser
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1C0755D-F9E0-4D67-8A92-F88F5AA4F264}" = EDIUS4(XplodePro)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Toolbar" = AOL Toolbar
"BN_DesktopReader" = NOOK for PC
"BroadCam" = BroadCam Video Streaming Server
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"conduitEngine" = Conduit Engine
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"HandBrake" = HandBrake 0.9.5
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7 TBYB
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"iZotope VST Plug-ins_is1" = iZotope VST Plug-ins
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NewBlue Effects for EDIUS 5" = NewBlue Effects for EDIUS 5
"NirSoft IPNetInfo" = NirSoft IPNetInfo
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"proDAD-Mercalli-1.0" = proDAD Mercalli 1.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Switch" = Switch Sound File Converter
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"WildTangent acer Master Uninstall" = Acer Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT088295" = Agatha Christie - Death on the Nile
"WT088300" = Bejeweled 2 Deluxe
"WT088310" = Build-a-lot 2
"WT088312" = Chuzzle Deluxe
"WT088318" = Diner Dash 2 Restaurant Rescue
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088373" = Blackhawk Striker 2
"WT088393" = Dora's Carnival Adventure
"WT088413" = FATE
"WT088445" = John Deere Drive Green
"WT088449" = Penguins!
"WT088453" = Polar Bowler
"WT088457" = Polar Golfer
"WT088517" = Zuma's Revenge
"WT088553" = Virtual Villagers 4 - The Tree of Life
"WT088649" = 18 Wheels of Steel - American Long Haul
"WT088653" = Jewel Quest - Heritage
"YTdetect" = Yahoo! Detect
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
"Dropbox" = Dropbox
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 10/24/2011 11:45:00 AM | Computer Name = LAURI-PC | Source = Software Protection Platform Service | ID = 1001
Description = The Software Protection service failed to start. 0xD0000043 6.1.7601.17514
Error - 10/26/2011 4:13:56 PM | Computer Name = LAURI-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\realconverter.exe".
Dependent
Assembly CinemasterAudio.4.3,language="*",type="win32",version="4.3.0.0" could
not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 10/26/2011 4:13:56 PM | Computer Name = LAURI-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Real\RealPlayer\realconverter.exe".
Dependent
Assembly CinemasterAudio.4.3,language="*",type="win32",version="4.3.0.0" could
not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 11/5/2011 6:05:06 AM | Computer Name = LAURI-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.0.4240 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f54 Start
Time: 01cc9b0c930be7d3 Termination Time: 468 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 9b58edd2-0795-11e1-af9b-1c7508e8ec4d
Error - 11/9/2011 6:01:07 PM | Computer Name = LAURI-PC | Source = Google Update | ID = 20
Description =
Error - 11/12/2011 6:21:04 PM | Computer Name = LAURI-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 1.51.1.0, time
stamp: 0x4e530b86 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x4c4b4a49 Faulting process id: 0xad4 Faulting application
start time: 0x01cca1518e077448 Faulting application path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbamservice.exe Faulting module path: unknown Report Id: 9b92f231-0d7c-11e1-aa56-1c7508e8ec4d
Error - 11/12/2011 9:51:19 PM | Computer Name = LAURI-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.0.4240 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1244 Start
Time: 01cca1a66551b32a Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: f48cba2d-0d99-11e1-9a1a-1c7508e8ec4d
Error - 11/22/2011 8:03:46 PM | Computer Name = LAURI-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.4518.1014 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1820 Start
Time: 01cca9733dc337b0 Termination Time: 18 Application Path: C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE
Report
Id: 9243a94b-1566-11e1-a43f-1c7508e8ec4d
Error - 11/28/2011 3:51:13 PM | Computer Name = LAURI-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 11/28/2011 4:16:43 PM | Computer Name = LAURI-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DVDMF.dat, version: 7.0.0.0, time stamp:
0x484e69f5 Faulting module name: CoreAudioToolbox.dll, version: 7.9.7.3, time stamp:
0x4e037725 Exception code: 0xc0000005 Fault offset: 0x00332ff9 Faulting process id:
0x1240 Faulting application start time: 0x01ccae08e805babb Faulting application path:
C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\DVDMF.dat
Faulting
module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll
Report
Id: e2eda171-19fd-11e1-84d1-1c7508e8ec4d
[ Media Center Events ]
Error - 9/9/2011 11:59:58 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 11:59:58 AM - Error connecting to the internet. 11:59:58 AM - Unable
to contact server..
Error - 9/10/2011 10:12:19 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 10:12:18 AM - Error connecting to the internet. 10:12:19 AM - Unable
to contact server..
