P_W

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About P_W

  • Rank
    Newbie
  1. Sorry for the delay! 1) Link to S1D40A3S11.sys file: http://www.virustotal.com/file-scan/report.html?id=c5862798537f6f3010c6ef0a4f75cb0964edccf300785038a5cfcc5daf3a5b68-1323458093 2) Contents of ComboFix.txt: ComboFix 11-11-29.04 - Paul 29/11/2011 15:21:01.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8174.5480 [GMT -5:00] Running from: c:\users\Paul\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 ))))))))))))))))))))))))))))))) . . 2011-11-29 20:29 . 2011-11-29 20:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79B25F82-365D-426D-883F-EE4F3CDEE363}\offreg.dll 2011-11-29 20:25 . 2011-11-29 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-29 20:25 . 2011-11-29 20:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-11-29 14:40 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79B25F82-365D-426D-883F-EE4F3CDEE363}\mpengine.dll 2011-11-29 05:10 . 2011-11-29 05:10 -------- d-----w- c:\users\Paul\AppData\Roaming\dBpoweramp 2011-11-29 04:26 . 2011-11-29 04:26 -------- d-----w- c:\program files (x86)\ESET 2011-11-28 15:31 . 2011-11-28 15:31 -------- d-----w- c:\users\Paul\AppData\Local\Apple Computer 2011-11-28 03:51 . 2011-11-28 03:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-28 01:14 . 2011-11-28 01:14 72280 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\users\Paul\AppData\Local\adaware 2011-11-27 18:22 . 2011-11-28 22:27 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner 2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\program files (x86)\adawaretb 2011-11-27 17:15 . 2011-11-27 17:15 -------- d-----w- c:\users\Paul\AppData\Local\IdealSoftware 2011-11-27 17:15 . 2011-11-27 17:15 -------- d-----w- C:\IDEALBDCOPY_TEMP 2011-11-26 03:25 . 2011-09-16 23:00 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll 2011-11-23 16:29 . 2011-11-23 16:29 -------- d-----w- C:\CERTIFICATE 2011-11-23 16:29 . 2011-11-23 16:29 -------- d-----w- C:\BDMV 2011-11-21 20:21 . 2011-11-21 20:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Mp3tag 2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\programdata\Elcomsoft Password Recovery 2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\program files (x86)\Elcomsoft 2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\program files (x86)\Elcomsoft Password Recovery 2011-11-21 19:59 . 2011-11-21 19:59 -------- d-----w- c:\users\Paul\AppData\Roaming\PWC 2011-11-21 19:57 . 2011-11-21 19:57 -------- d-----w- c:\program files (x86)\PasswordTools 2011-11-20 18:34 . 2011-11-27 18:18 -------- d-----w- c:\users\Paul\AVS menu 2011-11-19 19:25 . 2011-11-19 19:25 -------- d-----w- c:\program files\Popcorn Hour 2011-11-19 19:25 . 2009-07-27 03:34 744072 ----a-w- c:\windows\system32\drivers\ext2fsd.sys 2011-11-19 19:15 . 2011-11-19 19:15 -------- d-----w- c:\users\Paul\AppData\Roaming\SmartFTP 2011-11-19 19:13 . 2011-11-19 19:13 -------- d-----w- c:\program files\SmartFTP Client 2011-11-19 19:13 . 2011-11-19 19:13 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2011-11-19 18:36 . 2011-11-19 18:36 -------- d-----w- c:\users\Paul\AppData\Roaming\CoffeeCup Software 2011-11-19 18:36 . 2011-11-19 18:36 -------- d-----w- c:\programdata\CoffeeCup Software 2011-11-15 04:55 . 2011-11-15 18:24 -------- d-----w- c:\users\Paul\AVS error messages 2011-11-15 03:10 . 2011-11-17 19:22 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss 2011-11-14 23:29 . 2011-11-26 03:31 -------- d-----w- c:\users\Paul\AppData\Roaming\AVS4YOU 2011-11-14 23:29 . 2011-11-14 23:29 -------- d-----w- c:\programdata\AVS4YOU 2011-11-14 23:29 . 2011-11-26 03:25 -------- d-----w- c:\program files (x86)\AVS4YOU 2011-11-14 23:28 . 2011-11-26 03:25 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia 2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\IsolatedStorage 2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\ACT 2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\CheckPoint 2011-11-12 16:09 . 2011-11-29 03:13 -------- d-----w- c:\windows\Internet Logs 2011-11-12 16:01 . 2011-11-12 16:09 -------- d-----w- c:\program files (x86)\CheckPoint 2011-11-10 05:12 . 2011-11-10 05:12 -------- d-----w- c:\program files (x86)\Sony 2011-11-10 04:30 . 2008-12-08 17:53 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-11-10 04:30 . 2008-06-09 03:58 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll 2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\ffdshow 2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\Haali 2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\AviSynth 2.5 2011-11-10 04:13 . 2011-11-18 03:00 -------- d-----w- c:\users\Paul\AppData\Local\Akamai 2011-11-09 19:30 . 2011-11-09 19:31 -------- d-----w- c:\programdata\Protexis 2011-11-09 19:30 . 2011-11-09 23:25 -------- d-----w- c:\users\Paul\AppData\Roaming\Ulead Systems 2011-11-09 19:27 . 2011-11-09 19:27 -------- d-----w- c:\programdata\eSellerate 2011-11-09 19:27 . 2011-11-09 19:27 -------- d-----w- c:\program files (x86)\SmartSound Software 2011-11-09 19:27 . 2011-11-09 19:28 -------- d-----w- c:\programdata\SmartSound Software Inc 2011-11-09 19:24 . 2011-11-09 19:24 -------- d-----w- c:\programdata\Ulead Systems 2011-11-09 19:22 . 2011-11-09 19:22 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems 2011-11-09 19:06 . 2011-11-29 20:27 -------- d-----w- c:\program files (x86)\Common Files\Akamai 2011-11-09 13:09 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 13:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 13:09 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 13:09 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 02:56 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-11-05 18:35 . 2011-11-05 18:37 -------- d-----w- C:\VueScan 2011-11-05 03:46 . 2011-11-10 05:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Sony Creative Software Inc 2011-11-04 21:04 . 2011-11-10 05:23 -------- d-----w- c:\programdata\Sony 2011-11-04 21:04 . 2011-11-04 21:04 -------- d-----w- c:\users\Paul\AppData\Roaming\Publish Providers 2011-11-04 20:58 . 2011-11-10 05:12 -------- d-----w- c:\users\Paul\AppData\Local\Sony 2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\windows\SysWow64\spool 2011-11-04 20:55 . 2011-11-10 05:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Sony 2011-10-31 21:12 . 2011-10-31 21:12 -------- d-----w- c:\program files (x86)\Pegasys Inc 2011-10-31 18:53 . 2011-10-31 18:53 -------- d-----w- c:\users\Paul\AppData\Roaming\Pegasys Inc 2011-10-31 18:43 . 2011-10-31 18:42 59240 ----a-w- c:\windows\SysWow64\GenSvcInst.exe 2011-10-31 18:43 . 2011-10-31 18:42 38944 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys 2011-10-31 18:43 . 2011-10-31 18:42 139264 ----a-w- c:\windows\SysWow64\bgsvcgen.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 22:27 . 2011-10-09 05:41 1890 --sha-w- c:\programdata\KGyGaAvL.sys 2011-11-10 17:07 . 