Topic 'Re: [Trojan] can't connect to PostgreSQL' in forum 'Security Cleanup' - dslreports.com

Re: [Trojan] can't connect to PostgreSQL

Mon, 06 Aug 2012 14:53:44 EDT

ez2cy posted : thank you so much for the help

Re: [Trojan] can't connect to PostgreSQL

Sun, 05 Aug 2012 10:42:53 EDT

LoPhatPhuud posted : Cleaning Up:

Delete TFC:

Delete the TFC icon on your Desktop

Delete OTL:

Double click the OTL icon on your Desktop
Press the 'Cleanup' button

Delete Security Check:

Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:

We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit

If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:

If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Re: [Trojan] can't connect to PostgreSQL

Sun, 05 Aug 2012 10:42:28 EDT

LoPhatPhuud posted : Thanks. Most likely the files were true temporary and have since been removed,. That's fine, I just wanted to be certain they were not corrupted.

None the the recent logs show any exploits. I suspect the issue now is with PostgreSQL itself. Try removing it with Add/Remove Programs, reboot and re-install.

If the problem is still present, then contact the manufacturer's support for assisstance.

Cleanup instructions are in the following post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Re: [Trojan] can't connect to PostgreSQL

Sun, 05 Aug 2012 08:32:26 EDT

ez2cy posted : No I have never downloaded Super Anti Spyware that I know of. ????

I went to the link you provided.

No yellow box, it's blue, but I browsed it. copied and pasted your file name in the post to search. Got no results for either one.

Re: [Trojan] can't connect to PostgreSQL

Sat, 04 Aug 2012 10:37:56 EDT

LoPhatPhuud posted : Thanks. Two services are located in the wrong place and I want to check them out. By name, both belong to Super Anti Spyware. Did you have that program installed at one time?

Please go to »www.virustotal.com/

Press the 'Browse' button to the right of the yellow box.

Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box.

SASDIFSV;SASDIFSV;c:\users\Jim\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS
SASKUTIL;SASKUTIL;c:\users\Jim\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS

Click on the Send File button

Note: If you can't find the file, let me know in your next post.

Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier.

If the file has been previously scanned, the results webpage will show:
"File has already been submitted:"

Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread.

If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Re: [Trojan] can't connect to PostgreSQL

Sat, 04 Aug 2012 07:46:08 EDT

ez2cy posted : In the first directions to run OTL I was suppose to check Purity and LOOP? Not sure so I checked them before this scan as well. Log;

OTL logfile created on: 8/3/2012 12:54:37 PM - Run 5
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.96 Gb Total Physical Memory | 9.42 Gb Available Physical Memory | 78.75% Memory free
23.93 Gb Paging File | 20.97 Gb Available in Paging File | 87.63% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 589.90 Gb Total Space | 345.41 Gb Free Space | 58.55% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/08/02 16:07:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Downloads\OTL (1).exe
PRC - [2012/05/28 09:25:50 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\Jim\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011/01/28 01:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/06 01:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/14 03:34:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:34:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 03:36:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:35:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/03 09:08:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/08/09 10:51:29 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Jim\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 10:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/06 01:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/04/24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 14:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/17 11:09:04 | 000,660,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/02 12:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F DB 5B 28 0C C2 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = »search.babylon.com/?q={searchTer···00000000
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = »websearch.ask.com/redirect?clien···82F6570F
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.ca/search?q={searchTe···7ADFA_en
IE - HKCU\..\SearchScopes\{7804A294-9921-4f7e-B060-B6F30D839788}: "URL" = »www.bing.com/search?q={searchTer···&pc=SPLH
IE - HKCU\..\SearchScopes\{956D5CE9-9400-4815-91BD-DC8B54E647C1}: "URL" = »www.google.com/cse?cx=partner-pu···67623346
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678
IE - HKCU\..\SearchScopes\{E55CC0E7-8AE6-4d07-A2C7-994ABF8CBE5F}: "URL" = »search.yahoo.com/search?p={searc···pe=STDVM
IE - HKCU\..\SearchScopes\Bing: "URL" = »www.bing.com/search?q={searchTer···M=IE0001
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/01 00:02:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 | 000,000,000 | ---D | M]

