Sign in to follow this  
P_W

my.domainadvisor.com

Recommended Posts

I can't seem to get rid of this pesky browser redirector.

I'm not sure if it is a virus or adware, but would certainly like some help with his .

Thanks!

P_W

Share this post


Link to post
Share on other sites
Hi P_W,

Please, to get help with cleaning your computer follow the instructions in the topic [url="http://www.lavasoftsupport.com/index.php?showtopic=30823"]Read This Before You Post![/url].

PS. To get an email when I reply, please click "Follow this topic", which is located rather close to the upper right corner.

Share this post


Link to post
Share on other sites
Sorry about that. Here are the two files"

OTL logfile created on: 12/2/2011 4:52:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.06% Memory free
15.96 Gb Paging File | 13.24 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.41 Gb Total Space | 670.94 Gb Free Space | 73.37% Space Free | Partition Type: NTFS
Drive J: | 244.54 Mb Total Space | 201.89 Mb Free Space | 82.56% Space Free | Partition Type: FAT32
Drive L: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 465.76 Gb Total Space | 34.60 Gb Free Space | 7.43% Space Free | Partition Type: NTFS

Computer Name: PSK | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Paul\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\V0700Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Trillian\libspeex.dll ()
MOD - C:\Program Files (x86)\Trillian\libpng15.dll ()
MOD - C:\Program Files (x86)\Trillian\libungif.dll ()
MOD - C:\Program Files (x86)\Trillian\zlib1.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\events.dll ()
MOD - c:\Program Files (x86)\Trillian\languages\en\toolkit.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Genghis\834a807f29591cc3d45c20920d26b703\Genghis.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\52f20a73e9771c0d53809d031f76c37e\Act.Shared.Utilities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Images\cd394f0675fed7f7a8b88cce465442c3\Act.Shared.Images.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Shared.Diagnost#\a5b242e8d40770dd61a9b961719ad45e\Act.Shared.Diagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Shared\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll ()
MOD - C:\Windows\assembly\GAC_32\Act.Outlook.Message.Reader\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\11.0.367.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll ()
MOD - C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll ()


