Re: [Trojan] can't connect to PostgreSQL

Author	All Replies
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26	reply to ez2cy Re: [Trojan] can't connect to PostgreSQL Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
	to forum · permalink · 2012-08-02 19:06:36 ·
ez2cy join:2008-03-05	In the first directions to run OTL I was suppose to check Purity and LOOP? Not sure so I checked them before this scan as well. Log; OTL logfile created on: 8/3/2012 12:54:37 PM - Run 5 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jim\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 11.96 Gb Total Physical Memory \| 9.42 Gb Available Physical Memory \| 78.75% Memory free 23.93 Gb Paging File \| 20.97 Gb Available in Paging File \| 87.63% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 589.90 Gb Total Space \| 345.41 Gb Free Space \| 58.55% Space Free \| Partition Type: NTFS Computer Name: JIM-PC \| User Name: Jim \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/08/02 16:07:18 \| 000,597,504 \| ---- \| M] (OldTimer Tools) -- C:\Users\Jim\Downloads\OTL (1).exe PRC - [2012/05/28 09:25:50 \| 000,296,056 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/02/23 12:30:40 \| 000,059,240 \| ---- \| M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012/02/01 13:36:38 \| 022,140,304 \| ---- \| M] (magicJack L.P.) -- C:\Users\Jim\AppData\Roaming\mjusbsp\magicJack.exe PRC - [2012/01/03 09:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/01/28 01:15:33 \| 000,066,048 \| ---- \| M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe PRC - [2011/01/28 01:13:43 \| 004,538,368 \| ---- \| M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe PRC - [2010/08/05 08:46:02 \| 000,583,640 \| ---- \| M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010/08/05 08:46:02 \| 000,104,408 \| ---- \| M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009/11/20 07:17:54 \| 000,106,496 \| ---- \| M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/02 13:26:12 \| 000,013,336 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/10/02 13:26:10 \| 000,284,696 \| ---- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/09/30 08:02:50 \| 002,320,920 \| R--- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 08:02:48 \| 000,268,824 \| R--- \| M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/08/06 01:51:20 \| 000,065,536 \| R--- \| M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009/08/04 17:29:54 \| 000,219,360 \| ---- \| M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009/08/04 17:29:52 \| 000,346,320 \| ---- \| M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009/06/03 20:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2006/12/19 10:30:26 \| 000,081,920 \| ---- \| M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/06/14 03:34:18 \| 012,436,480 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 03:34:10 \| 001,591,808 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/12 03:36:29 \| 000,771,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/12 03:35:35 \| 003,347,968 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/12 03:35:28 \| 005,452,800 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/12 03:35:26 \| 007,967,232 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/12 03:35:26 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/12 03:35:22 \| 011,492,864 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/06/24 22:56:36 \| 000,087,328 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 \| 001,241,888 \| ---- \| M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/07/30 18:15:32 \| 000,503,202 \| ---- \| M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009/06/03 20:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2012/04/24 17:32:38 \| 000,584,224 \| ---- \| M] (Soluto) [Auto \| Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService) SRV:64bit: - [2012/03/26 18:49:56 \| 000,291,696 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 \| 000,012,600 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/04/20 03:04:20 \| 000,203,776 \| ---- \| M] (AMD) [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/22 18:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/08/03 09:08:47 \| 000,250,056 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/03 13:19:28 \| 000,160,944 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/03 09:10:42 \| 000,063,928 \| ---- \| M] (Adobe Systems Incorporated) [Auto \| Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/01/28 01:15:33 \| 000,066,048 \| ---- \| M] (PostgreSQL Global Development Group) [Auto \| Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2010/08/09 10:51:29 \| 000,185,640 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Users\Jim\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service) SRV - [2010/08/05 08:46:02 \| 000,583,640 \| ---- \| M] (PC Tools) [Auto \| Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010/03/18 14:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/12 10:57:44 \| 000,185,640 \| ---- \| M] (TeamViewer GmbH) [On_Demand \| Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009/10/02 13:26:12 \| 000,013,336 \| ---- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/09/30 08:02:50 \| 002,320,920 \| R--- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/09/30 08:02:48 \| 000,268,824 \| R--- \| M] (Intel Corporation) [Auto \| Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/08/06 01:51:20 \| 000,065,536 \| R--- \| M] () [Auto \| Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009/08/04 17:29:54 \| 000,219,360 \| ---- \| M] (DeviceVM, Inc.) [Auto \| Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009/06/10 17:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006/12/19 10:30:26 \| 000,081,920 \| ---- \| M] (Prolific Technology Inc.) [Auto \| Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012/04/24 17:13:24 \| 000,054,728 \| ---- \| M] (Soluto LTD.) [File_System \| Boot \| Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto) DRV:64bit: - [2012/03/20 20:44:12 \| 000,098,688 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/08 18:40:52 \| 000,048,488 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 02:46:16 \| 000,023,408 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 \| 000,052,736 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/20 03:44:50 \| 009,319,936 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/04/20 03:44:50 \| 009,319,936 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 02:22:34 \| 000,306,176 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 02:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/02 23:30:36 \| 000,031,744 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010/11/20 09:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 07:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009/11/20 07:16:02 \| 000,177,152 \| ---- \| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009/11/20 07:15:58 \| 000,075,776 \| ---- \| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/10/29 04:14:38 \| 000,115,824 \| ---- \| M] (JMicron Technology Corp.) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/10/02 12:58:58 \| 000,537,112 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/17 00:54:54 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/08/20 12:05:06 \| 000,239,616 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/17 14:52:00 \| 000,201,472 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/07/17 11:09:04 \| 000,660,992 \| ---- \| M] (Realtek Semiconductor Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su) DRV:64bit: - [2009/07/13 21:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:10:47 \| 000,011,264 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 16:35:35 \| 000,620,544 \| ---- \| M] (Ralink Technology, Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/06/10 16:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/01/09 15:02:08 \| 000,031,744 \| ---- \| M] (Research in Motion Ltd) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2009/07/13 21:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006/10/02 12:38:48 \| 000,010,368 \| ---- \| M] (Padus, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA, IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F DB 5B 28 0C C2 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = »search.babylon.com/?q={searchTer···00000000 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = »websearch.ask.com/redirect?clien···82F6570F IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.ca/search?q={searchTe···7ADFA_en IE - HKCU\..\SearchScopes\{7804A294-9921-4f7e-B060-B6F30D839788}: "URL" = »www.bing.com/search?q={searchTer···&pc=SPLH IE - HKCU\..\SearchScopes\{956D5CE9-9400-4815-91BD-DC8B54E647C1}: "URL" = »www.google.com/cse?cx=partner-pu···67623346 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678 IE - HKCU\..\SearchScopes\{E55CC0E7-8AE6-4d07-A2C7-994ABF8CBE5F}: "URL" = »search.yahoo.com/search?p={searc···pe=STDVM IE - HKCU\..\SearchScopes\Bing: "URL" = »www.bing.com/search?q={searchTer···M=IE0001 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - user.js - File not found FF:64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/01 00:02:20 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 \| 000,000,000 \| ---D \| M] [2011/07/21 16:56:17 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions [2011/07/21 16:56:17 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [2011/01/18 12:26:44 \| 000,002,037 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchw7th1.