[2011/07/21 16:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2011/07/21 16:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011/01/18 12:26:44 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchw7th1.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - homepage:
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Skype Click to Call = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/02 06:58:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dslreports.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([by150w.bay150.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([sn121w.snt121.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pcfinancial.ca ([www.txn.banking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O16:64bit: - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} »kitchenplanner.ikea.com/CA/Core/···in32.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} »download.microsoft.com/download/···trol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} »kitchenplanner.ikea.com/CA/Core/···in32.cab (20-20 3D Viewer)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} »picasaweb.google.com/s/v/69.22/uploader2.cab (UploadListView Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578200} »fpdownload2.macromedia.com/pub/s···lash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22DF5E75-C174-407A-9D14-DAA9C35D034C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE5FD909-A254-43B1-9046-3CE5FD41E7E8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une soci�t� en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/08/03 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A2A7843F-BEC0-489E-8B17-DA58EB161BA4}
[2012/08/03 10:26:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D22F2A4D-AEA9-4FA0-BAB1-154FDB462E5C}
[2012/08/02 18:34:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{576B4F78-9BE5-42A4-A1DB-2D8C0841446E}
[2012/08/02 18:34:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FBFCE116-D208-4C29-A0D1-F4200F77CF98}
[2012/08/02 13:35:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cake Poker 2.0
[2012/08/02 11:24:26 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Player Product Tool 5.39
[2012/08/02 11:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Product Tool 5.39
[2012/08/02 07:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/08/02 07:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/02 07:05:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/02 06:58:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/02 06:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/02 06:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/02 06:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/02 06:45:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 06:45:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/02 06:38:01 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/08/02 06:33:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1AE71FB0-EF67-4E3C-9A0F-7134F45C5BFC}
[2012/08/02 06:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{543D98BD-5C03-4308-85AE-CDF36C0C2DA5}
[2012/08/01 13:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
[2012/08/01 13:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Holdem Manager 2
[2012/08/01 13:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
[2012/08/01 13:09:52 | 000,000,000 | ---D | C] -- C:\postgreSQL
[2012/08/01 13:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSQLINSTALL
[2012/08/01 12:08:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{93B72AFF-E376-4A67-89A9-BD11C9EAEE36}
[2012/08/01 12:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58133354-4C6C-4706-A2FE-1FE3D44AF88C}
[2012/08/01 09:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/01 00:07:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D4D29F83-85BA-49C2-9F35-FCF5B9D494D8}
[2012/08/01 00:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6374CA12-35FD-421A-96DA-C090D06D59DB}
[2012/07/31 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FD67E829-3035-4D82-890A-F95135DF11FB}
[2012/07/31 23:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9688BF34-DDD0-4F40-84C5-47B327AF1DDE}
[2012/07/31 20:20:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{00B0A6CE-9E57-4818-A465-17C7D6297069}
[2012/07/31 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E887ED5B-A2C8-4499-A684-E292266F0076}
[2012/07/31 08:20:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1E621616-9C19-48B1-AA96-4E37816E885A}
[2012/07/31 08:20:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{346BDB66-6150-4E4A-AB70-E21EABCCCABD}
[2012/07/30 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{ED7685D8-40FB-4854-BD46-26BA2A0881BC}
[2012/07/30 20:19:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{550A3830-9BF2-449C-B767-F10CA0A027CF}
[2012/07/30 08:19:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C822285F-C6A5-4B9B-A868-DE8C8DC29054}
[2012/07/30 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BD5BBF67-DA0A-4D5D-95F7-1777D46342E7}
[2012/07/29 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2C123807-E012-4453-99DB-4160611C2CC8}
[2012/07/29 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58EB5E5E-9F2C-488F-9557-AC8879E88170}
[2012/07/29 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\MediaMonkey
[2012/07/29 10:56:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\MediaMonkey
[2012/07/29 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/07/29 08:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6AC52F93-1ED8-4A1E-9656-6F82CD6B7E24}
[2012/07/29 08:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F99B0979-A4B5-482D-8496-633B6454D9A4}
[2012/07/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7FE9BE11-EA94-433E-8A60-DBF3B80024D4}
[2012/07/28 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{97C122C8-40A3-41DA-99B6-215E95628C79}
[2012/07/28 08:16:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D70F9A5B-8487-474E-8C61-C8E08155627C}
[2012/07/28 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{62B5F3E6-08B1-464A-924F-DEA00F303C78}
[2012/07/27 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{15F4DE0D-C288-4F2B-B086-55BA69D47A1B}
[2012/07/27 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{30410B99-EE52-41F4-8B75-887FFF268370}
[2012/07/27 13:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/07/27 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Wajam
[2012/07/27 08:15:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{262F578A-D19B-47DA-A9FC-D165352CDFD8}
[2012/07/27 08:12:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{59E785C2-1819-476D-84D3-8664737005D4}
[2012/07/26 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9D42776E-11A6-4774-AB40-60F6651B5EF6}
[2012/07/26 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{908BD6AD-2444-446B-93E2-A3FC99F8A7F1}
[2012/07/26 07:39:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B7261E7D-C3B2-451D-ADEF-A66F0FAA21A4}
[2012/07/26 07:37:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{49B192C2-62A3-4CC4-A5B8-0EF450AB2046}
[2012/07/25 11:24:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CCE7B9E9-B97A-474D-A590-0E9F644696C5}
[2012/07/25 11:23:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{60C2045A-9921-4A4F-880F-85BB389C273E}
[2012/07/24 23:23:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B5EC7D8B-2867-4FBE-840D-0732F59A18A0}
[2012/07/24 23:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F4B40AAF-8040-4206-8024-E09BEA27C8DA}
[2012/07/24 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{13C9E3C4-9319-4FC9-A00B-B059233CABA5}
[2012/07/24 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0EDB77A7-BEA8-4EAA-9275-4655913F105F}
[2012/07/23 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{09D4D1E9-FB90-4CB4-B397-9469095CC665}
[2012/07/23 09:09:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9C96061B-34FF-41F3-B002-DBBD63E49253}
[2012/07/23 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BEA4F733-BE21-4CAC-AF64-61DD09BF2CD2}
[2012/07/22 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 21:14:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7307A879-08AD-481F-BD54-31487A7D2958}
[2012/07/22 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6A82F54A-78D6-4145-9860-CD16A6DFF518}
[2012/07/22 20:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/22 09:04:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{226BCE35-6404-46E6-B0FF-8412F9DA1E87}
[2012/07/22 09:03:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{60A4DC6A-DF94-465D-A1CD-165EC1E89E12}
[2012/07/21 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0243A1F6-B560-44A4-87C8-8388DE515827}
[2012/07/21 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C60584D4-660A-429E-9A40-750DBE3BF917}
[2012/07/21 09:02:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A241F2A9-2999-45A3-9F1E-B0A324F5A88B}
[2012/07/21 09:02:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F9036134-6DE7-4E56-8A4E-0F8269D28B15}
[2012/07/20 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5B3B2B83-4F30-4B03-8238-C961C9E78C6C}
[2012/07/20 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{430405C2-4303-473A-927A-ADB991CB39F4}
[2012/07/20 09:01:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9243818A-712B-418A-87C2-CFD8B7A8730A}
[2012/07/19 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D7D57A2F-C5FD-429A-91C7-A26F0185F561}
[2012/07/19 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{635948E0-EAC2-4533-9F70-1C8D1C822F11}
[2012/07/19 09:00:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4D77E052-AA57-4795-AA19-968457467F25}
[2012/07/19 09:00:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{563F11CA-62AA-4F4A-A7D9-B04A51567712}
[2012/07/19 04:11:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Ninja
[2012/07/18 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{200C6192-9E96-4E3E-87F7-9E67B94C0698}
[2012/07/18 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{06CF9174-6BF3-42BF-9202-D17DD68B6FF1}
[2012/07/18 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{092C7F41-008C-4D18-AAD1-C6C2459FDB37}
[2012/07/18 08:56:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E3D10A4E-6E46-4FC6-BED7-6FBBC2E5B13F}
[2012/07/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FBC9BCE4-C52A-4ECB-A9FB-B7C1C51B3C23}
[2012/07/15 10:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A1883C0F-DFC7-4479-A836-B727DABCD0C8}
[2012/07/15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3BB5A715-D45B-4188-9DCC-D9D5213AA49F}
[2012/07/14 21:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8EEA8F6F-1920-4151-9CFF-D8EAAA525701}
[2012/07/14 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{DF45BBF9-29CE-472A-9F7A-0C8484B3B90E}
[2012/07/14 09:23:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3F681998-28D1-47C2-9CE7-4405C0319058}