Error - 9/11/2011 11:59:16 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 11:59:16 AM - Error connecting to the internet. 11:59:16 AM - Unable
to contact server..
Error - 9/12/2011 11:54:07 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 11:54:07 AM - Error connecting to the internet. 11:54:07 AM - Unable
to contact server..
Error - 9/13/2011 9:54:07 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 9:54:07 AM - Error connecting to the internet. 9:54:07 AM - Unable
to contact server..
Error - 9/14/2011 9:21:57 PM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 9:21:57 PM - Error connecting to the internet. 9:21:57 PM - Unable
to contact server..
Error - 11/2/2011 9:25:44 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 9:16:38 AM - Failed to retrieve Directory (Error: The request was
aborted: The request was canceled.)
Error - 11/9/2011 7:44:32 PM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 6:43:54 PM - Error connecting to the internet. 6:43:54 PM - Unable
to contact server..
Error - 11/16/2011 7:39:55 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 6:39:55 AM - Error connecting to the internet. 6:39:55 AM - Unable
to contact server..
Error - 11/16/2011 7:40:04 AM | Computer Name = LAURI-PC | Source = MCUpdate | ID = 0
Description = 6:40:00 AM - Error connecting to the internet. 6:40:00 AM - Unable
to contact server..
[ OSession Events ]
Error - 7/19/2011 12:59:55 AM | Computer Name = LAURI-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 385
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/19/2011 3:27:42 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:27:42 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:27:45 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:47:41 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:47:41 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:47:45 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:47:45 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 3:47:48 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 4:07:44 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
Error - 8/19/2011 4:07:44 AM | Computer Name = LAURI-PC | Source = DCOM | ID = 10016
Description =
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=716e03c224d2c44f820a7514d812085f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 07:07:58
# local_time=2011-12-20 02:07:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 6760791 6760791 0 0
# compatibility_mode=5893 16776574 100 94 0 75946501 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211084
# found=0
# cleaned=0
# scan_time=5027 | |
lbcamera
join:2011-12-20
Staten Island, NY | Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 24
[color=red]Out of date Java installed![/color]
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
CA CA Internet Security Suite CA Anti-Virus Plus isafe.exe
``````````End of Log```````````` | | |
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
 ·Comcast
| reply to lbcamera
OTL logfile created on: 12/20/2011 12:16:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\LAURI\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 49.80% Memory free
7.71 Gb Paging File | 5.90 Gb Available in Paging File | 76.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 193.31 Gb Free Space | 42.90% Space Free | Partition Type: NTFS
Computer Name: LAURI-PC | User Name: LAURI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found --
PRC - [2011/12/20 12:12:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\LAURI\Desktop\OTL.exe
PRC - [2011/09/22 14:42:54 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 13:20:02 | 003,207,184 | ---- | M] () -- C:\Windows\SysWOW64\mdmcls32.exe
PRC - [2011/02/23 23:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/11 20:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2011/10/18 10:12:43 | 000,291,656 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/22 14:42:46 | 000,359,248 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/22 14:42:46 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/09/22 14:42:45 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/01/06 17:32:14 | 000,868,224 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/27 15:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/22 14:42:54 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 13:20:02 | 003,207,184 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mdmcls32.exe -- (WinExtManager)
SRV - [2011/06/28 03:44:42 | 001,354,244 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/03/19 07:03:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/23 23:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/11 20:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/01/31 08:45:20 | 000,049,152 | R--- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/29 09:40:10 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/07/29 09:40:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/07/29 09:40:08 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2011/07/28 10:17:32 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
DRV:64bit: - [2011/07/28 10:17:32 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/04/21 04:08:08 | 000,036,696 | ---- | M] (Grass Valley K.K.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrblock.sys -- (cdrblock)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/25 05:20:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/02/25 05:20:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/02/25 05:20:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 11:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 22:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 17:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011/01/13 20:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 05:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/30 00:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 00:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/27 15:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/09/27 15:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010/09/27 15:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/09/27 15:42:02 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2010/09/27 15:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2010/09/27 15:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2010/09/13 21:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/08 22:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/19 21:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/06/14 17:34:12 | 000,010,368 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\cdrblock.sys -- (cdrblock)
DRV - [2005/03/11 15:28:30 | 000,004,608 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\cdrport.sys -- (cdrport)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »acer.msn.com
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.aol.com
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\LAURI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/09/08 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/08 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/08 17:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2011/09/22 20:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/26 15:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/20 22:47:49 | 000,000,000 | ---D | M]
[2011/05/16 08:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Extensions