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:[b]64bit:[/b] - (RichVideo64) -- C:\Program Files\Cyberlink\Shared files\RichVideo64.exe ()
SRV:[b]64bit:[/b] - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (GREGService) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ACT! Scheduler) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (Sunbelt Software)
DRV:[b]64bit:[/b] - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:[b]64bit:[/b] - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (V0700Vid) -- C:\Windows\SysNative\drivers\V0700Vid.sys (Creative Technology Ltd.)
DRV:[b]64bit:[/b] - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:[b]64bit:[/b] - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:[b]64bit:[/b] - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:[b]64bit:[/b] - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:[b]64bit:[/b] - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:[b]64bit:[/b] - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:[b]64bit:[/b] - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:[b]64bit:[/b] - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:[b]64bit:[/b] - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:[b]64bit:[/b] - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:[b]64bit:[/b] - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:[b]64bit:[/b] - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PMEM) -- C:\Windows\SysWOW64\drivers\PMEMNT.SYS (Microsoft Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/11/12 11:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/12 11:09:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011/11/29 20:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/01 14:43:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/06 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2011/11/27 13:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\extensions
[2011/11/27 13:22:27 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/11/08 21:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/25 07:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/12 11:09:40 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
() (No name found) -- C:\USERS\PAUL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ZIIFZU1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE (Corel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0700Mon.exe] C:\Windows\V0700Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Paul\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [cdloader] C:\Users\Paul\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:[/b] - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EE973E5-E9AC-4AF4-9EE7-2ED4E3D9CD38}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/29 17:05:59 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/21 13:44:43 | 000,027,992 | R--- | M] (magicJack L.P.) - L:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/21 13:44:43 | 000,016,158 | R--- | M] () - L:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/21 13:44:43 | 000,000,308 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/21 13:44:43 | 000,682,760 | R--- | M] (magicJack L.P.) - L:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/02 16:07:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\tjnet
[2011/12/02 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Kaizen_Software_Solutions
[2011/12/02 14:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asset Manager 2012 Enterprise
[2011/12/02 14:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AssetManager
[2011/12/02 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asset Manager 2012 Enterprise
[2011/12/02 13:34:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\magicJack
[2011/12/02 13:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2011/12/02 13:34:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\mjusbsp
[2011/12/01 17:40:05 | 000,000,000 | ---D | C] -- C:\My Works
[2011/12/01 15:13:16 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\ARADump
[2011/12/01 14:45:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor
[2011/12/01 14:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2011/12/01 14:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/01 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/12/01 14:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/01 14:43:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/01 14:42:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple
[2011/12/01 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/01 14:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/12/01 14:40:49 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
[2011/12/01 14:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Cyberlink
[2011/12/01 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Video
[2011/12/01 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\4Media
[2011/11/30 22:07:15 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2011/11/30 21:56:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\LogMeIn Rescue Applet
[2011/11/30 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2011/11/30 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 17:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 17:54:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/30 17:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/30 17:29:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2011/11/30 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2011/11/30 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/11/30 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive
[2011/11/30 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\foobar2000
[2011/11/30 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\New folder
[2011/11/30 01:25:39 | 081,264,640 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Paul\Desktop\SpyHunter.exe
[2011/11/29 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\SpyHunter
[2011/11/29 20:46:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/11/29 20:46:15 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/11/29 20:46:15 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/11/29 20:42:11 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011/11/29 20:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/11/29 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Product_FR
[2011/11/29 18:13:58 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011/11/29 18:13:58 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011/11/29 18:13:57 | 000,337,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/11/29 18:13:57 | 000,143,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/11/29 18:13:55 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/11/29 18:13:52 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PC Tools
[2011/11/29 18:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/11/29 18:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/29 17:05:43 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/29 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/29 17:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/29 15:40:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/29 15:19:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/29 15:19:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/29 15:19:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/29 15:19:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/29 15:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/29 00:10:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\dBpoweramp
[2011/11/28 23:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/28 23:25:56 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
[2011/11/28 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Apple Computer
[2011/11/27 22:51:34 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/27 20:14:24 | 000,072,280 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2011/11/27 13:22:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\adaware
[2011/11/27 13:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/11/27 13:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/27 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2011/11/27 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\IdealSoftware
[2011/11/27 12:15:25 | 000,000,000 | ---D | C] -- C:\IDEALBDCOPY_TEMP
[2011/11/27 12:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ideal Blu-ray Copy
[2011/11/25 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\AVS4YOU
[2011/11/25 22:25:14 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2011/11/25 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\My Downloads
[2011/11/23 11:29:27 | 000,000,000 | ---D | C] -- C:\CERTIFICATE
[2011/11/23 11:29:27 | 000,000,000 | ---D | C] -- C:\BDMV
[2011/11/21 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Mp3tag
[2011/11/21 15:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011/11/21 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PWC
[2011/11/21 14:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PasswordTools
[2011/11/21 14:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordTools
[2011/11/20 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AVS menu
[2011/11/19 14:25:30 | 000,744,072 | ---- | C] (www.ext2fsd.com) -- C:\Windows\SysNative\drivers\ext2fsd.sys
[2011/11/19 14:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Popcorn Hour
[2011/11/19 14:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ext2Fsd
[2011/11/19 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\SmartFTP
[2011/11/19 14:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
[2011/11/19 14:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2011/11/19 14:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files
[2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software
[2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\CoffeeCup Software
[2011/11/19 13:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software
[2011/11/14 23:55:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\AVS error messages
[2011/11/14 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\dvdcss
[2011/11/14 18:29:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AVS4YOU