[2012/07/14 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B9FCAFCE-32BA-47CD-B063-7FD8CBE7C321}
[2012/07/14 08:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker
[2012/07/14 08:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CarbonPoker
[2012/07/13 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{403697A5-B66A-47D7-9246-20C92D547608}
[2012/07/13 09:22:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6B29A68C-3C05-434F-9E1B-7B36346CEAF6}
[2012/07/13 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2CE63933-701F-47D5-AEBF-0279A6C11BDE}
[2012/07/12 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F86CE334-2C8D-4F0C-B346-FF6BACAF2021}
[2012/07/12 17:31:10 | 000,000,000 | ---D | C] -- C:\Windows\USB Vibration
[2012/07/12 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Vibration
[2012/07/12 08:04:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0ED5A85A-6309-4691-A078-D6D2776E361B}
[2012/07/12 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FC734E74-2F80-46C3-9AFC-9B67D16D98B9}
[2012/07/12 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:00:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:00:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:00:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:00:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:00:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:00:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:00:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 19:43:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A177694A-9FF9-4807-9872-D1D4404752C9}
[2012/07/11 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5ABBC15D-AD4C-4C81-898F-F2001CC09B30}
[2012/07/11 08:08:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 08:08:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 08:08:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 08:08:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 08:08:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C47CFB20-C1B3-4374-AD57-2D1E8AFF4E6B}
[2012/07/11 07:42:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{295BFD60-2F8C-4820-BA87-403B50ECECB1}
[2012/07/10 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{426DBD74-9F53-49E4-8E21-AE2ACA15EA83}
[2012/07/10 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0FFEFE6F-A84E-4950-AECA-52F9F4F1CE93}
[2012/07/10 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EBE7B02B-99CD-4007-81B1-36F56FC4A94D}
[2012/07/10 07:41:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{09484B44-481B-42EF-B3D8-EC26FC6AFEC8}
[2012/07/09 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{33917769-163D-424B-B117-18530CE93218}
[2012/07/09 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2E428961-0277-4C0E-9816-A7F7AE7E513A}
[2012/07/09 07:41:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BB2BC6F3-9C30-4978-A341-2F0BC4297E7A}
[2012/07/09 07:40:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4E1697EF-6C8D-4AA9-8059-DD35E8CE7901}
[2012/07/08 09:20:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{575F415F-F5E5-4E76-BC2B-D7DD4CFFF62F}
[2012/07/08 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{21900ACF-2B01-4E24-B14B-F01C7F4372DD}
[2012/07/07 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{662B7306-5701-4271-8162-6180C2ADFB71}
[2012/07/07 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CAC3E826-8288-4559-88E9-00F0D12E22C7}
[2012/07/07 01:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B2436BE9-8869-470C-B3A2-328FC4FE279B}
[2012/07/07 01:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1606E39D-9839-4714-92A9-58ABF24841C0}
[2012/07/06 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{95DBA96D-AC7B-4216-8EF0-2BEF1D932183}
[2012/07/06 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9640C4E3-084C-4434-B115-2D607D963A37}
[2012/07/06 21:53:11 | 000,000,000 | ---D | C] -- C:\found.000
[2012/07/06 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7F8690A5-A057-4764-B3C8-658DA3A719BD}
[2012/07/06 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1DEA08B1-5EFE-4280-AA63-2C680B710AB8}
[2012/07/06 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2109ABA4-EA86-4E15-B797-6315BDCACC44}
[2012/07/06 09:25:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{AAEA7BA3-393E-4496-A459-81C092B80D41}
[2012/07/05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EE63548B-1C03-47D5-A629-6EB77A88CD5F}
[2012/07/05 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C7652549-0BE6-4BC8-9A8D-C84EB1679E5C}
[2012/07/05 09:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8681F506-7D54-4044-A285-3552ACF7A6DA}
[2012/07/05 09:24:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{37F4A250-8348-453D-ADD5-DB6D76EDDF5C}
[2012/07/04 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D1CBFA72-5587-4228-83CC-D4DF62F27215}
[2012/07/04 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{664E9768-E8C8-4F46-B95A-7D7F072FB970}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/08/03 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 12:19:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 10:27:25 | 000,000,983 | ---- | M] () -- C:\Users\Jim\Desktop\magicJack.lnk
[2012/08/03 09:08:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 09:08:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/03 09:06:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 09:06:35 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 08:59:24 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/08/03 08:59:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 08:59:08 | 1044,996,094 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 13:35:54 | 000,001,084 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Cake Poker 2.0.lnk
[2012/08/02 12:50:19 | 000,782,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 12:50:19 | 000,662,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 12:50:19 | 000,122,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 11:26:24 | 002,168,832 | ---- | M] () -- C:\Users\Jim\Desktop\SwiMP3Betax4.fw
[2012/08/02 11:20:47 | 022,328,153 | ---- | M] () -- C:\Users\Jim\Desktop\ProductTool_V5.39.zip
[2012/08/02 07:24:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/02 07:24:11 | 000,796,532 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 06:58:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/02 06:38:15 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\ComboFix.exe
[2012/07/20 22:07:58 | 001,665,160 | ---- | M] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf
[2012/07/12 03:23:44 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 03:23:38 | 000,309,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/07 11:11:16 | 014,091,259 | ---- | M] () -- C:\Users\Jim\Desktop\4hbody.pdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/08/02 11:26:23 | 002,168,832 | ---- | C] () -- C:\Users\Jim\Desktop\SwiMP3Betax4.fw
[2012/08/02 11:17:14 | 022,328,153 | ---- | C] () -- C:\Users\Jim\Desktop\ProductTool_V5.39.zip
[2012/08/02 07:24:13 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/02 06:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/02 06:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/02 06:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/02 06:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/02 06:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/20 22:07:58 | 001,665,160 | ---- | C] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf
[2012/07/07 11:11:09 | 014,091,259 | ---- | C] () -- C:\Users\Jim\Desktop\4hbody.pdf
[2012/07/07 01:37:01 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2012/02/26 11:45:53 | 000,000,600 | ---- | C] () -- C:\Users\Jim\AppData\Local\PUTTY.RND
[2012/01/21 09:43:46 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/01/13 10:41:54 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/12/13 09:32:25 | 000,000,017 | ---- | C] () -- C:\Users\Jim\.javafx_ping_sent
[2011/12/13 09:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Jim\.javafx_eula_accepted
[2011/08/29 07:39:56 | 000,001,519 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2011/07/07 13:28:13 | 000,029,699 | ---- | C] () -- C:\Windows\SysWow64\bdwutsu.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 08:42:28 | 000,000,816 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/28 07:10:08 | 000,796,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/02 21:54:58 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/23 15:35:47 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cdTextCtl.dll
[2010/12/03 22:38:23 | 000,007,605 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/10/22 16:26:03 | 000,000,117 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences2.dat
[2010/10/22 16:23:34 | 000,000,046 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences.dat
[2010/10/21 08:37:26 | 000,000,632 | RHS- | C] () -- C:\Users\Jim\ntuser.pol
[2010/08/23 12:20:10 | 000,000,045 | ---- | C] () -- C:\Users\Jim\AppData\Local\machpro.dat
[2010/07/26 19:04:06 | 3590,291,456 | ---- | C] () -- C:\Users\Jim\ap.camrec
[2010/06/11 07:29:46 | 000,009,216 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 23:48:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/02/19 09:59:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FrostWire
[2011/05/26 08:12:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HEM Data
[2011/11/11 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HighPulse
[2012/08/02 13:08:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HoldemManager
[2010/10/28 18:40:40 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Lexmark Productivity Studio
[2012/07/31 23:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MediaMonkey
[2010/08/09 10:51:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mikogo
[2012/08/03 10:27:35 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mjusbsp
[2010/04/22 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenOffice.org
[2010/08/09 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Pamela
[2010/08/24 07:02:29 | 000,000,000 | RHSD | M] -- C:\Users\Jim\AppData\Roaming\patch
[2012/04/01 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\postgresql
[2011/11/24 20:35:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ReaSoft
[2011/04/28 06:38:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Registry Mechanic
[2012/05/22 17:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2011/07/21 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TomTom
[2012/05/06 08:38:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2010/10/23 08:17:34 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2012/01/13 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wondershare
[2012/01/12 18:14:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/03/13 07:31:15 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Lock Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Re: [Trojan] can't connect to PostgreSQL