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: CHR - homepage: CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Wajam = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Skype Click to Call = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/08/02 06:58:52 \| 000,000,027 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [cdloader] C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: dslreports.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: live.com ([by150w.bay150.mail] http in Trusted sites) O15 - HKCU\..Trusted Domains: live.com ([sn121w.snt121.mail] http in Trusted sites) O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites) O15 - HKCU\..Trusted Domains: pcfinancial.ca ([www.txn.banking] https in Trusted sites) O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites) O16:64bit: - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} »kitchenplanner.ikea.com/CA/Core/···in32.cab (Reg Error: Key error.) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} »download.microsoft.com/download/···trol.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} »kitchenplanner.ikea.com/CA/Core/···in32.cab (20-20 3D Viewer) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} »picasaweb.google.com/s/v/69.22/uploader2.cab (UploadListView Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578200} »fpdownload2.macromedia.com/pub/s···lash.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22DF5E75-C174-407A-9D14-DAA9C35D034C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE5FD909-A254-43B1-9046-3CE5FD41E7E8}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/08/03 10:26:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{A2A7843F-BEC0-489E-8B17-DA58EB161BA4} [2012/08/03 10:26:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{D22F2A4D-AEA9-4FA0-BAB1-154FDB462E5C} [2012/08/02 18:34:34 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{576B4F78-9BE5-42A4-A1DB-2D8C0841446E} [2012/08/02 18:34:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{FBFCE116-D208-4C29-A0D1-F4200F77CF98} [2012/08/02 13:35:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0 [2012/08/02 11:24:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Product Tool 5.39 [2012/08/02 11:24:20 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Media Player Product Tool 5.39 [2012/08/02 07:24:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Microsoft Security Client [2012/08/02 07:24:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Client [2012/08/02 07:05:47 \| 000,000,000 \| ---D \| C] -- C:\Windows\temp [2012/08/02 06:58:54 \| 000,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2012/08/02 06:45:43 \| 000,518,144 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/08/02 06:45:43 \| 000,406,528 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/08/02 06:45:43 \| 000,060,416 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/08/02 06:45:36 \| 000,000,000 \| ---D \| C] -- C:\Qoobox [2012/08/02 06:45:26 \| 000,000,000 \| ---D \| C] -- C:\Windows\erdnt [2012/08/02 06:38:01 \| 004,722,680 \| R--- \| C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe [2012/08/02 06:33:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{1AE71FB0-EF67-4E3C-9A0F-7134F45C5BFC} [2012/08/02 06:33:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{543D98BD-5C03-4308-85AE-CDF36C0C2DA5} [2012/08/01 13:12:54 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2 [2012/08/01 13:12:38 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Holdem Manager 2 [2012/08/01 13:11:22 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4 [2012/08/01 13:09:52 \| 000,000,000 \| ---D \| C] -- C:\postgreSQL [2012/08/01 13:07:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\PSQLINSTALL [2012/08/01 12:08:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{93B72AFF-E376-4A67-89A9-BD11C9EAEE36} [2012/08/01 12:08:27 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{58133354-4C6C-4706-A2FE-1FE3D44AF88C} [2012/08/01 09:24:43 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\ESET [2012/08/01 00:07:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{D4D29F83-85BA-49C2-9F35-FCF5B9D494D8} [2012/08/01 00:07:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{6374CA12-35FD-421A-96DA-C090D06D59DB} [2012/07/31 23:46:35 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{FD67E829-3035-4D82-890A-F95135DF11FB} [2012/07/31 23:46:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{9688BF34-DDD0-4F40-84C5-47B327AF1DDE} [2012/07/31 20:20:53 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{00B0A6CE-9E57-4818-A465-17C7D6297069} [2012/07/31 20:20:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{E887ED5B-A2C8-4499-A684-E292266F0076} [2012/07/31 08:20:15 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{1E621616-9C19-48B1-AA96-4E37816E885A} [2012/07/31 08:20:03 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{346BDB66-6150-4E4A-AB70-E21EABCCCABD} [2012/07/30 20:19:50 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{ED7685D8-40FB-4854-BD46-26BA2A0881BC} [2012/07/30 