2011-10-11 13:22 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe 2011-11-03 17:06 . 2011-10-07 00:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-10-31 22:36 . 2011-10-11 21:20 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-10-27 01:53 . 2011-10-27 01:53 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-17 17:30 . 2011-10-06 18:53 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-10-17 17:30 . 2011-10-06 18:53 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-10-11 21:18 . 2011-10-11 21:18 88 --sh--r- c:\programdata\31D40A3D11.sys 2011-10-11 13:47 . 2011-10-11 13:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-10-11 04:45 . 2011-10-11 04:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-10-11 04:45 . 2011-10-11 04:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-10-11 04:45 . 2011-10-11 04:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-10-11 04:45 . 2011-10-11 04:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-10-11 04:45 . 2011-10-11 04:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-10-11 04:45 . 2011-10-11 04:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-10-11 04:45 . 2011-10-11 04:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-10-11 04:45 . 2011-10-11 04:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-10-11 04:45 . 2011-10-11 04:45 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-10-11 04:45 . 2011-10-11 04:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-10-11 04:45 . 2011-10-11 04:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-10-11 04:45 . 2011-10-11 04:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-10-11 04:45 . 2011-10-11 04:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-10-11 04:45 . 2011-10-11 04:45 222208 ----a-w- c:\windows\system32\msls31.dll 2011-10-11 04:45 . 2011-10-11 04:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-10-11 04:45 . 2011-10-11 04:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-10-11 04:45 . 2011-10-11 04:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-10-11 04:45 . 2011-10-11 04:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-10-11 04:45 . 2011-10-11 04:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-10-11 04:45 . 2011-10-11 04:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-10-11 04:45 . 2011-10-11 04:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-10-11 04:45 . 2011-10-11 04:45 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-10-11 04:45 . 2011-10-11 04:45 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-10-11 04:45 . 2011-10-11 04:45 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-10-11 04:45 . 2011-10-11 04:45 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-10-11 04:45 . 2011-10-11 04:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-10-11 04:45 . 2011-10-11 04:45 448512 ----a-w- c:\windows\system32\html.iec 2011-10-11 04:45 . 2011-10-11 04:45 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-10-11 04:45 . 2011-10-11 04:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-10-11 04:45 . 2011-10-11 04:45 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-10-11 04:45 . 2011-10-11 04:45 160256 ----a-w- c:\windows\system32\wextract.exe 2011-10-11 04:45 . 2011-10-11 04:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-10-11 04:45 . 2011-10-11 04:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-10-11 04:45 . 2011-10-11 04:45 12288 ----a-w- c:\windows\system32\mshta.exe 2011-10-11 04:45 . 2011-10-11 04:45 114176 ----a-w- c:\windows\system32\admparse.dll 2011-10-11 04:45 . 2011-10-11 04:45 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-10-11 04:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-10-11 04:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-10-07 00:13 . 2011-10-07 00:13 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-10-06 18:47 . 2011-10-06 18:47 3 ----a-w- c:\windows\system32\PLD_Framework.cmd 2011-10-03 09:06 . 2011-10-17 20:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-18 12:39 . 2011-10-07 00:10 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-09-16 03:55 . 2011-10-07 00:10 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-09-16 03:55 . 2011-10-07 00:10 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-09-06 21:00 . 2011-09-06 21:00 393920 ----a-w- c:\windows\system32\drivers\V0700Vid.sys 2011-09-01 05:24 . 2011-10-12 07:01 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-12 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-12 07:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-12 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-07-02 495616] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "Akamai NetSession Interface"="c:\users\Paul\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-10-26 136600] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "V0700Mon.exe"="c:\windows\V0700Mon.exe" [2011-08-22 28672] "EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-06 70792] "EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-06 744072] "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-07-31 28672] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2008-07-31 393216] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] . c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-11-1 2362720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2008-07-31 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cpuz134;cpuz134;c:\program files (x86)\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x] S1 Ext2Fsd;Linux ext2 file system driver; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224] S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-08-06 60040] S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-06 235624] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-07 17152] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://gateway.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://gateway.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2687588113-3059001546-1709814781-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{059AF754-F0CE-742E-BBE4-619C145B8638}*] "hajcaealggjhjnko"=hex:6b,61,65,62,6a,6c,61,61,69,69,67,67,62,6e,6d,68,61,6c, 70,69,64,65,00,00 "ialdjijellnkblhbnl"=hex:67,61,67,66,6b,6c,69,65,68,65,62,63,6f,66,00,00 "ialbobncjlogkegfpk"=hex:6b,61,65,62,6a,6c,61,61,69,69,67,67,62,6e,6d,68,61,6c, 70,69,64,65,00,00 "kabdfgllfmgiekkoghceki"=hex:62,62,64,65,63,70,6b,6e,6b,66,63,6e,67,63,65,67, 64,67,69,64,6b,6a,6b,66,6f,69,6b,63,62,68,69,64,69,65,6b,64,00,77 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2011-11-29 15:37:20 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-29 20:37 . Pre-Run: 722,326,306,816 bytes free Post-Run: 722,186,240,000 bytes free . - - End Of File - - 14FE779F29554B14F7F384BECAEE4AB8 3) Nothing recently 4) Nothing found, neutralized or quarantined.