[2011/11/14 18:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/11/14 18:29:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/11/14 18:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/11/14 18:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/11/14 18:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/11/14 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/12 11:09:58 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/11/12 11:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2011/11/12 11:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2011/11/10 00:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/11/09 23:30:30 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/11/09 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2011/11/09 23:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/11/09 23:30:06 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2011/11/09 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Akamai
[2011/11/09 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Corel VideoStudio Pro
[2011/11/09 14:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011/11/09 14:30:48 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ulead Systems
[2011/11/09 14:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011/11/09 14:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2011/11/09 14:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2011/11/09 14:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2011/11/09 14:26:34 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2011/11/09 14:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/11/09 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2011/11/09 14:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X4
[2011/11/09 14:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2011/11/09 14:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2011/11/09 14:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2011/11/09 14:21:39 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/11/09 14:21:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/11/09 14:21:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/11/09 14:21:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/11/09 14:21:38 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/11/09 14:21:38 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/11/09 14:21:38 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/11/09 14:21:38 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/11/09 14:21:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/11/09 14:21:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/11/09 14:21:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/11/09 14:21:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/11/09 14:21:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/11/09 14:21:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/11/09 14:21:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/11/09 14:21:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/11/09 14:21:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/11/09 14:21:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/11/09 14:21:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/11/09 14:21:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/11/09 14:21:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/11/09 14:21:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/11/09 14:21:36 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/11/09 14:21:36 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/11/09 14:21:36 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/11/09 14:21:36 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/11/09 14:21:35 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/11/09 14:21:35 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/11/09 14:21:35 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/11/09 14:21:35 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/11/09 14:21:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/11/09 14:21:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/11/09 14:21:35 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/11/09 14:21:35 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/11/09 14:21:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/11/09 14:21:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/11/09 14:21:34 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/11/09 14:21:34 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/11/09 14:21:33 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/11/09 14:21:33 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/11/09 14:21:32 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/11/09 14:21:32 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/11/09 14:21:32 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/11/09 14:21:32 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/11/09 14:21:32 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/11/09 14:21:32 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/11/09 14:21:32 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/11/09 14:21:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/11/09 14:21:32 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/11/09 14:21:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/11/09 14:21:31 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/11/09 14:21:31 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/11/09 14:21:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/11/09 14:21:31 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/11/09 14:21:31 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/11/09 14:21:31 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/11/09 14:21:31 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/11/09 14:21:31 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/11/09 14:21:30 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/11/09 14:21:30 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/11/09 14:21:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/11/09 14:21:27 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/11/09 14:21:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/11/09 14:21:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/11/09 14:21:27 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/11/09 14:21:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/11/09 14:21:27 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/11/09 14:21:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/11/09 14:21:26 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/11/09 14:21:26 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/11/09 14:21:26 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/11/09 14:21:26 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/11/09 14:21:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/11/09 14:21:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/11/09 14:21:26 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/11/09 14:21:26 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/11/09 14:21:25 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/11/09 14:21:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/11/09 14:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011/11/06 18:25:30 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Vegas Movie Studio HD 11.0 Projects
[2011/11/05 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/11/05 13:35:34 | 000,000,000 | ---D | C] -- C:\VueScan
[2011/11/04 22:46:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Sony Creative Software Inc
[2011/11/04 16:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/11/04 16:04:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Publish Providers
[2011/11/04 15:58:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Vegas Movie Studio HD Platinum 11.0 Projects
[2011/11/04 15:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/11/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/11/04 15:58:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Sony
[2011/11/04 15:55:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Sony
[2011/11/04 09:55:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Peerblock
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/02 16:14:54 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 16:14:54 | 000,015,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 16:09:07 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/02 16:06:18 | 004,923,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/02 16:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 16:05:57 | 2133,352,447 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 14:12:35 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/02 14:12:35 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/12/02 14:03:30 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Asset Manager 2012 Enterprise.lnk
[2011/12/02 13:34:07 | 000,001,044 | ---- | M] () -- C:\Users\Paul\Desktop\magicJack.lnk
[2011/12/02 10:02:17 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/12/02 09:51:08 | 000,012,396 | ---- | M] () -- C:\Users\Paul\Desktop\PowerDVD10.lnk
[2011/12/01 23:47:38 | 063,136,241 | ---- | M] () -- C:\Users\Paul\Desktop\PDR10_Tutorial_Book_ENU.zip
[2011/12/01 14:45:01 | 000,002,050 | ---- | M] () -- C:\Users\Paul\Desktop\CyberLink WaveEditor.lnk
[2011/12/01 14:40:49 | 000,001,399 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk
[2011/11/30 17:54:50 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 17:27:50 | 000,005,032 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/11/30 13:33:26 | 000,791,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/30 13:33:26 | 000,674,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/30 13:33:26 | 000,127,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/30 13:32:38 | 000,001,264 | ---- | M] () -- C:\Users\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2011/11/30 13:31:23 | 000,001,314 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video Converter.lnk
[2011/11/29 20:42:11 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/11/29 19:04:04 | 000,839,371 | ---- | M] () -- C:\Users\Paul\AppData\Local\census.cache
[2011/11/29 19:03:32 | 000,132,456 | ---- | M] () -- C:\Users\Paul\AppData\Local\ars.cache
[2011/11/29 18:51:29 | 000,000,036 | ---- | M] () -- C:\Users\Paul\AppData\Local\housecall.guid.cache
[2011/11/29 18:14:32 | 001,741,058 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/11/29 17:05:59 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/28 23:49:54 | 000,184,153 | ---- | M] () -- C:\Users\Paul\Desktop\rolling_stones_-_some_girls_cd.jpg