[2011/12/20 04:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions
[2011/11/10 21:36:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 02:45:22 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/05 22:11:40 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\smartlinks@getsmartlinks.com
[2011/08/18 00:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/16 22:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/21 15:10:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\{F199DA35-0A9A-4CE9-8F59-C68524DEBA93}.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\PRINTIT@GMPOWER.COM.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\USS-BUTTON@UPLOADSCREENSHOT.COM.XPI
[2011/08/18 00:51:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/21 11:25:51 | 000,001,304 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6AABAA3-1F9E-4E10-9BC6-34C505C4BF10}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9DDBC9-5774-402E-9589-C9433F3F1437}: NameServer = 167.206.112.138,167.206.7.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0874891f-92ac-11e0-93b3-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{0874891f-92ac-11e0-93b3-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b3a73eeb-c817-11e0-9b3e-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a73eeb-c817-11e0-9b3e-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{b3a73eff-c817-11e0-9b3e-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a73eff-c817-11e0-9b3e-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/20 12:12:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\LAURI\Desktop\OTL.exe
[2011/12/20 04:50:54 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\facebook-1421293854
[2011/12/20 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft IPNetInfo
[2011/12/20 03:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/12/20 01:33:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\LAURI\Desktop\TFC.exe
[2011/12/20 01:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/20 01:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/20 01:11:55 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\LAURI\Desktop\HJTInstall.exe
[2011/12/16 03:01:30 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 03:01:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 03:01:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 03:01:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 03:01:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 03:01:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 03:01:27 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/16 03:01:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/16 03:01:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/16 03:01:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/16 03:01:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 14:33:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 14:33:21 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 14:33:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 02:12:26 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Adobe Encore CS5
[2011/12/07 13:14:01 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\NYPV
[2011/12/02 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Sennheiser tutorial on wireless system_files
[2011/11/30 16:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/30 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Land's End
[2011/11/29 02:34:56 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Sony Z5U
[2011/11/28 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Strasberg VIDEO_TS Files
[2011/11/28 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Corel DVD MovieFactory
[2011/11/28 14:51:27 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2011/11/28 14:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/11/28 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2011/11/28 14:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/11/28 14:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory 7
[2011/11/28 14:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011/11/28 14:44:11 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Corel Movie Factory
[2011/11/27 21:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/11/27 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\ConvertXToDVD
[2011/11/20 22:49:01 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Roaming\AOL
[2011/11/20 22:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011/11/20 22:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2011/11/20 22:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/11/20 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2011/11/20 22:48:03 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2011/11/20 22:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2011/11/20 22:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2011/11/20 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/11/20 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2011/11/20 22:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2011/11/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Local\AOL
[2011/11/20 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/11/20 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2011/11/20 22:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2011/11/20 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Lauri's Songs & Poems
[2011/11/20 14:37:50 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Lyrics to new songs
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/20 12:12:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\LAURI\Desktop\OTL.exe
[2011/12/20 11:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001UA.job
[2011/12/20 01:33:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\LAURI\Desktop\TFC.exe
[2011/12/20 01:12:29 | 000,002,097 | ---- | M] () -- C:\Users\LAURI\Desktop\HijackThis.lnk
[2011/12/20 01:11:58 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\LAURI\Desktop\HJTInstall.exe
[2011/12/19 14:01:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001Core.job
[2011/12/19 02:28:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/17 18:20:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 18:20:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/16 03:22:51 | 005,015,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/16 03:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/16 03:21:19 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 03:20:25 | 002,932,265 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/16 03:20:25 | 000,570,260 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2011/12/16 03:20:25 | 000,000,607 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/16 03:20:25 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
[2011/12/16 03:20:25 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
[2011/12/13 20:41:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/13 20:41:15 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/13 20:41:15 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/10 21:37:11 | 000,001,057 | ---- | M] () -- C:\Users\LAURI\AppData\Roaming\vso_ts_preview.xml
[2011/12/06 02:23:53 | 013,167,962 | ---- | M] () -- C:\Users\LAURI\Desktop\Viewsonic N2750w manual.pdf
[2011/12/01 10:54:25 | 000,000,152 | ---- | M] () -- C:\Users\LAURI\Desktop\Nonprofit Conference.URL