Thu, 02 Aug 2012 19:06:36 EDT

LoPhatPhuud posted : Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.

Re: [Trojan] can't connect to PostgreSQL

Thu, 02 Aug 2012 16:15:08 EDT

ez2cy posted : All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000032.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000064.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000000.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000004.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\000000cb.@ not found.
C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\L\00000004.@ moved successfully.
C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\@ moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 2034685 bytes
->Temporary Internet Files folder emptied: 267047369 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3648 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wilson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23960 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 257.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.Jim-PC

User: postgres.Jim-PC.000

User: postgres.Jim-PC.001

User: postgres.Jim-PC.002

User: postgres.Jim-PC.003

User: Public

User: Wilson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_160838

Files\Folders moved on Reboot...
C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF1CD1B101BEE6EDEF.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF7758918FC9B3CE2F.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFC419BE376699A5F5.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFD87372E73CDC2C33.TMP not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\843262[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\adloader[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\ads[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\Banner[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\c[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\default[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[4].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[2].htm moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\ADSAdClient31[1].htm not found!
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\Banner[1].htm not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\si[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\ads[3].htm moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\default[1].htm not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\EditMessageLight[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\flextag[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\LocalStorage[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\xmlProxy[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\Messenger[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\resourcespreload[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\RteFrame_16.2.6148.0723[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\watch[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Jim\AppData\Local\Temp\~DF1CD1B101BEE6EDEF.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DF7758918FC9B3CE2F.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFC419BE376699A5F5.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFD87372E73CDC2C33.TMP not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\843262[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\adloader[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\ads[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\Banner[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\c[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\default[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[4].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\ADSAdClient31[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\Banner[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\si[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\ads[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\default[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\EditMessageLight[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\flextag[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\LocalStorage[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\xmlProxy[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\AjaxHistoryFrame[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\Messenger[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\resourcespreload[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\RteFrame_16.2.6148.0723[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\watch[1].htm not found!

Registry entries deleted on Reboot...

Re: [Trojan] can't connect to PostgreSQL

Thu, 02 Aug 2012 10:29:13 EDT

LoPhatPhuud posted : Run OTL

Custom Scans/Fixes

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012/07/24 11:21:20 | 000,232,960 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@
[2012/07/24 11:20:54 | 000,092,160 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000032.@
[2012/07/24 11:20:54 | 000,080,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000064.@
[2012/07/24 11:20:49 | 000,016,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000000.@
[2012/07/24 11:20:48 | 000,002,048 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000004.@
[2012/07/24 11:20:47 | 000,001,632 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\000000cb.@
[2012/07/22 20:08:54 | 000,000,804 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\L\00000004.@
[2012/01/11 09:24:16 | 000,002,048 | -HS- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\@

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Run Fix

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Re: [Trojan] can't connect to PostgreSQL