  2. Sorry about that. Here are the two files" OTL logfile created on: 12/2/2011 4:52:46 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.06% Memory free 15.96 Gb Paging File | 13.24 Gb Available in Paging File | 82.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 914.41 Gb Total Space | 670.94 Gb Free Space | 73.37% Space Free | Partition Type: NTFS Drive J: | 244.54 Mb Total Space | 201.89 Mb Free Space | 82.56% Space Free | Partition Type: FAT32 Drive L: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive N: | 465.76 Gb Total Space | 34.60 Gb Free Space | 7.43% Space Free | Partition Type: NTFS Computer Name: PSK | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\V0700Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.) PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Trillian\libspeex.dll () MOD - C:\Program Files (x86)\Trillian\libpng15.dll () MOD - C:\Program Files (x86)\Trillian\libungif.dll () MOD - C:\Program Files (x86)\Trillian\zlib1.dll () MOD - c:\Program Files (x86)\Trillian\languages\en\buddy.dll () MOD - c:\Program Files (x86)\Trillian\languages\en\talk.dll () MOD - c:\Program Files (x86)\Trillian\languages\en\trillian.dll () MOD - c:\Program Files (x86)\Trillian\languages\en\events.dll () MOD - c:\Program Files (x86)\Trillian\languages\en\toolkit.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Genghis\834a807f29591cc3d45c20920d26b703\Genghis.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\52f20a73e9771c0d53809d031f76c37e\Act.Shared.Utilities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\cd394f0675fed7f7a8b88cce465442c3\Act.Shared.Images.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\a5b242e8d40770dd61a9b961719ad45e\Act.Shared.Diagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll () MOD - C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll () MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll () MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll () MOD - C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll () MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe () MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll () [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV:[b]64bit:[/b] - (RichVideo64) -- C:\Program Files\Cyberlink\Shared files\RichVideo64.exe () SRV:[b]64bit:[/b] - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll () SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ACT! Scheduler) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (Sunbelt Software) DRV:[b]64bit:[/b] - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:[b]64bit:[/b] - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:[b]64bit:[/b] - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:[b]64bit:[/b] - (V0700Vid) -- C:\Windows\SysNative\drivers\V0700Vid.sys (Creative Technology Ltd.) DRV:[b]64bit:[/b] - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:[b]64bit:[/b] - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys () DRV:[b]64bit:[/b] - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:[b]64bit:[/b] - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV:[b]64bit:[/b] - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:[b]64bit:[/b] - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools) DRV:[b]64bit:[/b] - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys () DRV:[b]64bit:[/b] - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:[b]64bit:[/b] - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools) DRV:[b]64bit:[/b] - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools) DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:[b]64bit:[/b] - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:[b]64bit:[/b] - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PMEM) -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/11/12 11:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/12 11:09:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/11/29 20:46:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/01 14:43:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/06 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions [2011/11/27 13:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\extensions [2011/11/27 13:22:27 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2011/11/08 21:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/10/17 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011/10/25 07:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/11/12 11:09:40 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER () (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ZIIFZU1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Act! Preloader] C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.) O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [V0700Mon.exe] C:\Windows\V0700Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [cdloader] C:\Users\Paul\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.) O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta () O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EE973E5-E9AC-4AF4-9EE7-2ED4E3D9CD38}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/11/29 17:05:59 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/02/21 13:44:43 | 000,027,992 | R--- | M] (magicJack L.P.) - L:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010/02/21 13:44:43 | 000,016,158 | R--- | M] () - L:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010/02/21 13:44:43 | 000,000,308 | R--- | M] () - L:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2010/02/21 13:44:43 | 000,682,760 | R--- | M] (magicJack L.P.) - L:\autorunu.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/12/02 16:07:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\tjnet [2011/12/02 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Kaizen_Software_Solutions [2011/12/02 14:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asset Manager 2012 Enterprise [2011/12/02 14:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AssetManager [2011/12/02 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asset Manager 2012 Enterprise [2011/12/02 13:34:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\magicJack [2011/12/02 13:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack [2011/12/02 13:34:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\mjusbsp [2011/12/01 17:40:05 | 000,000,000 | ---D | C] -- C:\My Works [2011/12/01 15:13:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\ARADump [2011/12/01 14:45:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor [2011/12/01 14:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue [2011/12/01 14:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/12/01 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2011/12/01 14:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011/12/01 14:43:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/12/01 14:42:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple [2011/12/01 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011/12/01 14:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011/12/01 14:40:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10 [2011/12/01 14:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink [2011/12/01 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Video [2011/12/01 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\4Media [2011/11/30 22:07:15 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2011/11/30 21:56:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\LogMeIn