[2011/11/28 23:25:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
[2011/11/28 20:44:25 | 000,017,999 | ---- | M] () -- C:\Users\Paul\Documents\Stones.nra
[2011/11/27 23:36:53 | 000,566,189 | ---- | M] () -- C:\Users\Paul\Desktop\Dawn & John (Video Editor).vep
[2011/11/27 23:17:58 | 001,072,848 | ---- | M] () -- C:\Users\Paul\Desktop\Complete.vep
[2011/11/27 22:51:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/27 20:14:22 | 000,072,280 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\sbapifs.sys
[2011/11/27 13:22:16 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/11/27 12:15:19 | 000,001,038 | ---- | M] () -- C:\Users\Paul\Desktop\Ideal Blu-ray Copy.lnk
[2011/11/25 22:25:32 | 000,001,278 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video Editor.lnk
[2011/11/23 12:54:55 | 000,644,611 | ---- | M] () -- C:\Users\Paul\Desktop\For Dawn & John.vrp
[2011/11/21 15:21:02 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/11/21 15:05:32 | 000,000,068 | ---- | M] () -- C:\Windows\asapr.ini
[2011/11/21 15:00:06 | 000,001,166 | ---- | M] () -- C:\Users\Paul\Documents\ActSql-PSK-PSK.pwct
[2011/11/21 14:59:53 | 000,000,507 | ---- | M] () -- C:\Windows\pwc65u.INI
[2011/11/21 14:10:54 | 000,000,684 | ---- | M] () -- C:\Users\Paul\Documents\Ellen Foley - Night Out (1979) - Spirit of St Louis (excerpts - 1981).cdt
[2011/11/20 23:50:23 | 000,001,122 | ---- | M] () -- C:\Users\Paul\Documents\cc_20111120_235019.reg
[2011/11/20 16:34:28 | 000,118,696 | ---- | M] () -- C:\Users\Paul\Desktop\arlo-guthrie5.jpg
[2011/11/19 23:33:28 | 001,484,855 | ---- | M] () -- C:\Users\Paul\Desktop\Newest.vrp
[2011/11/19 23:29:38 | 001,484,866 | ---- | M] () -- C:\Users\Paul\Desktop\Newest (2).vrp
[2011/11/19 14:13:59 | 000,002,659 | ---- | M] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/19 13:59:51 | 000,214,016 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\SharedSettings.ccs
[2011/11/15 22:57:27 | 666,731,837 | ---- | M] () -- C:\Users\Paul\Desktop\Sage.ACT.Premium.v14.0.572.0.Incl.Keymaker-EMBRACE.rar
[2011/11/15 17:36:55 | 000,001,080 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
[2011/11/15 17:36:55 | 000,001,056 | ---- | M] () -- C:\Users\Paul\Desktop\DVDFab 8 Qt.lnk
[2011/11/14 18:29:06 | 000,001,290 | ---- | M] () -- C:\Users\Paul\Desktop\AVS Video ReMaker.lnk
[2011/11/12 11:10:08 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/10 12:07:28 | 000,013,077 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/11/10 12:07:25 | 004,022,504 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/11/10 12:07:25 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/11/10 12:07:24 | 000,017,945 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/11/10 12:07:05 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/11/10 00:22:15 | 000,001,729 | ---- | M] () -- C:\Users\Paul\Desktop\dvdarchst50.exe.lnk
[2011/11/10 00:14:45 | 000,001,936 | ---- | M] () -- C:\Users\Paul\Desktop\Vegas Movie Studio.lnk
[2011/11/09 14:25:04 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2011/11/09 13:32:55 | 000,002,580 | ---- | M] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD.htm
[2011/11/09 10:24:17 | 000,480,853 | ---- | M] () -- C:\Users\Paul\Desktop\DSC_0153.jpg
[2011/11/08 21:56:44 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/05 21:31:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/05 13:35:37 | 000,000,637 | ---- | M] () -- C:\Users\Paul\Desktop\VueScan.lnk
[2011/11/05 13:23:09 | 001,611,668 | ---- | M] () -- C:\Users\Paul\Desktop\vuescan.pdf
[2011/11/04 16:03:31 | 000,002,408 | ---- | M] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD Platinum.htm
[2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/02 14:03:30 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Asset Manager 2012 Enterprise.lnk
[2011/12/02 13:34:07 | 000,001,044 | ---- | C] () -- C:\Users\Paul\Desktop\magicJack.lnk
[2011/12/02 13:34:07 | 000,001,030 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2011/12/02 09:51:08 | 000,012,396 | ---- | C] () -- C:\Users\Paul\Desktop\PowerDVD10.lnk
[2011/12/01 23:45:54 | 063,136,241 | ---- | C] () -- C:\Users\Paul\Desktop\PDR10_Tutorial_Book_ENU.zip
[2011/12/01 14:45:01 | 000,002,050 | ---- | C] () -- C:\Users\Paul\Desktop\CyberLink WaveEditor.lnk
[2011/12/01 14:42:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/01 14:40:49 | 000,001,399 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk
[2011/11/30 21:27:01 | 000,053,551 | ---- | C] () -- C:\Windows\Professional.xml
[2011/11/30 17:54:50 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 17:16:45 | 000,005,032 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/11/30 13:31:23 | 000,001,314 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video Converter.lnk
[2011/11/29 20:46:16 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/29 20:46:16 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
[2011/11/29 20:46:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/11/29 20:46:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/11/29 20:46:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/11/29 20:42:11 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/11/29 19:04:04 | 000,839,371 | ---- | C] () -- C:\Users\Paul\AppData\Local\census.cache
[2011/11/29 19:03:32 | 000,132,456 | ---- | C] () -- C:\Users\Paul\AppData\Local\ars.cache
[2011/11/29 18:51:29 | 000,000,036 | ---- | C] () -- C:\Users\Paul\AppData\Local\housecall.guid.cache
[2011/11/29 18:13:58 | 001,741,058 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/11/29 17:05:59 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/29 15:19:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/29 15:19:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/29 15:19:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/29 15:19:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/29 15:19:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 22:08:09 | 000,184,153 | ---- | C] () -- C:\Users\Paul\Desktop\rolling_stones_-_some_girls_cd.jpg
[2011/11/28 15:30:53 | 000,017,999 | ---- | C] () -- C:\Users\Paul\Documents\Stones.nra
[2011/11/27 23:17:49 | 001,072,848 | ---- | C] () -- C:\Users\Paul\Desktop\Complete.vep
[2011/11/27 12:15:19 | 000,001,038 | ---- | C] () -- C:\Users\Paul\Desktop\Ideal Blu-ray Copy.lnk
[2011/11/26 13:11:38 | 000,566,189 | ---- | C] () -- C:\Users\Paul\Desktop\Dawn & John (Video Editor).vep
[2011/11/25 22:25:32 | 000,001,278 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video Editor.lnk
[2011/11/23 11:19:36 | 000,644,611 | ---- | C] () -- C:\Users\Paul\Desktop\For Dawn & John.vrp
[2011/11/21 15:21:02 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2011/11/21 15:05:32 | 000,000,068 | ---- | C] () -- C:\Windows\asapr.ini
[2011/11/21 14:59:40 | 000,001,166 | ---- | C] () -- C:\Users\Paul\Documents\ActSql-PSK-PSK.pwct
[2011/11/21 14:59:05 | 000,000,507 | ---- | C] () -- C:\Windows\pwc65u.INI
[2011/11/21 14:10:54 | 000,000,684 | ---- | C] () -- C:\Users\Paul\Documents\Ellen Foley - Night Out (1979) - Spirit of St Louis (excerpts - 1981).cdt
[2011/11/20 23:50:21 | 000,001,122 | ---- | C] () -- C:\Users\Paul\Documents\cc_20111120_235019.reg
[2011/11/20 16:34:28 | 000,118,696 | ---- | C] () -- C:\Users\Paul\Desktop\arlo-guthrie5.jpg
[2011/11/19 17:36:29 | 001,484,866 | ---- | C] () -- C:\Users\Paul\Desktop\Newest (2).vrp
[2011/11/19 14:13:59 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/19 13:36:51 | 000,214,016 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\SharedSettings.ccs
[2011/11/15 22:40:28 | 666,731,837 | ---- | C] () -- C:\Users\Paul\Desktop\Sage.ACT.Premium.v14.0.572.0.Incl.Keymaker-EMBRACE.rar
[2011/11/14 18:29:18 | 000,001,264 | ---- | C] () -- C:\Users\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2011/11/14 18:29:06 | 000,001,290 | ---- | C] () -- C:\Users\Paul\Desktop\AVS Video ReMaker.lnk
[2011/11/12 11:09:49 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011/11/10 12:07:28 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/11/10 12:07:28 | 000,013,077 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/11/10 00:21:50 | 000,001,729 | ---- | C] () -- C:\Users\Paul\Desktop\dvdarchst50.exe.lnk
[2011/11/10 00:14:05 | 000,001,936 | ---- | C] () -- C:\Users\Paul\Desktop\Vegas Movie Studio.lnk
[2011/11/09 23:30:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/09 14:25:04 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
[2011/11/09 10:24:17 | 000,480,853 | ---- | C] () -- C:\Users\Paul\Desktop\DSC_0153.jpg
[2011/11/08 13:45:21 | 001,484,855 | ---- | C] () -- C:\Users\Paul\Desktop\Newest.vrp
[2011/11/06 18:27:40 | 000,002,580 | ---- | C] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD.htm
[2011/11/05 13:35:37 | 000,000,637 | ---- | C] () -- C:\Users\Paul\Desktop\VueScan.lnk
[2011/11/05 13:23:08 | 001,611,668 | ---- | C] () -- C:\Users\Paul\Desktop\vuescan.pdf
[2011/11/04 16:03:31 | 000,002,408 | ---- | C] () -- C:\Users\Paul\Documents\Register Vegas Movie Studio HD Platinum.htm
[2011/10/11 16:18:53 | 000,000,088 | RHS- | C] () -- C:\ProgramData\31D40A3D11.sys
[2011/10/11 16:13:38 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/11 15:17:42 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\ftm31.dat
[2011/10/11 11:24:09 | 000,000,132 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/10/11 08:22:54 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/10/11 08:22:54 | 000,017,945 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/10/09 22:11:00 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/09 22:11:00 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/09 00:41:11 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/10/06 15:51:21 | 000,000,186 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/01 06:00:00 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1999/03/10 02:23:00 | 000,222,928 | ---- | C] () -- C:\Windows\SysWow64\lobas09.dll
[1998/04/27 02:23:00 | 006,150,961 | ---- | C] () -- C:\Windows\SysWow64\jre116.exe
[1998/01/13 14:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\lotrn13.dll
[1997/11/14 02:23:00 | 000,031,008 | ---- | C] () -- C:\Windows\SysWow64\ivtrn09.dll
[1997/02/02 02:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss613.ini
[1997/02/02 02:23:00 | 000,000,058 | ---- | C] () -- C:\Windows\loss09.ini
[1996/07/09 02:23:00 | 000,000,038 | ---- | C] () -- C:\Windows\loidp13.ini
[1994/07/25 02:23:00 | 000,014,928 | ---- | C] () -- C:\Windows\SysWow64\wingen.drv
[1994/04/07 02:23:00 | 000,000,462 | ---- | C] () -- C:\Windows\lodbf13.ini