Thu, 02 Aug 2012 07:21:06 EDT

ez2cy posted : Not sure if you needed that log, so here it is anyway.
ComboFix 12-07-31.03 - Jim 08/02/2012 6:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12251.10044 [GMT -4:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\filesubmit
c:\program files (x86)\filesubmit\redglasstbm\internal-flame-ws.zip
c:\program files (x86)\filesubmit\redglasstbm\redglasstbm.zip
c:\program files (x86)\RadioPI_4eEI
c:\programdata\SPL8388.tmp
c:\programdata\SPLB690.tmp
c:\users\Jim\AppData\Local\assembly\tmp
c:\users\Jim\AppData\Roaming\Roaming
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\bistats.db
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\dc.db
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\main.db
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\queue.db
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\registered_packages.db
c:\users\Jim\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\uno_packages.db
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 10:57 . 2012-08-02 10:57 -------- d-----w- c:\users\Wilson\AppData\Local\temp
2012-08-02 10:57 . 2012-08-02 10:57 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-08-01 17:12 . 2012-08-01 17:12 -------- d-----w- c:\program files (x86)\Holdem Manager 2
2012-08-01 17:09 . 2012-08-01 17:12 -------- d-----w- C:\postgreSQL
2012-08-01 17:07 . 2012-08-01 17:15 -------- d-----w- c:\program files (x86)\PSQLINSTALL
2012-08-01 13:24 . 2012-08-01 13:24 -------- d-----w- c:\program files (x86)\ESET
2012-07-29 14:56 . 2012-07-29 14:56 -------- d-----w- c:\users\Jim\AppData\Local\MediaMonkey
2012-07-29 14:56 . 2012-08-01 03:36 -------- d-----w- c:\users\Jim\AppData\Roaming\MediaMonkey
2012-07-29 14:56 . 2012-07-30 12:46 -------- d-----w- c:\program files (x86)\MediaMonkey
2012-07-27 17:12 . 2012-08-01 03:36 -------- d-----w- c:\program files (x86)\PDFCreator
2012-07-27 17:10 . 2012-07-27 17:10 -------- d-----w- c:\users\Jim\AppData\Local\Wajam
2012-07-23 01:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 00:20 . 2012-07-23 01:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 12:27 . 2012-07-16 01:15 -------- d-----w- c:\program files (x86)\CarbonPoker
2012-07-12 21:31 . 2012-07-12 21:31 -------- d-----w- c:\windows\USB Vibration
2012-07-12 21:20 . 2002-08-05 14:46 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2012-07-12 21:20 . 2002-08-02 07:10 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2012-07-12 21:20 . 2002-08-02 06:20 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2012-07-12 21:20 . 2002-08-02 06:20 151552 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2012-07-12 21:20 . 2012-07-12 21:20 270468 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2012-07-12 21:20 . 2012-07-12 21:20 159876 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2012-07-12 21:20 . 2002-08-02 06:20 634880 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2012-07-12 21:20 . 2012-07-12 21:20 -------- d-----w- c:\program files (x86)\USB Vibration
2012-07-12 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-08 01:29 . 2012-08-01 04:09 -------- d-----w- c:\users\postgres.Jim-PC
2012-07-07 01:53 . 2012-07-07 01:53 -------- d-----w- C:\found.000
2012-07-03 12:09 . 2012-07-03 12:09 -------- d-----w- c:\windows\system32\20-20 Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-01 04:08 . 2012-04-08 18:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 04:08 . 2011-05-18 11:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:01 . 2010-04-15 17:00 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-26 11:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 11:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 11:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 11:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 11:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 11:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 11:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 11:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-26 11:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-28 13:25 . 2009-05-22 00:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-28 13:25 . 2009-05-21 22:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-04 11:06 . 2012-06-13 18:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"cdloader"="c:\users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-28 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\Jim\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jim\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 250056]
R3 B-Service;B-Service;c:\users\Jim\AppData\Roaming\Mikogo\B-Service.exe [2010-08-09 185640]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BFD1.tmp [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-03 31744]
R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-07-17 660992]
R3 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [2012-04-24 54728]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:08]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:24]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: dslreports.com\www
Trusted Zone: live.com\by150w.bay150.mail
Trusted Zone: live.com\sn121w.snt121.mail
Trusted Zone: magicjack.com\my
Trusted Zone: pcfinancial.ca\www.txn.banking
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BFD1.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,9e,93,e7,ea,8a,a3,41,a3,1d,1f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,9e,93,e7,ea,8a,a3,41,a3,1d,1f,\
.
[HKEY_USERS\S-1-5-21-2722424517-3102325658-2864194375-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2722424517-3102325658-2864194375-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2722424517-3102325658-2864194375-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A715AEA4-7919-0F39-3BF9-2DFA3FD34FC6}*]
"hakoojpnoilhlpia"=hex:6b,61,69,6b,6e,65,6d,63,69,6b,6d,6a,6f,6a,70,70,65,67,
65,62,69,6d,00,00
"iamnmliggegefkohni"=hex:6b,61,69,6b,6e,65,6d,63,69,6b,6d,6a,6f,6a,70,70,65,67,
65,62,69,6d,00,62
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\postgresql\bin\pg_ctl.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\postgresql\bin\postgres.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\users\Jim\AppData\Roaming\mjusbsp\magicJack.exe
.
**************************************************************************
.
Completion time: 2012-08-02 07:05:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 11:05
.
Pre-Run: 373,042,073,600 bytes free
Post-Run: 374,761,521,152 bytes free
.
- - End Of File - - 0B6DDCEE53164D24094A3BDA5011A6DC

Re: [Trojan] can't connect to PostgreSQL

Wed, 01 Aug 2012 12:23:06 EDT

LoPhatPhuud posted : Download ComboFix from one of these locations:

 http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://www.infospyware.net/antimalware/combofix/

* IMPORTANT !!! Save ComboFix.exe to your Desktop

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

[att=1]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[att=2]

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it at least 20-30 minutes to finish if needed.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

Re: [Trojan] can't connect to PostgreSQL

Wed, 01 Aug 2012 11:36:06 EDT

ez2cy posted : online scan was nothing but I have no idea where the log for it is?

Re: [Trojan] can't connect to PostgreSQL

Wed, 01 Aug 2012 11:33:21 EDT

ez2cy posted : Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 [color=red](UAC is disabled!)[/color]
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 18
Java(TM) 6 Update 22
Java(TM) 6 Update 31
[color=red]Java version out of Date![/color]
Adobe Flash Player 10 [color=red]Flash Player out of Date![/color]
Adobe Reader X (10.1.3)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
[u]````````````````````End of Log``````````````````````[/u]