Rescue Applet [2011/11/30 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes [2011/11/30 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/11/30 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/11/30 17:54:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/11/30 17:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/11/30 17:29:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer [2011/11/30 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer [2011/11/30 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3 [2011/11/30 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive [2011/11/30 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\foobar2000 [2011/11/30 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\New folder [2011/11/30 01:25:39 | 081,264,640 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Paul\Desktop\SpyHunter.exe [2011/11/29 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\SpyHunter [2011/11/29 20:46:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011/11/29 20:46:15 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011/11/29 20:46:15 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011/11/29 20:42:11 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2011/11/29 20:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011/11/29 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Product_FR [2011/11/29 18:13:58 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys [2011/11/29 18:13:58 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys [2011/11/29 18:13:57 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2011/11/29 18:13:57 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2011/11/29 18:13:55 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2011/11/29 18:13:52 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security [2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PC Tools [2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/11/29 18:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/11/29 17:05:43 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011/11/29 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/11/29 17:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011/11/29 15:40:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/11/29 15:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/11/29 15:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/11/29 15:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/11/29 15:19:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/11/29 15:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/29 00:10:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\dBpoweramp [2011/11/28 23:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/11/28 23:25:56 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe [2011/11/28 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple Computer [2011/11/27 22:51:34 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/27 20:14:24 | 000,072,280 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbapifs.sys [2011/11/27 13:22:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\adaware [2011/11/27 13:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2011/11/27 13:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2011/11/27 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2011/11/27 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\IdealSoftware [2011/11/27 12:15:25 | 000,000,000 | ---D | C] -- C:\IDEALBDCOPY_TEMP [2011/11/27 12:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideal Blu-ray Copy [2011/11/25 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\AVS4YOU [2011/11/25 22:25:14 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2011/11/25 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\My Downloads [2011/11/23 11:29:27 | 000,000,000 | ---D | C] -- C:\CERTIFICATE [2011/11/23 11:29:27 | 000,000,000 | ---D | C] -- C:\BDMV [2011/11/21 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mp3tag [2011/11/21 15:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2011/11/21 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PWC [2011/11/21 14:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PasswordTools [2011/11/21 14:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordTools [2011/11/20 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AVS menu [2011/11/19 14:25:30 | 000,744,072 | ---- | C] (www.ext2fsd.com) -- C:\Windows\SysNative\drivers\ext2fsd.sys [2011/11/19 14:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Popcorn Hour [2011/11/19 14:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd [2011/11/19 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\SmartFTP [2011/11/19 14:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client [2011/11/19 14:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client [2011/11/19 14:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files [2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software [2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\CoffeeCup Software [2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software [2011/11/14 23:55:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\AVS error messages [2011/11/14 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\dvdcss [2011/11/14 18:29:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AVS4YOU [2011/11/14 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2011/11/14 18:29:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011/11/14 18:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2011/11/14 18:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2011/11/14 18:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2011/11/14 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/11/12 11:09:58 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011/11/12 11:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2011/11/12 11:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2011/11/10 00:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2011/11/09 23:30:30 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll [2011/11/09 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2011/11/09 23:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2011/11/09 23:30:06 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2011/11/09 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Akamai [2011/11/09 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Corel VideoStudio Pro [2011/11/09 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2011/11/09 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ulead Systems [2011/11/09 14:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2011/11/09 14:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software [2011/11/09 14:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc [2011/11/09 14:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media [2011/11/09 14:26:34 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages [2011/11/09 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011/11/09 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo [2011/11/09 14:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4 [2011/11/09 14:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems [2011/11/09 14:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems [2011/11/09 14:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components [2011/11/09 14:21:39 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2011/11/09 14:21:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2011/11/09 