[color=#E56717]========== LOP Check ==========[/color]

[2011/10/11 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ACT
[2011/10/11 09:36:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CD-LabelPrint
[2011/10/26 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CheckPoint
[2011/11/19 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CoffeeCup Software
[2011/11/29 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\dBpoweramp
[2011/10/11 11:33:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\EAC
[2011/10/11 15:15:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Firetrust
[2011/11/30 12:42:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\foobar2000
[2011/10/09 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ImgBurn
[2011/12/02 14:08:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IsolatedStorage
[2011/10/12 12:05:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Kristanix Software
[2011/12/02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\mjusbsp
[2011/11/21 15:23:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Mp3tag
[2011/10/06 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OEM
[2011/10/06 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Packard Bell
[2011/10/11 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Pegasus Mail
[2011/10/31 13:53:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Pegasys Inc
[2011/11/29 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Product_FR
[2011/11/04 16:04:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Publish Providers
[2011/11/21 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PWC
[2011/11/10 00:23:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony
[2011/11/10 00:23:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sony Creative Software Inc
[2011/10/13 11:08:14 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thinstall
[2011/10/09 22:59:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Trillian
[2011/11/09 18:25:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ulead Systems
[2011/11/30 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,030,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >



OTL Extras logfile created on: 12/2/2011 4:52:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.06% Memory free
15.96 Gb Paging File | 13.24 Gb Available in Paging File | 82.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.41 Gb Total Space | 670.94 Gb Free Space | 73.37% Space Free | Partition Type: NTFS
Drive J: | 244.54 Mb Total Space | 201.89 Mb Free Space | 82.56% Space Free | Partition Type: FAT32
Drive L: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 465.76 Gb Total Space | 34.60 Gb Free Space | 7.43% Space Free | Partition Type: NTFS