Re: [Trojan] can't connect to PostgreSQL

Wed, 01 Aug 2012 11:29:28 EDT

ez2cy posted : OTL logfile created on: 8/1/2012 12:30:06 AM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.96 Gb Total Physical Memory | 10.00 Gb Available Physical Memory | 83.56% Memory free
23.93 Gb Paging File | 21.82 Gb Available in Paging File | 91.20% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 589.90 Gb Total Space | 349.26 Gb Free Space | 59.21% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/08/01 00:24:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Downloads\OTL.exe
PRC - [2012/05/28 09:25:50 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 13:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\Jim\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2012/02/01 13:34:52 | 000,103,840 | ---- | M] (magicJack L.P.) -- C:\Users\Jim\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/11/20 07:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/06 01:51:20 | 000,065,536 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/14 03:34:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:34:10 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 03:36:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:35:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:35:28 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:35:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:35:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:35:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/03 20:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 20:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2012/04/24 17:32:38 | 000,584,224 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 03:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/01 00:08:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/01 02:11:42 | 000,081,920 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/23 04:26:00 | 000,090,042 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.2\bin\pg_ctl.exe -- (pgsql-8.2)
SRV - [2010/08/09 10:51:29 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Jim\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 10:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 08:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/06 01:51:20 | 000,065,536 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/04/24 17:13:24 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 03:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 02:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 23:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/20 07:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 07:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/29 04:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 14:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/17 11:09:04 | 000,660,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/02 12:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = »ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F DB 5B 28 0C C2 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = »www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = »www.google.com/ie
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = »search.babylon.com/?q={searchTer···00000000
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = »websearch.ask.com/redirect?clien···82F6570F
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.ca/search?q={searchTe···7ADFA_en
IE - HKCU\..\SearchScopes\{7804A294-9921-4f7e-B060-B6F30D839788}: "URL" = »www.bing.com/search?q={searchTer···&pc=SPLH
IE - HKCU\..\SearchScopes\{956D5CE9-9400-4815-91BD-DC8B54E647C1}: "URL" = »www.google.com/cse?cx=partner-pu···67623346
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = »dts.search-results.com/sr?src=ie···chTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T2786678
IE - HKCU\..\SearchScopes\{E55CC0E7-8AE6-4d07-A2C7-994ABF8CBE5F}: "URL" = »search.yahoo.com/search?p={searc···pe=STDVM
IE - HKCU\..\SearchScopes\Bing: "URL" = »www.bing.com/search?q={searchTer···M=IE0001
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/01 00:02:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/17 07:20:35 | 000,000,000 | ---D | M]