[2011/11/30 16:36:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/24 10:48:01 | 000,001,336 | ---- | M] () -- C:\Windows\stock.INI
[2011/11/21 00:07:16 | 000,001,362 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/21 00:03:42 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/11/20 22:44:32 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2011/11/20 22:44:30 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/20 01:12:29 | 000,002,097 | ---- | C] () -- C:\Users\LAURI\Desktop\HijackThis.lnk
[2011/12/19 00:55:29 | 006,927,508 | ---- | C] () -- C:\Users\LAURI\Desktop\Moulin Rouge - Come What May.mp3
[2011/12/06 02:21:53 | 013,167,962 | ---- | C] () -- C:\Users\LAURI\Desktop\Viewsonic N2750w manual.pdf
[2011/12/06 02:16:00 | 000,376,471 | ---- | C] () -- C:\Users\LAURI\Desktop\N2750W Manual Rose.pdf
[2011/12/01 10:54:25 | 000,000,152 | ---- | C] () -- C:\Users\LAURI\Desktop\Nonprofit Conference.URL
[2011/11/28 14:50:59 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/11/28 14:50:59 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/11/28 14:50:59 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/11/28 14:50:59 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/11/28 14:50:59 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/11/28 14:50:59 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/11/21 00:07:14 | 000,001,362 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 00:03:42 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/11/20 22:13:42 | 000,049,135 | ---- | C] () -- C:\Users\LAURI\Desktop\lovespells.pdf
[2011/11/05 05:52:56 | 000,001,057 | ---- | C] () -- C:\Users\LAURI\AppData\Roaming\vso_ts_preview.xml
[2011/09/22 14:46:21 | 001,422,672 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2011/09/22 14:46:21 | 000,263,504 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2011/09/22 14:46:13 | 003,207,184 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2011/09/22 14:46:13 | 001,744,912 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2011/08/27 23:03:32 | 000,018,432 | ---- | C] () -- C:\Users\LAURI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 14:42:49 | 000,000,132 | ---- | C] () -- C:\Users\LAURI\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/21 23:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/02 11:06:04 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\pavedius6db.dat
[2011/05/31 15:04:37 | 000,001,336 | ---- | C] () -- C:\Windows\stock.INI
[2011/05/29 00:49:32 | 000,007,626 | ---- | C] () -- C:\Users\LAURI\AppData\Local\resmon.resmoncfg
[2011/05/21 15:02:00 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/05/21 14:50:29 | 004,108,304 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2011/05/21 14:50:29 | 002,760,720 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2011/05/21 14:50:29 | 000,098,320 | ---- | C] () -- C:\Windows\SysWow64\winsfinst.exe
[2011/05/16 09:28:26 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/16 09:28:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/16 09:27:47 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/16 09:26:47 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/05/16 09:26:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/16 09:22:47 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/05/16 08:38:00 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/16 08:29:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/16 06:28:21 | 000,000,000 | ---- | C] () -- C:\Windows\canopus.ini
[2011/05/16 06:09:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\pavedius4db.dll
[2011/05/16 05:30:02 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\pavedius5db.dll
[2011/05/16 05:23:21 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\pavedius.dll
[2011/05/16 05:23:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\pavplal.dll
[2011/03/03 06:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/03 06:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/03 06:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
[color=#E56717]========== LOP Check ==========[/color]
[2011/08/27 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Barnes & Noble
[2011/05/16 06:22:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Canopus
[2011/08/18 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/01 23:13:19 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 02:23:31 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Driver Smith
[2011/10/17 01:41:35 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Dropbox
[2011/08/27 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Flip Video
[2011/08/21 13:25:25 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\HandBrake
[2011/11/01 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ImgBurn
[2011/10/09 01:27:14 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\NCH Swift Sound
[2011/06/12 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Netscape
[2011/11/01 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\OpenCandy
[2011/06/28 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PACE Anti-Piracy
[2011/11/01 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PgcEdit
[2011/06/12 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Photodex
[2011/09/08 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PowerCinema
[2011/05/16 09:34:57 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\proDAD
[2011/06/21 11:10:10 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/08/16 10:54:12 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\RTTNews
[2011/08/25 23:57:43 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ScanSoft
[2011/06/28 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/18 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\TeamViewer
[2011/07/31 12:54:12 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Thinstall
[2011/11/28 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Ulead Systems
[2011/12/10 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Vso
[2011/08/27 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\WildTangent
[2011/12/19 02:28:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/19 14:01:03 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001Core.job
[2011/12/20 11:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001UA.job
[2011/12/10 22:39:18 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1191 bytes -> C:\Users\LAURI\AppData\Local\Temp:pDN2ZqzEOmJvf7dWFPtfWRjfDOV
@Alternate Data Stream - 1019 bytes -> C:\Users\LAURI\AppData\Local\Temp:yUThYvq67EwQRgPPbzQJ
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to lbcamera
Please explain why you have all the entries for Adobe in your Hosts file. | |
lbcamera
join:2011-12-20
Staten Island, NY | I'm not sure what you mean? | |
lbcamera
join:2011-12-20
Staten Island, NY | reply to LoPhatPhuud
The only thing I can think of is that I use Adobe products often and I have Adobe Cs5 on my computer used primarily for editing | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to lbcamera
Those entries are normally associated with copies of Adobe products trying to avoid the activation and licensing checks. If you have a licensed copy of CS5, there is no need for them. | |
lbcamera
join:2011-12-20
Staten Island, NY | A friend gave it to me to try. | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to lbcamera
Sorry, if you want me to work on your computer, remove CS5 via Add/Remove Programs. Run OTL again and post the new log in this thread.