14:21:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2011/11/09 14:21:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2011/11/09 14:21:38 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2011/11/09 14:21:38 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2011/11/09 14:21:38 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2011/11/09 14:21:38 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2011/11/09 14:21:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2011/11/09 14:21:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2011/11/09 14:21:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2011/11/09 14:21:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2011/11/09 14:21:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2011/11/09 14:21:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2011/11/09 14:21:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2011/11/09 14:21:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2011/11/09 14:21:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2011/11/09 14:21:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2011/11/09 14:21:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2011/11/09 14:21:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2011/11/09 14:21:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2011/11/09 14:21:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2011/11/09 14:21:36 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2011/11/09 14:21:36 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2011/11/09 14:21:36 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2011/11/09 14:21:36 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2011/11/09 14:21:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2011/11/09 14:21:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2011/11/09 14:21:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2011/11/09 14:21:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2011/11/09 14:21:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2011/11/09 14:21:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2011/11/09 14:21:35 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2011/11/09 14:21:35 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011/11/09 14:21:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2011/11/09 14:21:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2011/11/09 14:21:34 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2011/11/09 14:21:34 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2011/11/09 14:21:33 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2011/11/09 14:21:33 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2011/11/09 14:21:32 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011/11/09 14:21:32 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2011/11/09 14:21:32 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011/11/09 14:21:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2011/11/09 14:21:32 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2011/11/09 14:21:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2011/11/09 14:21:32 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2011/11/09 14:21:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2011/11/09 14:21:32 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2011/11/09 14:21:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2011/11/09 14:21:31 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2011/11/09 14:21:31 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2011/11/09 14:21:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2011/11/09 14:21:31 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2011/11/09 14:21:31 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2011/11/09 14:21:31 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2011/11/09 14:21:31 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2011/11/09 14:21:31 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2011/11/09 14:21:30 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2011/11/09 14:21:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2011/11/09 14:21:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011/11/09 14:21:27 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2011/11/09 14:21:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011/11/09 14:21:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2011/11/09 14:21:27 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2011/11/09 14:21:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2011/11/09 14:21:27 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2011/11/09 14:21:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2011/11/09 14:21:26 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2011/11/09 14:21:26 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2011/11/09 14:21:26 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2011/11/09 14:21:26 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2011/11/09 14:21:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2011/11/09 14:21:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2011/11/09 14:21:26 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2011/11/09 14:21:26 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2011/11/09 14:21:25 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2011/11/09 14:21:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2011/11/09 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011/11/06 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Vegas Movie Studio HD 11.0 Projects [2011/11/05 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011/11/05 13:35:34 | 000,000,000 | ---D | C] -- C:\VueScan [2011/11/04 22:46:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Sony Creative Software Inc [2011/11/04 16:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2011/11/04 16:04:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Publish Providers [2011/11/04 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Vegas Movie Studio HD Platinum 11.0 Projects [2011/11/04 15:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2011/11/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2011/11/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Sony [2011/11/04 15:55:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Sony [2011/11/04 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Peerblock [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/12/02 16:14:54 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/02 16:14:54 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/02 16:09:07 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011/12/02 16:06:18 | 004,923,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/02 16:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/02 16:05:57 | 2133,352,447 | -HS- | M] () -- C:\hiberfil.sys [2011/12/02 14:12:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011/12/02 14:12:35 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011/12/02 14:03:30 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Asset Manager 2012 Enterprise.lnk [2011/12/02 13:34:07 | 000,001,044 | ---- | M] () -- C:\Users\Paul\Desktop\magicJack.lnk [2011/12/02 10:02:17 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011/12/02 09:51:08 | 000,012,396 | ---- | M] () -- C:\Users\Paul\Desktop\PowerDVD10.lnk [2011/12/01 23:47:38 | 063,136,241 | ---- | M] () -- C:\Users\Paul\Desktop\PDR10_Tutorial_Book_ENU.zip [2011/12/01 14:45:01 | 000,002,050 | ---- | M] () -- C:\Users\Paul\Desktop\CyberLink