Computer Name: PSK | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}" = Corel WordPerfect Office - iFilter 64 Bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DD414661-DFA3-4A04-ADF9-73A339BFE039}" = SmartFTP Client
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Creative VF0700" = Creative Live! Cam Chat HD (VF0700) (1.00.06.00)
"Ext2Fsd_is1" = Ext2Fsd 0.48
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
"{3DC2E407-08C7-43D4-BCF2-D78C9929A9BF}" = MailWasherPro
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4785A805-165B-42FE-8851-185ADA884B36}" = TMPGEnc Authoring Works 4 Trial Version
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92B60B3B-7DF3-4BF7-8823-9F17A9EEA31E}" = WordPerfect Office X5
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
"{B3215000-FA99-11E0-9C83-F04DA23A5C58}" = MSVCRT Redists
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
"{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
"{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BABBE752-6969-42EC-8EAC-4D07604BCD59}_is1" = LastBit Password Tools DEMO version 15.0
"{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
"{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CE3DE3AE-F384-11E0-B00E-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0C99E15-EDA2-4B48-AE7E-55706AF6706F}_is1" = Asset Manager 2012 Enterprise
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.8.140
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Belarc Advisor" = Belarc Advisor 8.2
"Browser Defender_is1" = Browser Defender 3.0
"CD Wave_is1" = CD Wave Editor version 1.97
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DVD-Audio Solo Standard" = DVD-Audio Solo Standard 4.1
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.3 (12/11/2011) Qt Beta
"EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Gadwin PrintScreen" = Gadwin PrintScreen
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hotkey Utility" = Hotkey Utility
"Ideal Blu-ray Copy_is1" = Ideal Blu-ray Copy V1.1.2
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{396CE0B5-DC06-46D2-A870-47798143AE85}" = ACT! by Sage Premium 2009 (11.0)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Keriver 1-Click Restore Free" = Keriver 1-Click Restore Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mp3tag" = Mp3tag v2.49a
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pegasus Mail" = Pegasus Mail
"Samsung ML-1450 Series PCL 6" = Samsung ML-1450 Series PCL 6
"SmartFTP Client 4.0 (x64) Setup Files" = SmartFTP Client Setup Files 4.0 (x64) (remove only)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.2.0-git-20111102-0003
"VuePrint" = VuePrint
"VueScan" = VueScan
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"ZoneAlarm Free" = ZoneAlarm Free