If you want to try out Adobe software, download the official trial direct from the Adobe site. If you like it, then you car purchase it. | |
lbcamera
join:2011-12-20
Staten Island, NY | reply to lbcamera
No problem I thought that was a trial version of Cs5.
At any rate I will remove the program I already own Cs4 so no big deal. Thanks | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 | reply to lbcamera
When you have it removed, run OTL again and post the new log in this thread. Note that there will not be a new Extra's log. | |
lbcamera
join:2011-12-20
Staten Island, NY | Ok here is the new log.
OTL logfile created on: 12/20/2011 9:21:04 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\LAURI\Desktop\Computer Tools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 68.49% Memory free
7.71 Gb Paging File | 6.42 Gb Available in Paging File | 83.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 202.01 Gb Free Space | 44.83% Space Free | Partition Type: NTFS
Computer Name: LAURI-PC | User Name: LAURI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found --
PRC - [2011/12/20 12:12:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\LAURI\Desktop\Computer Tools\OTL.exe
PRC - [2011/09/22 14:42:54 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/29 13:20:02 | 003,207,184 | ---- | M] () -- C:\Windows\SysWOW64\mdmcls32.exe
PRC - [2011/02/23 23:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/12/29 16:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/29 16:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/11/11 20:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/09/13 21:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/10/13 03:44:34 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/10/13 02:36:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 02:35:38 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:35:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 02:35:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 02:35:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 02:35:01 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 02:34:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/12/29 16:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/29 16:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:64bit: - [2011/10/18 10:12:43 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/22 14:42:46 | 000,359,248 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/22 14:42:46 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/09/22 14:42:45 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2011/01/06 17:32:14 | 000,868,224 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/27 15:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/22 14:42:54 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 13:20:02 | 003,207,184 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mdmcls32.exe -- (WinExtManager)
SRV - [2011/06/28 03:44:42 | 001,354,244 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/06 12:07:18 | 000,460,144 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 11:58:52 | 001,085,440 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/03/19 07:03:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/23 23:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/11 20:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/01/31 08:45:20 | 000,049,152 | R--- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/29 09:40:10 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/07/29 09:40:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/07/29 09:40:08 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2011/07/28 10:17:32 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
DRV:64bit: - [2011/07/28 10:17:32 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/04/21 04:08:08 | 000,036,696 | ---- | M] (Grass Valley K.K.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrblock.sys -- (cdrblock)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/25 05:20:58 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/02/25 05:20:58 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/02/25 05:20:58 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/27 11:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 22:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 17:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011/01/13 20:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 05:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/30 00:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 00:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/27 15:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/09/27 15:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010/09/27 15:42:04 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2010/09/27 15:42:02 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2010/09/27 15:42:00 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2010/09/27 15:41:58 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2010/09/13 21:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/08 22:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/19 21:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/06/14 17:34:12 | 000,010,368 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\cdrblock.sys -- (cdrblock)
DRV - [2005/03/11 15:28:30 | 000,004,608 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\cdrport.sys -- (cdrport)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »acer.msn.com
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.aol.com
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\LAURI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/09/08 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/08 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/08 17:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2011/09/22 20:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/26 15:21:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/20 22:47:49 | 000,000,000 | ---D | M]
[2011/05/16 08:38:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Extensions
[2011/12/20 04:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions
[2011/11/10 21:36:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/07 02:45:22 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/05 22:11:40 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\LAURI\AppData\Roaming\Mozilla\Firefox\Profiles\9psgeo9l.default\extensions\smartlinks@getsmartlinks.com
[2011/08/18 00:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/16 22:41:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/21 15:10:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\{F199DA35-0A9A-4CE9-8F59-C68524DEBA93}.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\PRINTIT@GMPOWER.COM.XPI
() (No name found) -- C:\USERS\LAURI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9PSGEO9L.DEFAULT\EXTENSIONS\USS-BUTTON@UPLOADSCREENSHOT.COM.XPI