20:19:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{550A3830-9BF2-449C-B767-F10CA0A027CF} [2012/07/30 08:19:23 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{C822285F-C6A5-4B9B-A868-DE8C8DC29054} [2012/07/30 08:19:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{BD5BBF67-DA0A-4D5D-95F7-1777D46342E7} [2012/07/29 20:17:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{2C123807-E012-4453-99DB-4160611C2CC8} [2012/07/29 20:17:32 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{58EB5E5E-9F2C-488F-9557-AC8879E88170} [2012/07/29 10:56:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\MediaMonkey [2012/07/29 10:56:31 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Roaming\MediaMonkey [2012/07/29 10:56:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\MediaMonkey [2012/07/29 08:17:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{6AC52F93-1ED8-4A1E-9656-6F82CD6B7E24} [2012/07/29 08:17:06 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{F99B0979-A4B5-482D-8496-633B6454D9A4} [2012/07/28 20:16:53 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{7FE9BE11-EA94-433E-8A60-DBF3B80024D4} [2012/07/28 20:16:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{97C122C8-40A3-41DA-99B6-215E95628C79} [2012/07/28 08:16:27 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{D70F9A5B-8487-474E-8C61-C8E08155627C} [2012/07/28 08:16:16 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{62B5F3E6-08B1-464A-924F-DEA00F303C78} [2012/07/27 20:16:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{15F4DE0D-C288-4F2B-B086-55BA69D47A1B} [2012/07/27 20:15:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{30410B99-EE52-41F4-8B75-887FFF268370} [2012/07/27 13:12:38 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\PDFCreator [2012/07/27 13:10:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\Wajam [2012/07/27 08:15:21 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{262F578A-D19B-47DA-A9FC-D165352CDFD8} [2012/07/27 08:12:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{59E785C2-1819-476D-84D3-8664737005D4} [2012/07/26 19:40:05 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{9D42776E-11A6-4774-AB40-60F6651B5EF6} [2012/07/26 19:39:53 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{908BD6AD-2444-446B-93E2-A3FC99F8A7F1} [2012/07/26 07:39:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{B7261E7D-C3B2-451D-ADEF-A66F0FAA21A4} [2012/07/26 07:37:15 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{49B192C2-62A3-4CC4-A5B8-0EF450AB2046} [2012/07/25 11:24:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{CCE7B9E9-B97A-474D-A590-0E9F644696C5} [2012/07/25 11:23:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{60C2045A-9921-4A4F-880F-85BB389C273E} [2012/07/24 23:23:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{B5EC7D8B-2867-4FBE-840D-0732F59A18A0} [2012/07/24 23:23:31 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{F4B40AAF-8040-4206-8024-E09BEA27C8DA} [2012/07/24 11:23:02 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{13C9E3C4-9319-4FC9-A00B-B059233CABA5} [2012/07/24 11:20:23 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{0EDB77A7-BEA8-4EAA-9275-4655913F105F} [2012/07/23 21:09:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{09D4D1E9-FB90-4CB4-B397-9469095CC665} [2012/07/23 09:09:30 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{9C96061B-34FF-41F3-B002-DBBD63E49253} [2012/07/23 09:09:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{BEA4F733-BE21-4CAC-AF64-61DD09BF2CD2} [2012/07/22 21:14:57 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/22 21:14:55 \| 000,024,904 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/22 21:08:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{7307A879-08AD-481F-BD54-31487A7D2958} [2012/07/22 21:08:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{6A82F54A-78D6-4145-9860-CD16A6DFF518} [2012/07/22 20:20:07 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/22 09:04:04 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{226BCE35-6404-46E6-B0FF-8412F9DA1E87} [2012/07/22 09:03:51 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{60A4DC6A-DF94-465D-A1CD-165EC1E89E12} [2012/07/21 21:03:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{0243A1F6-B560-44A4-87C8-8388DE515827} [2012/07/21 21:03:12 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{C60584D4-660A-429E-9A40-750DBE3BF917} [2012/07/21 09:02:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{A241F2A9-2999-45A3-9F1E-B0A324F5A88B} [2012/07/21 09:02:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{F9036134-6DE7-4E56-8A4E-0F8269D28B15} [2012/07/20 21:02:19 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{5B3B2B83-4F30-4B03-8238-C961C9E78C6C} [2012/07/20 09:01:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{430405C2-4303-473A-927A-ADB991CB39F4} [2012/07/20 