[2011/07/21 16:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2011/07/21 16:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011/01/18 12:26:44 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchw7th1.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - homepage:
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Skype Click to Call = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 09:04:40 | 000,395,284 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13647 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\Jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dslreports.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([by150w.bay150.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([sn121w.snt121.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] * in Trusted sites)
O15 - HKCU\..Trusted Domains: pcfinancial.ca ([www.txn.banking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] * in Trusted sites)
O16:64bit: - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} »kitchenplanner.ikea.com/CA/Core/···in32.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} »download.microsoft.com/download/···trol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} »kitchenplanner.ikea.com/CA/Core/···in32.cab (20-20 3D Viewer)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} »picasaweb.google.com/s/v/69.22/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553578200} »fpdownload2.macromedia.com/pub/s···lash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22DF5E75-C174-407A-9D14-DAA9C35D034C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE5FD909-A254-43B1-9046-3CE5FD41E7E8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une soci�t� en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87a86e9f-9cbe-11e0-a385-6cf0497617e0}\Shell - "" = AutoRun
O33 - MountPoints2\{87a86e9f-9cbe-11e0-a385-6cf0497617e0}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/08/01 00:07:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D4D29F83-85BA-49C2-9F35-FCF5B9D494D8}
[2012/08/01 00:07:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6374CA12-35FD-421A-96DA-C090D06D59DB}
[2012/07/31 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FD67E829-3035-4D82-890A-F95135DF11FB}
[2012/07/31 23:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9688BF34-DDD0-4F40-84C5-47B327AF1DDE}
[2012/07/31 20:20:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{00B0A6CE-9E57-4818-A465-17C7D6297069}
[2012/07/31 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E887ED5B-A2C8-4499-A684-E292266F0076}
[2012/07/31 08:20:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1E621616-9C19-48B1-AA96-4E37816E885A}
[2012/07/31 08:20:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{346BDB66-6150-4E4A-AB70-E21EABCCCABD}
[2012/07/30 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{ED7685D8-40FB-4854-BD46-26BA2A0881BC}
[2012/07/30 20:19:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{550A3830-9BF2-449C-B767-F10CA0A027CF}
[2012/07/30 08:19:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C822285F-C6A5-4B9B-A868-DE8C8DC29054}
[2012/07/30 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BD5BBF67-DA0A-4D5D-95F7-1777D46342E7}
[2012/07/29 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2C123807-E012-4453-99DB-4160611C2CC8}
[2012/07/29 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{58EB5E5E-9F2C-488F-9557-AC8879E88170}
[2012/07/29 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\MediaMonkey
[2012/07/29 10:56:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\MediaMonkey
[2012/07/29 10:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/07/29 08:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6AC52F93-1ED8-4A1E-9656-6F82CD6B7E24}
[2012/07/29 08:17:06 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F99B0979-A4B5-482D-8496-633B6454D9A4}
[2012/07/28 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7FE9BE11-EA94-433E-8A60-DBF3B80024D4}
[2012/07/28 20:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{97C122C8-40A3-41DA-99B6-215E95628C79}
[2012/07/28 08:16:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D70F9A5B-8487-474E-8C61-C8E08155627C}
[2012/07/28 08:16:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{62B5F3E6-08B1-464A-924F-DEA00F303C78}
[2012/07/27 20:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{15F4DE0D-C288-4F2B-B086-55BA69D47A1B}
[2012/07/27 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{30410B99-EE52-41F4-8B75-887FFF268370}
[2012/07/27 13:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/07/27 13:10:29 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Wajam
[2012/07/27 08:15:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{262F578A-D19B-47DA-A9FC-D165352CDFD8}
[2012/07/27 08:12:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{59E785C2-1819-476D-84D3-8664737005D4}
[2012/07/26 19:40:05 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9D42776E-11A6-4774-AB40-60F6651B5EF6}
[2012/07/26 19:39:53 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{908BD6AD-2444-446B-93E2-A3FC99F8A7F1}
[2012/07/26 07:39:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B7261E7D-C3B2-451D-ADEF-A66F0FAA21A4}
[2012/07/26 07:37:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{49B192C2-62A3-4CC4-A5B8-0EF450AB2046}
[2012/07/25 11:24:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CCE7B9E9-B97A-474D-A590-0E9F644696C5}
[2012/07/25 11:23:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{60C2045A-9921-4A4F-880F-85BB389C273E}
[2012/07/24 23:23:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B5EC7D8B-2867-4FBE-840D-0732F59A18A0}
[2012/07/24 23:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F4B40AAF-8040-4206-8024-E09BEA27C8DA}
[2012/07/24 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{13C9E3C4-9319-4FC9-A00B-B059233CABA5}
[2012/07/24 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0EDB77A7-BEA8-4EAA-9275-4655913F105F}
[2012/07/23 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{09D4D1E9-FB90-4CB4-B397-9469095CC665}
[2012/07/23 09:09:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9C96061B-34FF-41F3-B002-DBBD63E49253}
[2012/07/23 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BEA4F733-BE21-4CAC-AF64-61DD09BF2CD2}
[2012/07/22 21:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 21:14:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7307A879-08AD-481F-BD54-31487A7D2958}
[2012/07/22 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6A82F54A-78D6-4145-9860-CD16A6DFF518}
[2012/07/22 20:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/22 09:04:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{226BCE35-6404-46E6-B0FF-8412F9DA1E87}
[2012/07/22 09:03:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{60A4DC6A-DF94-465D-A1CD-165EC1E89E12}
[2012/07/21 21:03:24 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0243A1F6-B560-44A4-87C8-8388DE515827}
[2012/07/21 21:03:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C60584D4-660A-429E-9A40-750DBE3BF917}
[2012/07/21 09:02:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A241F2A9-2999-45A3-9F1E-B0A324F5A88B}
[2012/07/21 09:02:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F9036134-6DE7-4E56-8A4E-0F8269D28B15}
[2012/07/20 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5B3B2B83-4F30-4B03-8238-C961C9E78C6C}
[2012/07/20 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{430405C2-4303-473A-927A-ADB991CB39F4}
[2012/07/20 09:01:40 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9243818A-712B-418A-87C2-CFD8B7A8730A}
[2012/07/19 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D7D57A2F-C5FD-429A-91C7-A26F0185F561}
[2012/07/19 21:01:02 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{635948E0-EAC2-4533-9F70-1C8D1C822F11}
[2012/07/19 09:00:48 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4D77E052-AA57-4795-AA19-968457467F25}
[2012/07/19 09:00:36 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{563F11CA-62AA-4F4A-A7D9-B04A51567712}
[2012/07/19 04:11:33 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Ninja
[2012/07/18 21:00:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{200C6192-9E96-4E3E-87F7-9E67B94C0698}
[2012/07/18 21:00:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{06CF9174-6BF3-42BF-9202-D17DD68B6FF1}
[2012/07/18 08:59:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{092C7F41-008C-4D18-AAD1-C6C2459FDB37}
[2012/07/18 08:56:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{E3D10A4E-6E46-4FC6-BED7-6FBBC2E5B13F}
[2012/07/18 00:31:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FBC9BCE4-C52A-4ECB-A9FB-B7C1C51B3C23}
[2012/07/15 10:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A1883C0F-DFC7-4479-A836-B727DABCD0C8}
[2012/07/15 10:10:44 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3BB5A715-D45B-4188-9DCC-D9D5213AA49F}
[2012/07/14 21:24:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8EEA8F6F-1920-4151-9CFF-D8EAAA525701}
[2012/07/14 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{DF45BBF9-29CE-472A-9F7A-0C8484B3B90E}
[2012/07/14 09:23:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{3F681998-28D1-47C2-9CE7-4405C0319058}
[2012/07/14 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B9FCAFCE-32BA-47CD-B063-7FD8CBE7C321}
[2012/07/14 08:27:55 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker
[2012/07/14 08:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CarbonPoker
[2012/07/13 21:23:17 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{403697A5-B66A-47D7-9246-20C92D547608}
[2012/07/13 09:22:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6B29A68C-3C05-434F-9E1B-7B36346CEAF6}
[2012/07/13 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2CE63933-701F-47D5-AEBF-0279A6C11BDE}
[2012/07/12 20:05:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{F86CE334-2C8D-4F0C-B346-FF6BACAF2021}
[2012/07/12 17:31:10 | 000,000,000 | ---D | C] -- C:\Windows\USB Vibration
[2012/07/12 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Vibration
[2012/07/12 08:04:49 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0ED5A85A-6309-4691-A078-D6D2776E361B}
[2012/07/12 08:04:37 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{FC734E74-2F80-46C3-9AFC-9B67D16D98B9}
[2012/07/12 03:00:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:00:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:00:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:00:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:00:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:00:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:00:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:00:49 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:00:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:00:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:00:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 19:43:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A177694A-9FF9-4807-9872-D1D4404752C9}