[2011/08/18 00:51:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/06/21 11:25:51 | 000,001,304 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6AABAA3-1F9E-4E10-9BC6-34C505C4BF10}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD9DDBC9-5774-402E-9589-C9433F3F1437}: NameServer = 167.206.112.138,167.206.7.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0874891f-92ac-11e0-93b3-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{0874891f-92ac-11e0-93b3-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b3a73eeb-c817-11e0-9b3e-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a73eeb-c817-11e0-9b3e-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{b3a73eff-c817-11e0-9b3e-1c7508e8ec4d}\Shell - "" = AutoRun
O33 - MountPoints2\{b3a73eff-c817-11e0-9b3e-1c7508e8ec4d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/20 14:17:17 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\send to hijack
[2011/12/20 12:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/20 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Computer Tools
[2011/12/20 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\hijack results
[2011/12/20 04:50:54 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\facebook-1421293854
[2011/12/20 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft IPNetInfo
[2011/12/20 03:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2011/12/20 01:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/20 01:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/12/20 01:11:55 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\LAURI\Desktop\HJTInstall.exe
[2011/12/16 03:01:30 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/16 03:01:30 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/16 03:01:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/16 03:01:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/16 03:01:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/16 03:01:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/16 03:01:27 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/16 03:01:27 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/16 03:01:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/16 03:01:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/16 03:01:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 14:33:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 14:33:21 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 14:33:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 02:12:26 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Adobe Encore CS5
[2011/12/07 13:14:01 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\NYPV
[2011/12/02 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Sennheiser tutorial on wireless system_files
[2011/11/30 16:36:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/30 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Land's End
[2011/11/29 02:34:56 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Sony Z5U
[2011/11/28 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Strasberg VIDEO_TS Files
[2011/11/28 14:59:08 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Corel DVD MovieFactory
[2011/11/28 14:51:27 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2011/11/28 14:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/11/28 14:51:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2011/11/28 14:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/11/28 14:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory 7
[2011/11/28 14:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011/11/28 14:44:11 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Desktop\Corel Movie Factory
[2011/11/27 21:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2011/11/27 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\ConvertXToDVD
[2011/11/20 22:49:01 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Roaming\AOL
[2011/11/20 22:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2011/11/20 22:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2011/11/20 22:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/11/20 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viewpoint
[2011/11/20 22:48:03 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2011/11/20 22:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2011/11/20 22:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2011/11/20 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/11/20 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2011/11/20 22:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2011/11/20 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\LAURI\AppData\Local\AOL
[2011/11/20 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2011/11/20 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2011/11/20 22:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2011/11/20 22:04:09 | 000,000,000 | ---D | C] -- C:\Users\LAURI\Documents\Lauri's Songs & Poems
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/20 21:26:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 21:26:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 21:25:21 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/20 21:25:21 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/20 21:25:21 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/20 21:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 21:18:39 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
[2011/12/20 21:17:37 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
[2011/12/20 21:17:36 | 002,940,829 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/20 21:17:36 | 000,578,156 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2011/12/20 21:17:36 | 000,000,607 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/20 21:17:36 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/20 21:17:36 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
[2011/12/20 20:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001UA.job
[2011/12/20 14:01:21 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001Core.job
[2011/12/20 01:12:29 | 000,002,097 | ---- | M] () -- C:\Users\LAURI\Desktop\HijackThis.lnk
[2011/12/20 01:11:58 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\LAURI\Desktop\HJTInstall.exe
[2011/12/19 02:28:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/16 03:22:51 | 005,015,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 21:37:11 | 000,001,057 | ---- | M] () -- C:\Users\LAURI\AppData\Roaming\vso_ts_preview.xml
[2011/12/06 02:23:53 | 013,167,962 | ---- | M] () -- C:\Users\LAURI\Desktop\Viewsonic N2750w manual.pdf
[2011/12/01 10:54:25 | 000,000,152 | ---- | M] () -- C:\Users\LAURI\Desktop\Nonprofit Conference.URL
[2011/11/30 16:36:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/24 10:48:01 | 000,001,336 | ---- | M] () -- C:\Windows\stock.INI