09:01:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{9243818A-712B-418A-87C2-CFD8B7A8730A} [2012/07/19 21:01:14 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{D7D57A2F-C5FD-429A-91C7-A26F0185F561} [2012/07/19 21:01:02 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{635948E0-EAC2-4533-9F70-1C8D1C822F11} [2012/07/19 09:00:48 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{4D77E052-AA57-4795-AA19-968457467F25} [2012/07/19 09:00:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{563F11CA-62AA-4F4A-A7D9-B04A51567712} [2012/07/19 04:11:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\Desktop\Ninja [2012/07/18 21:00:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{200C6192-9E96-4E3E-87F7-9E67B94C0698} [2012/07/18 21:00:08 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{06CF9174-6BF3-42BF-9202-D17DD68B6FF1} [2012/07/18 08:59:37 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{092C7F41-008C-4D18-AAD1-C6C2459FDB37} [2012/07/18 08:56:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{E3D10A4E-6E46-4FC6-BED7-6FBBC2E5B13F} [2012/07/18 00:31:09 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{FBC9BCE4-C52A-4ECB-A9FB-B7C1C51B3C23} [2012/07/15 10:10:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{A1883C0F-DFC7-4479-A836-B727DABCD0C8} [2012/07/15 10:10:44 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{3BB5A715-D45B-4188-9DCC-D9D5213AA49F} [2012/07/14 21:24:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{8EEA8F6F-1920-4151-9CFF-D8EAAA525701} [2012/07/14 21:24:10 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{DF45BBF9-29CE-472A-9F7A-0C8484B3B90E} [2012/07/14 09:23:55 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{3F681998-28D1-47C2-9CE7-4405C0319058} [2012/07/14 09:23:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{B9FCAFCE-32BA-47CD-B063-7FD8CBE7C321} [2012/07/14 08:27:55 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker [2012/07/14 08:27:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\CarbonPoker [2012/07/13 21:23:17 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{403697A5-B66A-47D7-9246-20C92D547608} [2012/07/13 09:22:51 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{6B29A68C-3C05-434F-9E1B-7B36346CEAF6} [2012/07/13 09:22:38 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{2CE63933-701F-47D5-AEBF-0279A6C11BDE} [2012/07/12 20:05:16 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{F86CE334-2C8D-4F0C-B346-FF6BACAF2021} [2012/07/12 17:31:10 \| 000,000,000 \| ---D \| C] -- C:\Windows\USB Vibration [2012/07/12 17:20:53 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\USB Vibration [2012/07/12 08:04:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{0ED5A85A-6309-4691-A078-D6D2776E361B} [2012/07/12 08:04:37 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{FC734E74-2F80-46C3-9AFC-9B67D16D98B9} [2012/07/12 03:00:57 \| 000,096,768 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/12 03:00:57 \| 000,073,216 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/12 03:00:55 \| 000,237,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/12 03:00:55 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/12 03:00:53 \| 000,248,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/12 03:00:53 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/12 03:00:52 \| 000,173,056 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/12 03:00:52 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/12 03:00:50 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/12 03:00:49 \| 002,311,680 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/12 03:00:49 \| 001,494,528 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/12 03:00:48 \| 000,818,688 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/07/12 03:00:48 \| 000,716,800 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 19:43:13 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{A177694A-9FF9-4807-9872-D1D4404752C9} [2012/07/11 19:43:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{5ABBC15D-AD4C-4C81-898F-F2001CC09B30} [2012/07/11 08:08:11 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012/07/11 08:08:11 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012/07/11 08:08:06 \| 000,307,200 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/07/11 08:08:03 \| 000,805,376 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012/07/11 08:08:01 \| 001,133,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012/07/11 07:42:47 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{C47CFB20-C1B3-4374-AD57-2D1E8AFF4E6B} [2012/07/11 07:42:34 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{295BFD60-2F8C-4820-BA87-403B50ECECB1} [2012/07/10 19:42:21 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{426DBD74-9F53-49E4-8E21-AE2ACA15EA83} [2012/07/10 19:42:09 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{0FFEFE6F-A84E-4950-AECA-52F9F4F1CE93} [2012/07/10 