WaveEditor.lnk [2011/12/01 14:40:49 | 000,001,399 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk [2011/11/30 17:54:50 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/30 17:27:50 | 000,005,032 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2011/11/30 13:33:26 | 000,791,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/11/30 13:33:26 | 000,674,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/11/30 13:33:26 | 000,127,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/11/30 13:32:38 | 000,001,264 | ---- | M] () -- C:\Users\Paul\Desktop\AVS4YOU Software Navigator.lnk [2011/11/30 13:31:23 | 000,001,314 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video Converter.lnk [2011/11/29 20:42:11 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011/11/29 19:04:04 | 000,839,371 | ---- | M] () -- C:\Users\Paul\AppData\Local\census.cache [2011/11/29 19:03:32 | 000,132,456 | ---- | M] () -- C:\Users\Paul\AppData\Local\ars.cache [2011/11/29 18:51:29 | 000,000,036 | ---- | M] () -- C:\Users\Paul\AppData\Local\housecall.guid.cache [2011/11/29 18:14:32 | 001,741,058 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/11/29 17:05:59 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2011/11/28 23:49:54 | 000,184,153 | ---- | M] () -- C:\Users\Paul\Desktop\rolling_stones_-_some_girls_cd.jpg [2011/11/28 23:25:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe [2011/11/28 20:44:25 | 000,017,999 | ---- | M] () -- C:\Users\Paul\Documents\Stones.nra [2011/11/27 23:36:53 | 000,566,189 | ---- | M] () -- C:\Users\Paul\Desktop\Dawn & John (Video Editor).vep [2011/11/27 23:17:58 | 001,072,848 | ---- | M] () -- C:\Users\Paul\Desktop\Complete.vep [2011/11/27 22:51:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/11/27 20:14:22 | 000,072,280 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbapifs.sys [2011/11/27 13:22:16 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011/11/27 12:15:19 | 000,001,038 | ---- | M] () -- C:\Users\Paul\Desktop\Ideal Blu-ray Copy.lnk [2011/11/25 22:25:32 | 000,001,278 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video Editor.lnk [2011/11/23 12:54:55 | 000,644,611 | ---- | M] () -- C:\Users\Paul\Desktop\For Dawn & John.vrp [2011/11/21 15:21:02 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011/11/21 15:05:32 | 000,000,068 | ---- | M] () -- C:\Windows\asapr.ini [2011/11/21 15:00:06 | 000,001,166 | ---- | M] () -- C:\Users\Paul\Documents\ActSql-PSK-PSK.pwct [2011/11/21 14:59:53 | 000,000,507 | ---- | M] () -- C:\Windows\pwc65u.INI [2011/11/21 14:10:54 | 000,000,684 | ---- | M] () -- C:\Users\Paul\Documents\Ellen Foley - Night Out (1979) - Spirit of St Louis (excerpts - 1981).cdt [2011/11/20 23:50:23 | 000,001,122 | ---- | M] () -- C:\Users\Paul\Documents\cc_20111120_235019.reg [2011/11/20 16:34:28 | 000,118,696 | ---- | M] () -- C:\Users\Paul\Desktop\arlo-guthrie5.jpg [2011/11/19 23:33:28 | 001,484,855 | ---- | M] () -- C:\Users\Paul\Desktop\Newest.vrp [2011/11/19 23:29:38 | 001,484,866 | ---- | M] () -- C:\Users\Paul\Desktop\Newest (2).vrp [2011/11/19 14:13:59 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk [2011/11/19 13:59:51 | 000,214,016 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\SharedSettings.ccs [2011/11/15 22:57:27 | 666,731,837 | ---- | M] () -- C:\Users\Paul\Desktop\Sage.ACT.Premium.v14.0.572.0.Incl.Keymaker-EMBRACE.rar [2011/11/15 17:36:55 | 000,001,080 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk [2011/11/15 17:36:55 | 000,001,056 | ---- | M] () -- C:\Users\Paul\Desktop\DVDFab 8 Qt.lnk [2011/11/14 18:29:06 | 000,001,290 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video ReMaker.lnk [2011/11/12 11:10:08 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011/11/10 12:07:28 | 000,013,077 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011/11/10 12:07:25 | 004,022,504 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/11/10 12:07:25 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp [2011/11/10 12:07:24 | 000,017,945 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/11/10 12:07:05 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp [2011/11/10 00:22:15 | 000,001,729 | ---- | M] () -- C:\Users\Paul\Desktop\dvdarchst50.exe.lnk [2011/11/10 00:14:45 | 000,001,936 | ---- | M] () -- C:\Users\Paul\Desktop\Vegas Movie Studio.lnk [2011/11/09 14:25:04 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk [2011/11/09 13:32:55 | 000,002,580 | ---- | M] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD.htm [2011/11/09 10:24:17 | 000,480,853 | ---- | M] () -- C:\Users\Paul\Desktop\DSC_0153.jpg [2011/11/08 21:56:44 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/11/05 21:31:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011/11/05 13:35:37 | 000,000,637 | ---- | M] () -- C:\Users\Paul\Desktop\VueScan.lnk [2011/11/05 13:23:09 | 001,611,668 | ---- | M] () -- C:\Users\Paul\Desktop\vuescan.pdf [2011/11/04 16:03:31 | 000,002,408 | ---- | M] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD Platinum.htm [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/12/02 14:03:30 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Asset Manager 2012 Enterprise.lnk [2011/12/02 13:34:07 | 000,001,044 | ---- | C] () -- C:\Users\Paul\Desktop\magicJack.lnk [2011/12/02 13:34:07 | 000,001,030 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk [2011/12/02 09:51:08 | 000,012,396 | ---- | C] () -- C:\Users\Paul\Desktop\PowerDVD10.lnk [2011/12/01 23:45:54 | 063,136,241 | ---- | C] () -- C:\Users\Paul\Desktop\PDR10_Tutorial_Book_ENU.zip [2011/12/01 14:45:01 | 000,002,050 | ---- | C] () -- C:\Users\Paul\Desktop\CyberLink WaveEditor.lnk [2011/12/01 14:42:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011/12/01 14:40:49 | 000,001,399 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk [2011/11/30 21:27:01 | 000,053,551 | ---- | C] () -- C:\Windows\Professional.xml [2011/11/30 17:54:50 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/30 17:16:45 | 000,005,032 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2011/11/30 13:31:23 | 000,001,314 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video Converter.lnk [2011/11/29 20:46:16 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011/11/29 20:46:16 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip [2011/11/29 20:46:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011/11/29 20:46:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011/11/29 20:46:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011/11/29 20:42:11 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011/11/29 19:04:04 | 000,839,371 | ---- | C] () -- C:\Users\Paul\AppData\Local\census.cache [2011/11/29 19:03:32 | 000,132,456 | ---- | C] () -- C:\Users\Paul\AppData\Local\ars.cache [2011/11/29 18:51:29 | 000,000,036 | ---- | C] () -- C:\Users\Paul\AppData\Local\housecall.guid.cache [2011/11/29 18:13:58 | 001,741,058 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/11/29 17:05:59 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2011/11/29 15:19:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/11/29 15:19:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/11/29 15:19:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/11/29 15:19:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/11/29 15:19:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/28 22:08:09 | 000,184,153 | ---- | C] () -- C:\Users\Paul\Desktop\rolling_stones_-_some_girls_cd.jpg [2011/11/28 15:30:53 | 000,017,999 | ---- | C] () -- C:\Users\Paul\Documents\Stones.nra [2011/11/27 23:17:49 | 001,072,848 | ---- | C] () -- C:\Users\Paul\Desktop\Complete.vep [2011/11/27 12:15:19 | 000,001,038 | ---- | C] () -- C:\Users\Paul\Desktop\Ideal Blu-ray Copy.lnk [2011/11/26 13:11:38 | 000,566,189 | ---- | C] () -- C:\Users\Paul\Desktop\Dawn & John (Video Editor).vep [2011/11/25 22:25:32 | 000,001,278 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video Editor.lnk [2011/11/23 11:19:36 | 000,644,611 | ---- | C] () -- C:\Users\Paul\Desktop\For Dawn & John.vrp [2011/11/21 15:21:02 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2011/11/21 15:05:32 | 000,000,068 | ---- | C] () -- C:\Windows\asapr.ini [2011/11/21 14:59:40 | 000,001,166 | ---- | C] () -- C:\Users\Paul\Documents\ActSql-PSK-PSK.pwct [2011/11/21 14:59:05 | 000,000,507 | ---- | C] () -- C:\Windows\pwc65u.INI [2011/11/21 14:10:54 | 000,000,684 | ---- | C] () -- C:\Users\Paul\Documents\Ellen Foley - Night Out (1979) - Spirit of St Louis (excerpts - 1981).cdt [2011/11/20 23:50:21 | 000,001,122 | ---- | C] () -- C:\Users\Paul\Documents\cc_20111120_235019.reg [2011/11/20 16:34:28 | 000,118,696 | ---- | C] () -- C:\Users\Paul\Desktop\arlo-guthrie5.jpg [2011/11/19 17:36:29 | 001,484,866 | ---- | C] () -- C:\Users\Paul\Desktop\Newest (2).vrp [2011/11/19 14:13:59 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk [2011/11/19 13:36:51 | 000,214,016 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\SharedSettings.ccs [2011/11/15 22:40:28 | 666,731,837 | ---- | C] () -- C:\Users\Paul\Desktop\Sage.ACT.Premium.v14.0.572.0.Incl.Keymaker-EMBRACE.rar [2011/11/14 18:29:18 | 000,001,264 | ---- | C] () -- C:\Users\Paul\Desktop\AVS4YOU Software Navigator.lnk [2011/11/14 18:29:06 | 000,001,290 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video ReMaker.lnk [2011/11/12 11:09:49 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011/11/10 12:07:28 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp [2011/11/10 12:07:28 | 000,013,077 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat [2011/11/10 00:21:50 | 000,001,729 | ---- | C] () -- C:\Users\Paul\Desktop\dvdarchst50.exe.lnk [2011/11/10 00:14:05 | 000,001,936 | ---- | C] () -- C:\Users\Paul\Desktop\Vegas Movie Studio.lnk [2011/11/09 23:30:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/11/09 14:25:04 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk [2011/11/09 10:24:17 | 000,480,853 | ---- | C] () -- C:\Users\Paul\Desktop\DSC_0153.jpg [2011/11/08 13:45:21 | 001,484,855 | ---- | C] () -- C:\Users\Paul\Desktop\Newest.vrp [2011/11/06 18:27:40 | 000,002,580 | ---- | C] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD.htm [2011/11/05 13:35:37 | 000,000,637 | ---- | C] () -- C:\Users\Paul\Desktop\VueScan.lnk [2011/11/05 13:23:08 | 001,611,668 | ---- | C] () -- C:\Users\Paul\Desktop\vuescan.pdf [2011/11/04 16:03:31 | 000,002,408 | ---- | C] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD Platinum.htm [2011/10/11 16:18:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\31D40A3D11.sys [2011/10/11 16:13:38 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/10/11 15:17:42 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat [2011/10/11 11:24:09 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011/10/11 08:22:54 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/10/11 08:22:54 | 000,017,945 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/10/09 22:11:00 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/10/09 22:11:00 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/10/09 00:41:11 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/10/06 15:51:21 | 000,000,186 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/11/01 06:00:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1999/03/10 02:23:00 | 000,222,928 | ---- | C] () -- C:\Windows\SysWow64\lobas09.dll [1998/04/27 02:23:00 | 006,150,961 | ---- | C] () -- C:\Windows\SysWow64\jre116.exe [1998/01/13 14:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\lotrn13.dll [1997/11/14 02:23:00 | 000,031,008 | ---- | C] () -- C:\Windows\SysWow64\ivtrn09.dll [1997/02/02 02:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss613.ini [1997/02/02 02:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss09.ini [1996/07/09 02:23:00 | 000,000,038 | ---- | C] () -- C:\Windows\loidp13.ini [1994/07/25 02:23:00 | 000,014,928 | ---- | C] () -- C:\Windows\SysWow64\wingen.drv [1994/04/07 02:23:00 | 000,000,462 | ---- | C] () -- C:\Windows\lodbf13.ini [color=#E56717]========== LOP Check ==========[/color] [2011/10/11 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ACT [2011/10/11 09:36:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CD-LabelPrint [2011/10/26 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CheckPoint [2011/11/19 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CoffeeCup Software [2011/11/29 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\dBpoweramp [2011/10/11 11:33:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\EAC [2011/10/11 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Firetrust [2011/11/30 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\foobar2000 [2011/10/09 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ImgBurn [2011/12/02 14:08:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IsolatedStorage [2011/10/12 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Kristanix Software [2011/12/02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\mjusbsp [2011/11/21 15:23:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag [2011/10/06 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OEM [2011/10/06 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Packard Bell [2011/10/11 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Pegasus Mail [2011/10/31 13:53:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Pegasys Inc [2011/11/29 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Product_FR [2011/11/04 16:04:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Publish Providers [2011/11/21 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PWC [2011/11/10 00:23:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony [2011/11/10 00:23:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony Creative Software Inc [2011/10/13 11:08:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thinstall [2011/10/09 22:59:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Trillian [2011/11/09 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ulead Systems [2011/11/30 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent [2009/07/14 00:08:49 | 000,030,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:24051EFF @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 < End of report > OTL Extras logfile created on: 12/2/2011 4:52:46 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.06% Memory free 15.96 Gb Paging File | 13.24 Gb Available in Paging File | 82.96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 914.41 Gb Total Space | 670.94 Gb Free Space | 73.37% Space Free | Partition Type: NTFS Drive J: | 244.54 Mb Total Space | 201.89 Mb Free Space | 82.56% Space Free | Partition Type: FAT32 Drive L: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive N: | 465.76 Gb Total Space | 34.60 Gb Free Space | 7.43% Space Free | Partition Type: NTFS Computer Name: PSK | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = Corel WordPerfect Office - iFilter 64 Bit "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DD414661-DFA3-4A04-ADF9-73A339BFE039}" = SmartFTP Client "{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00 "CCleaner" = CCleaner "Creative VF0700" = Creative Live! Cam Chat HD (VF0700) (1.00.06.00) "Ext2Fsd_is1" = Ext2Fsd 0.48 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NewBlue Art Effects for PDR10" = Art Effects for PDR10 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit) "ZoneAlarm Toolbar" = ZoneAlarm Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4 "_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver "{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT "{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common "{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM "{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7) "{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware "{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0) "{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic "{3DC2E407-08C7-43D4-BCF2-D78C9929A9BF}" = MailWasherPro "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4785A805-165B-42FE-8851-185ADA884B36}" = TMPGEnc Authoring Works 4 Trial Version "{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages "{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN "{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{92B60B3B-7DF3-4BF7-8823-9F17A9EEA31E}" = WordPerfect Office X5 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall "{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro "{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro "{B3215000-FA99-11E0-9C83-F04DA23A5C58}" = MSVCRT Redists "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists "{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share "{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{BABBE752-6969-42EC-8EAC-4D07604BCD59}_is1" = LastBit Password Tools DEMO version 15.0 "{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO "{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents "{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates "{CE3DE3AE-F384-11E0-B00E-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0 "{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins "{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM "{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools "{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP "{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E0C99E15-EDA2-4B48-AE7E-55706AF6706F}_is1" = Asset Manager 2012 Enterprise "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN "{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters "{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "adawaretb" = Ad-Aware Security Toolbar "Adobe AIR" = Adobe AIR "Akamai" = Akamai NetSession Interface Service "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 6 "AVS Video Recorder_is1" = AVS Video Recorder 2.4 "AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8 "Belarc Advisor" = Belarc Advisor 8.2 "Browser Defender_is1" = Browser Defender 3.0 "CD Wave_is1" = CD Wave Editor version 1.97 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "dBpoweramp DSP Effects" = dBpoweramp DSP Effects "dBpoweramp Music Converter" = dBpoweramp Music Converter "DVD-Audio Solo Standard" = DVD-Audio Solo Standard 4.1 "DVDFab 8 Qt_is1" = DVDFab 8.1.3.3 (12/11/2011) Qt Beta "EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0 "ESET Online Scanner" = ESET Online Scanner v3 "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "ffdshow_is1" = ffdshow [rev 2583] [2009-01-05] "Gadwin PrintScreen" = Gadwin PrintScreen "Gateway InfoCentre" = Gateway InfoCentre "Gateway Registration" = Gateway Registration "Gateway Screensaver" = Gateway ScreenSaver "Gateway Welcome Center" = Welcome Center "Hotkey Utility" = Hotkey Utility "Ideal Blu-ray Copy_is1" = Ideal Blu-ray Copy V1.1.2 "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor "InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0) "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Keriver 1-Click Restore Free" = Keriver 1-Click Restore Free "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Mp3tag" = Mp3tag v2.49a "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Pegasus Mail" = Pegasus Mail "Samsung ML-1450 Series PCL 6" = Samsung ML-1450 Series PCL 6 "SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only) "Spyware Doctor" = Spyware Doctor with AntiVirus 8.0 "Trillian" = Trillian "uTorrent" = µTorrent "VLC media player" = VLC media player 1.2.0-git-20111102-0003 "VuePrint" = VuePrint "VueScan" = VueScan "Windows Media Encoder 9" = Windows Media Encoder 9 Series "ZoneAlarm Free" = ZoneAlarm Free [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "File Renamer Turbo" = File Renamer Turbo "magicJack" = magicJack [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11/30/2011 12:01:29 PM | Computer Name = PSK | Source = Application Error | ID = 1000 Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x02424812 Faulting process id: 0xa1c Faulting application start time: 0x01ccaf794c4f061b Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe Faulting module path: unknown Report Id: 9048b9f3-1b6c-11e1-afc4-f80f41109dcb Error - 11/30/2011 12:02:46 PM | Computer Name = PSK | Source = Application Error | ID = 1000 Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x024e4812 Faulting process id: 0x16c Faulting application start time: 0x01ccaf797a289a69 Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe Faulting module path: unknown Report Id: be32f04f-1b6c-11e1-afc4-f80f41109dcb Error - 11/30/2011 12:02:51 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 12:02:51 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 12:02:54 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 3:18:09 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 3:18:09 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 3:18:12 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 11/30/2011 3:19:51 PM | Computer Name = PSK | Source = Application Error | ID = 1000 Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x02934812 Faulting process id: 0x1af0 Faulting application start time: 0x01ccaf94df719b89 Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe Faulting module path: unknown Report Id: 462e708e-1b88-11e1-afc4-f80f41109dcb Error - 11/30/2011 3:58:01 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 11/29/2011 11:59:50 PM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/29/2011 11:59:58 PM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/30/2011 12:00:21 AM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/30/2011 12:00:32 AM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/30/2011 12:11:01 AM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/30/2011 12:11:31 AM | Computer Name = PSK | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. Error - 11/30/2011 2:21:38 AM | Computer Name = PSK | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:19:54 AM on ?30/?11/?2011 was unexpected. Error - 11/30/2011 2:21:45 AM | Computer Name = PSK | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 11/30/2011 2:21:47 AM | Computer Name = PSK | Source = Application Popup | ID = 1060 Description = \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 11/30/2011 2:21:47 AM | Computer Name = PSK | Source = Service Control Manager | ID = 7000 Description = The PMEM service failed to start due to the following error: %%1275 < End of report >
  3. I can't seem to get rid of this pesky browser redirector. I'm not sure if it is a virus or adware, but would certainly like some help with his . Thanks! P_W