[2011/11/21 00:07:16 | 000,001,362 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/21 00:03:42 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini
[2011/11/20 22:44:32 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2011/11/20 22:44:30 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/20 01:12:29 | 000,002,097 | ---- | C] () -- C:\Users\LAURI\Desktop\HijackThis.lnk
[2011/12/19 00:55:29 | 006,927,508 | ---- | C] () -- C:\Users\LAURI\Desktop\Moulin Rouge - Come What May.mp3
[2011/12/06 02:21:53 | 013,167,962 | ---- | C] () -- C:\Users\LAURI\Desktop\Viewsonic N2750w manual.pdf
[2011/12/06 02:16:00 | 000,376,471 | ---- | C] () -- C:\Users\LAURI\Desktop\N2750W Manual Rose.pdf
[2011/12/01 10:54:25 | 000,000,152 | ---- | C] () -- C:\Users\LAURI\Desktop\Nonprofit Conference.URL
[2011/11/28 14:50:59 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/11/28 14:50:59 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/11/28 14:50:59 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/11/28 14:50:59 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/11/28 14:50:59 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/11/28 14:50:59 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/11/21 00:07:14 | 000,001,362 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 00:03:42 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011/11/20 22:13:42 | 000,049,135 | ---- | C] () -- C:\Users\LAURI\Desktop\lovespells.pdf
[2011/11/05 05:52:56 | 000,001,057 | ---- | C] () -- C:\Users\LAURI\AppData\Roaming\vso_ts_preview.xml
[2011/09/22 14:46:21 | 001,422,672 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2011/09/22 14:46:21 | 000,263,504 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2011/09/22 14:46:13 | 003,207,184 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2011/09/22 14:46:13 | 001,744,912 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2011/08/27 23:03:32 | 000,018,432 | ---- | C] () -- C:\Users\LAURI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 14:42:49 | 000,000,132 | ---- | C] () -- C:\Users\LAURI\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/06/21 23:36:27 | 000,000,000 | ---- | C] () -- C:\Windows\ulead32.ini
[2011/06/02 11:06:04 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\pavedius6db.dat
[2011/05/31 15:04:37 | 000,001,336 | ---- | C] () -- C:\Windows\stock.INI
[2011/05/29 00:49:32 | 000,007,626 | ---- | C] () -- C:\Users\LAURI\AppData\Local\resmon.resmoncfg
[2011/05/21 15:02:00 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/05/21 14:50:29 | 004,108,304 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2011/05/21 14:50:29 | 002,760,720 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2011/05/21 14:50:29 | 000,098,320 | ---- | C] () -- C:\Windows\SysWow64\winsfinst.exe
[2011/05/16 09:28:26 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/16 09:28:26 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/16 09:27:47 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/16 09:26:47 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/05/16 09:26:47 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/16 09:26:47 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/16 09:22:47 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/05/16 08:38:00 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/16 08:29:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/16 06:28:21 | 000,000,000 | ---- | C] () -- C:\Windows\canopus.ini
[2011/05/16 06:09:05 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\pavedius4db.dll
[2011/05/16 05:30:02 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\pavedius5db.dll
[2011/05/16 05:23:21 | 000,030,720 | ---- | C] () -- C:\Windows\SysWow64\pavedius.dll
[2011/05/16 05:23:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\pavplal.dll
[2011/03/03 06:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/03 06:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/03 06:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
[color=#E56717]========== LOP Check ==========[/color]
[2011/08/27 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Barnes & Noble
[2011/05/16 06:22:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Canopus
[2011/08/18 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/01 23:13:19 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 02:23:31 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Driver Smith
[2011/10/17 01:41:35 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Dropbox
[2011/08/27 23:18:50 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Flip Video
[2011/08/21 13:25:25 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\HandBrake
[2011/11/01 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ImgBurn
[2011/10/09 01:27:14 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\NCH Swift Sound
[2011/06/12 12:03:20 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Netscape
[2011/11/01 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\OpenCandy
[2011/06/28 15:43:46 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PACE Anti-Piracy
[2011/11/01 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PgcEdit
[2011/06/12 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Photodex
[2011/09/08 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\PowerCinema
[2011/05/16 09:34:57 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\proDAD
[2011/06/21 11:10:10 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/08/16 10:54:12 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\RTTNews
[2011/08/25 23:57:43 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\ScanSoft
[2011/06/28 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/18 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\TeamViewer
[2011/07/31 12:54:12 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Thinstall
[2011/11/28 15:06:06 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Ulead Systems
[2011/12/10 21:37:11 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\Vso
[2011/08/27 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\LAURI\AppData\Roaming\WildTangent
[2011/12/19 02:28:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/20 14:01:21 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001Core.job
[2011/12/20 20:01:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3157782922-2322116575-312308385-1001UA.job
[2011/12/10 22:39:18 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 1191 bytes -> C:\Users\LAURI\AppData\Local\Temp:pDN2ZqzEOmJvf7dWFPtfWRjfDOV
@Alternate Data Stream - 1019 bytes -> C:\Users\LAURI\AppData\Local\Temp:yUThYvq67EwQRgPPbzQJ | |
lbcamera
join:2011-12-20
Staten Island, NY | reply to LoPhatPhuud
I have posted the new log for you to look at. Please advise me on what I need to do next and thank you for your help. | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to lbcamera
A little cleanup and a rootkit check next...
First:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.
You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
Second:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:
:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
[2011/12/19 02:28:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\At1.job
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[ResetHosts]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
lbcamera
join:2011-12-20
Staten Island, NY | Results of the Sophos there were no files to clean that were reccomended.
Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/21/2011 at 13:11:20 PM
User "LAURI" on computer "LAURI-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\LAURI\Desktop\EDIUS_TUTORIAL\videos\116.swf
Hidden: file C:\Users\LAURI\Desktop\EDIUS_TUTORIAL\videos\90.swf
Hidden: file C:\Windows\winsxs\amd64_microsoft-windows-windowscolorsystem-adm_31bf3856ad364e35_6.1.7600.16385_none_f0556db6185e1bb7\WindowsColorSystem.admx
Hidden: file C:\Windows\winsxs\Manifests\amd64_microsoft-windows-identitycrl_31bf3856ad364e35_6.1.7600.16385_none_ad82c592580f75ca.manifest
Hidden: file C:\Windows\winsxs\msil_system_b77a5c561934e089_6.1.7601.21721_none_981fc5b83241b200\System.dll
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.1.7601.17514_none_4b7e650b1c8d319e.manifest
Stopped logging on 12/21/2011 at 14:03:46 PM
Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 12/21/2011 at 14:07:15 PM
User "LAURI" on computer "LAURI-PC"
Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\LAURI\Desktop\EDIUS_TUTORIAL\videos\56.swf
Hidden: file C:\Users\LAURI\Desktop\ProShow Producer\ProShow Producer\%ProgramFilesDir%\Photodex\ProShowProducer\menus\TP0308_Spring06z.thm
Hidden: file C:\Users\LAURI\Desktop\EDIUS_TUTORIAL\videos\90.swf
Hidden: file C:\Users\LAURI\AppData\Local\Mozilla\Firefox\Profiles\9psgeo9l.default\Cache.Trash\Trash\Cache\1\D6\9FD92d01
Hidden: file C:\Users\LAURI\AppData\Local\Mozilla\Firefox\Profiles\9psgeo9l.default\Cache.Trash\Trash\Cache\B\0A\CFC68d01
Hidden: file C:\Users\LAURI\AppData\Local\Mozilla\Firefox\Profiles\9psgeo9l.default\Cache.Trash\Trash\Cache\8\1A\FE59Fd01
Hidden: file C:\Users\LAURI\AppData\Local\Mozilla\Firefox\Profiles\9psgeo9l.default\Cache.Trash\Trash\Cache\4\FB\5D2E3d01
Hidden: file C:\Windows\winsxs\amd64_msdri.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_873c5978bf12ab15\msdri.inf_loc
Hidden: file C:\Windows\winsxs\Manifests\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_zh-tw_c5d4dc9b04c4d891.manifest
Hidden: file C:\Windows\SysWOW64\GdiPlus.dll
Stopped logging on 12/21/2011 at 15:01:49 PM | |
lbcamera
join:2011-12-20
Staten Island, NY | reply to LoPhatPhuud
The log file has nothing in it when I open it.
Here is what comes I see after navigating to the folder.
FXSAPIDDebugLogFile
When I open it in Notepad nothing appears.
after I rebooted my computer notepad automatically came up with log file results would you like me to post that? | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to lbcamera
It's not important. Your system is clean per the most recent logs so we can move on.
I suspect your Facebook password was picked up somewhere, but not directly from your computer. All your passwords should be strong, unique and never used anywhere else.
Here's some info on strong passwords.
»www.microsoft.com/security/onlin···ate.aspx
You want to consider using a password management program such as LastPass, Keypass, Roboform ,etc. LastPass and Keypass are free. LastPass also has a paid version.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23 Reviews:
·Comcast
| reply to lbcamera
Cleaning Up:
Delete TFC:
- Delete the TFC icon on your Desktop
Delete OTL:
- Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check:
- Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes:
- We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit
- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs:
- If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum | |
|