07:41:56 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{EBE7B02B-99CD-4007-81B1-36F56FC4A94D} [2012/07/10 07:41:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{09484B44-481B-42EF-B3D8-EC26FC6AFEC8} [2012/07/09 19:41:30 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{33917769-163D-424B-B117-18530CE93218} [2012/07/09 19:41:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{2E428961-0277-4C0E-9816-A7F7AE7E513A} [2012/07/09 07:41:03 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{BB2BC6F3-9C30-4978-A341-2F0BC4297E7A} [2012/07/09 07:40:51 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{4E1697EF-6C8D-4AA9-8059-DD35E8CE7901} [2012/07/08 09:20:54 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{575F415F-F5E5-4E76-BC2B-D7DD4CFFF62F} [2012/07/08 09:17:58 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{21900ACF-2B01-4E24-B14B-F01C7F4372DD} [2012/07/07 13:28:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{662B7306-5701-4271-8162-6180C2ADFB71} [2012/07/07 13:28:10 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{CAC3E826-8288-4559-88E9-00F0D12E22C7} [2012/07/07 01:27:41 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{B2436BE9-8869-470C-B3A2-328FC4FE279B} [2012/07/07 01:27:28 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{1606E39D-9839-4714-92A9-58ABF24841C0} [2012/07/06 23:17:35 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{95DBA96D-AC7B-4216-8EF0-2BEF1D932183} [2012/07/06 23:17:20 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{9640C4E3-084C-4434-B115-2D607D963A37} [2012/07/06 21:53:11 \| 000,000,000 \| ---D \| C] -- C:\found.000 [2012/07/06 21:26:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{7F8690A5-A057-4764-B3C8-658DA3A719BD} [2012/07/06 21:25:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{1DEA08B1-5EFE-4280-AA63-2C680B710AB8} [2012/07/06 09:25:32 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{2109ABA4-EA86-4E15-B797-6315BDCACC44} [2012/07/06 09:25:19 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{AAEA7BA3-393E-4496-A459-81C092B80D41} [2012/07/05 21:24:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{EE63548B-1C03-47D5-A629-6EB77A88CD5F} [2012/07/05 21:24:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{C7652549-0BE6-4BC8-9A8D-C84EB1679E5C} [2012/07/05 09:24:23 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{8681F506-7D54-4044-A285-3552ACF7A6DA} [2012/07/05 09:24:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{37F4A250-8348-453D-ADD5-DB6D76EDDF5C} [2012/07/04 21:23:43 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{D1CBFA72-5587-4228-83CC-D4DF62F27215} [2012/07/04 21:23:31 \| 000,000,000 \| ---D \| C] -- C:\Users\Jim\AppData\Local\{664E9768-E8C8-4F46-B95A-7D7F072FB970} [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/08/03 13:08:00 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/03 12:19:00 \| 000,000,892 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/03 10:27:25 \| 000,000,983 \| ---- \| M] () -- C:\Users\Jim\Desktop\magicJack.lnk [2012/08/03 09:08:46 \| 000,426,184 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/03 09:08:46 \| 000,070,344 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/03 09:06:35 \| 000,015,008 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/03 09:06:35 \| 000,015,008 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/03 08:59:24 \| 000,065,536 \| ---- \| M] () -- C:\Windows\SysNative\Ikeext.etl [2012/08/03 08:59:15 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/08/03 08:59:08 \| 1044,996,094 \| -HS- \| M] () -- C:\hiberfil.sys [2012/08/02 13:35:54 \| 000,001,084 \| ---- \| M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk [2012/08/02 12:50:19 \| 000,782,874 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/02 12:50:19 \| 000,662,482 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/02 12:50:19 \| 000,122,310 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/02 11:26:24 \| 002,168,832 \| ---- \| M] () -- C:\Users\Jim\Desktop\SwiMP3Betax4.fw [2012/08/02 11:20:47 \| 022,328,153 \| ---- \| M] () -- C:\Users\Jim\Desktop\ProductTool_V5.39.zip [2012/08/02 07:24:24 \| 000,001,945 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2012/08/02 07:24:11 \| 000,796,532 \| ---- \| M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/08/02 06:58:52 \| 000,000,027 \| ---- \| M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/08/02 06:38:15 \| 004,722,680 \| R--- \| M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe [2012/07/20 22:07:58 \| 001,665,160 \| ---- \| M] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf [2012/07/12 03:23:44 \| 000,000,888 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/12 03:23:38 \| 000,309,408 \| ---- \| M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/07 11:11:16 \| 014,091,259 \| ---- \| M] () -- C:\Users\Jim\Desktop\4hbody.pdf [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/08/02 11:26:23 \| 002,168,832 \| ---- \| C] () -- C:\Users\Jim\Desktop\SwiMP3Betax4.fw [2012/08/02 11:17:14 \| 022,328,153 \| ---- \| C] () -- C:\Users\Jim\Desktop\ProductTool_V5.39.zip [2012/08/02 07:24:13 \| 000,001,915 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/08/02 06:45:43 \| 000,256,000 \| ---- \| C] () -- C:\Windows\PEV.exe [2012/08/02 06:45:43 \| 000,208,896 \| ---- \| C] () -- C:\Windows\MBR.exe [2012/08/02 06:45:43 \| 000,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2012/08/02 06:45:43 \| 000,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2012/08/02 06:45:43 \| 000,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2012/07/20 22:07:58 \| 001,665,160 \| ---- \| C] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf [2012/07/07 11:11:09 \| 014,091,259 \| ---- \| C] () -- C:\Users\Jim\Desktop\4hbody.pdf [2012/07/07 01:37:01 \| 000,065,536 \| ---- \| C] () -- C:\Windows\SysNative\Ikeext.etl [2012/02/26 11:45:53 \| 000,000,600 \| ---- \| C] () -- C:\Users\Jim\AppData\Local\PUTTY.RND [2012/01/21 09:43:46 \| 000,000,075 \| ---- \| C] () -- C:\Windows\cdplayer.ini [2012/01/13 10:41:54 \| 000,156,160 \| ---- \| C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll [2011/12/13 09:32:25 \| 000,000,017 \| ---- \| C] () -- C:\Users\Jim\.javafx_ping_sent [2011/12/13 09:32:23 \| 000,000,000 \| ---- \| C] () -- C:\Users\Jim\.javafx_eula_accepted [2011/08/29 07:39:56 \| 000,001,519 \| ---- \| C] () -- C:\Windows\PartyGrabber.ini [2011/07/07 13:28:13 \| 000,029,699 \| ---- \| C] () -- C:\Windows\SysWow64\bdwutsu.dll [2011/03/17 18:51:46 \| 000,003,929 \| ---- \| C] () -- C:\Windows\SysWow64\atipblag.dat [2011/02/11 08:42:28 \| 000,000,816 \| ---- \| C] () -- C:\Windows\wininit.ini [2011/01/28 07:10:08 \| 000,796,532 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/02 21:54:58 \| 000,000,193 \| ---- \| C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010/12/23 15:35:47 \| 000,061,440 \| ---- \| C] () -- C:\Windows\SysWow64\cdTextCtl.dll [2010/12/03 22:38:23 \| 000,007,605 \| ---- \| C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg [2010/10/22 16:26:03 \| 000,000,117 \| ---- \| C] () -- C:\Users\Jim\jagex_runescape_preferences2.dat [2010/10/22 16:23:34 \| 000,000,046 \| ---- \| C] () -- C:\Users\Jim\jagex_runescape_preferences.dat [2010/10/21 08:37:26 \| 000,000,632 \| RHS- \| C] () -- C:\Users\Jim\ntuser.pol [2010/08/23 12:20:10 \| 000,000,045 \| ---- \| C] () -- C:\Users\Jim\AppData\Local\machpro.dat [2010/07/26 19:04:06 \| 3590,291,456 \| ---- \| C] () -- C:\Users\Jim\ap.camrec [2010/06/11 07:29:46 \| 000,009,216 \| ---- \| C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/12 23:48:29 \| 000,000,032 \| ---- \| C] () -- C:\ProgramData\ezsid.dat [color=#E56717]========== LOP Check ==========[/color] [2011/02/19 09:59:09 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\FrostWire [2011/05/26 08:12:07 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\HEM Data [2011/11/11 15:45:29 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\HighPulse [2012/08/02 13:08:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\HoldemManager [2010/10/28 18:40:40 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Lexmark Productivity Studio [2012/07/31 23:36:45 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\MediaMonkey [2010/08/09 10:51:29 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Mikogo [2012/08/03 10:27:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\mjusbsp [2010/04/22 10:47:03 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\OpenOffice.org [2010/08/09 14:08:49 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Pamela [2010/08/24 07:02:29 \| 000,000,000 \| RHSD \| M] -- C:\Users\Jim\AppData\Roaming\patch [2012/04/01 13:36:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\postgresql [2011/11/24 20:35:38 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\ReaSoft [2011/04/28 06:38:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Registry Mechanic [2012/05/22 17:30:05 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\TeamViewer [2011/07/21 16:56:16 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\TomTom [2012/05/06 08:38:27 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\uTorrent [2010/10/23 08:17:34 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer [2012/01/13 10:41:36 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Wondershare [2012/01/12 18:14:53 \| 000,000,000 \| ---D \| M] -- C:\Users\Jim\AppData\Roaming\Wondershare Video Converter Ultimate [2012/03/13 07:31:15 \| 000,032,610 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Lock Poker:MID @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
ez2cy join:2008-03-05	to forum · permalink · 2012-08-04 07:46:08 ·

Broadband Tech > Security > Security Cleanup > [Trojan] can't connect to PostgreSQL