[2012/07/11 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5ABBC15D-AD4C-4C81-898F-F2001CC09B30}
[2012/07/11 08:08:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 08:08:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 08:08:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 08:08:03 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 08:08:01 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C47CFB20-C1B3-4374-AD57-2D1E8AFF4E6B}
[2012/07/11 07:42:34 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{295BFD60-2F8C-4820-BA87-403B50ECECB1}
[2012/07/10 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{426DBD74-9F53-49E4-8E21-AE2ACA15EA83}
[2012/07/10 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{0FFEFE6F-A84E-4950-AECA-52F9F4F1CE93}
[2012/07/10 07:41:56 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EBE7B02B-99CD-4007-81B1-36F56FC4A94D}
[2012/07/10 07:41:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{09484B44-481B-42EF-B3D8-EC26FC6AFEC8}
[2012/07/09 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{33917769-163D-424B-B117-18530CE93218}
[2012/07/09 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2E428961-0277-4C0E-9816-A7F7AE7E513A}
[2012/07/09 07:41:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{BB2BC6F3-9C30-4978-A341-2F0BC4297E7A}
[2012/07/09 07:40:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{4E1697EF-6C8D-4AA9-8059-DD35E8CE7901}
[2012/07/08 12:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.2
[2012/07/08 09:20:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{575F415F-F5E5-4E76-BC2B-D7DD4CFFF62F}
[2012/07/08 09:17:58 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{21900ACF-2B01-4E24-B14B-F01C7F4372DD}
[2012/07/07 21:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
[2012/07/07 13:28:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{662B7306-5701-4271-8162-6180C2ADFB71}
[2012/07/07 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{CAC3E826-8288-4559-88E9-00F0D12E22C7}
[2012/07/07 01:27:41 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{B2436BE9-8869-470C-B3A2-328FC4FE279B}
[2012/07/07 01:27:28 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1606E39D-9839-4714-92A9-58ABF24841C0}
[2012/07/06 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{95DBA96D-AC7B-4216-8EF0-2BEF1D932183}
[2012/07/06 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9640C4E3-084C-4434-B115-2D607D963A37}
[2012/07/06 21:53:11 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/07/06 21:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{7F8690A5-A057-4764-B3C8-658DA3A719BD}
[2012/07/06 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{1DEA08B1-5EFE-4280-AA63-2C680B710AB8}
[2012/07/06 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{2109ABA4-EA86-4E15-B797-6315BDCACC44}
[2012/07/06 09:25:19 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{AAEA7BA3-393E-4496-A459-81C092B80D41}
[2012/07/05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{EE63548B-1C03-47D5-A629-6EB77A88CD5F}
[2012/07/05 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{C7652549-0BE6-4BC8-9A8D-C84EB1679E5C}
[2012/07/05 09:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8681F506-7D54-4044-A285-3552ACF7A6DA}
[2012/07/05 09:24:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{37F4A250-8348-453D-ADD5-DB6D76EDDF5C}
[2012/07/04 21:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D1CBFA72-5587-4228-83CC-D4DF62F27215}
[2012/07/04 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{664E9768-E8C8-4F46-B95A-7D7F072FB970}
[2012/07/04 09:23:03 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9C2D05E3-2880-4DC6-B3A7-0C3821D76DD3}
[2012/07/04 09:22:51 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{5D7C448A-429F-4BE0-9142-5A688980D685}
[2012/07/03 21:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{6EC012D7-E3D8-41A2-9205-76D6F1559C2A}
[2012/07/03 21:22:12 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{A2CB9EEA-53B7-430A-8045-D351EBD14522}
[2012/07/03 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{D3373DC5-62A2-4142-8E27-5418ED05EF7A}
[2012/07/03 08:09:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\20-20 Technologies
[2012/07/02 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{8B67C649-3DCE-4A18-8BA9-0731B196EEB7}
[2012/07/02 09:20:54 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\{9348CD1D-E1D9-451F-90DA-3A7880C9EC00}
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/08/01 01:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 00:36:45 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 00:36:45 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 00:27:14 | 000,000,983 | ---- | M] () -- C:\Users\Jim\Desktop\magicJack.lnk
[2012/08/01 00:26:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/08/01 00:26:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 00:25:56 | 1044,996,094 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 00:19:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 00:08:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/01 00:08:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/20 22:07:58 | 001,665,160 | ---- | M] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf
[2012/07/18 09:04:04 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 03:23:44 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 03:23:38 | 000,309,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/07 11:11:16 | 014,091,259 | ---- | M] () -- C:\Users\Jim\Desktop\4hbody.pdf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:28:19 | 000,782,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/03 12:28:19 | 000,662,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/03 12:28:19 | 000,122,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/24 11:21:20 | 000,232,960 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@
[2012/07/24 11:20:54 | 000,092,160 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000032.@
[2012/07/24 11:20:54 | 000,080,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000064.@
[2012/07/24 11:20:49 | 000,016,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000000.@
[2012/07/24 11:20:48 | 000,002,048 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000004.@
[2012/07/24 11:20:47 | 000,001,632 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\000000cb.@
[2012/07/22 20:08:54 | 000,000,804 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\L\00000004.@
[2012/07/20 22:07:58 | 001,665,160 | ---- | C] () -- C:\Users\Jim\Desktop\BFX_Power_Pro_OM_web.pdf
[2012/07/07 11:11:09 | 014,091,259 | ---- | C] () -- C:\Users\Jim\Desktop\4hbody.pdf
[2012/07/07 01:37:01 | 000,065,536 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2012/02/26 11:45:53 | 000,000,600 | ---- | C] () -- C:\Users\Jim\AppData\Local\PUTTY.RND
[2012/01/21 09:43:46 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/01/13 10:41:54 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2012/01/11 09:24:16 | 000,002,048 | -HS- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\@
[2011/12/13 09:32:25 | 000,000,017 | ---- | C] () -- C:\Users\Jim\.javafx_ping_sent
[2011/12/13 09:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Jim\.javafx_eula_accepted
[2011/08/29 07:39:56 | 000,001,519 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2011/07/07 13:28:13 | 000,029,699 | ---- | C] () -- C:\Windows\SysWow64\bdwutsu.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/11 08:42:28 | 000,000,816 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/28 07:10:08 | 000,796,532 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/02 21:54:58 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/23 15:35:47 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\cdTextCtl.dll
[2010/12/03 22:38:23 | 000,007,605 | ---- | C] () -- C:\Users\Jim\AppData\Local\Resmon.ResmonCfg
[2010/10/22 16:26:03 | 000,000,117 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences2.dat
[2010/10/22 16:23:34 | 000,000,046 | ---- | C] () -- C:\Users\Jim\jagex_runescape_preferences.dat
[2010/10/21 08:37:26 | 000,000,632 | RHS- | C] () -- C:\Users\Jim\ntuser.pol
[2010/08/23 12:20:10 | 000,000,045 | ---- | C] () -- C:\Users\Jim\AppData\Local\machpro.dat
[2010/07/26 19:04:06 | 3590,291,456 | ---- | C] () -- C:\Users\Jim\ap.camrec
[2010/06/11 07:29:46 | 000,009,216 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 23:48:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011/02/19 09:59:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FrostWire
[2011/05/26 08:12:07 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HEM Data
[2011/11/11 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HighPulse
[2012/08/01 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\HoldemManager
[2010/10/28 18:40:40 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Lexmark Productivity Studio
[2012/07/31 23:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\MediaMonkey
[2010/08/09 10:51:29 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mikogo
[2012/08/01 00:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\mjusbsp
[2010/04/22 10:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenOffice.org
[2010/08/09 14:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Pamela
[2010/08/24 07:02:29 | 000,000,000 | RHSD | M] -- C:\Users\Jim\AppData\Roaming\patch
[2012/04/01 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\postgresql
[2011/11/24 20:35:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ReaSoft
[2011/04/28 06:38:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Registry Mechanic
[2011/01/25 14:23:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Roaming
[2012/05/22 17:30:05 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
[2011/07/21 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TomTom
[2012/05/06 08:38:27 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2010/10/23 08:17:34 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
[2012/01/13 10:41:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wondershare
[2012/01/12 18:14:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/03/13 07:31:15 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Lock Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
@Alternate Data Stream - 167 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

[Trojan] can't connect to PostgreSQL

Wed, 01 Aug 2012 11:27:36 EDT

ez2cy posted : computer will not start (services) PostgreSQL. Ran malware found two trojans. Contacted one S/W company AcePoker, claimed anti programs show upgrades as trojans but it's not. ???

Wondering if something is stopping PostgreSQL from starting up.
Logs following:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: JIM-PC [administrator]

8/1/2012 1:19:10 AM
mbam-log-2012-08-01 (01-19-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 598213
Time elapsed: 1 hour(s), 38 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Ace Poker Solutions\Ace Poker Drills\APD Updater.exe (Backdoor.Agent.DC) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)