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"File Renamer Turbo" = File Renamer Turbo
"magicJack" = magicJack

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 11/30/2011 12:01:29 PM | Computer Name = PSK | Source = Application Error | ID = 1000
Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time
stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000409 Fault offset: 0x02424812 Faulting process id: 0xa1c Faulting application
start time: 0x01ccaf794c4f061b Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe
Faulting
module path: unknown Report Id: 9048b9f3-1b6c-11e1-afc4-f80f41109dcb

Error - 11/30/2011 12:02:46 PM | Computer Name = PSK | Source = Application Error | ID = 1000
Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time
stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000409 Fault offset: 0x024e4812 Faulting process id: 0x16c Faulting application
start time: 0x01ccaf797a289a69 Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe
Faulting
module path: unknown Report Id: be32f04f-1b6c-11e1-afc4-f80f41109dcb

Error - 11/30/2011 12:02:51 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 12:02:51 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 12:02:54 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 3:18:09 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 3:18:09 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 3:18:12 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/30/2011 3:19:51 PM | Computer Name = PSK | Source = Application Error | ID = 1000
Description = Faulting application name: SpyHunter.exe, version: 4.5.11.3608, time
stamp: 0x4dd27f70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000409 Fault offset: 0x02934812 Faulting process id: 0x1af0 Faulting application
start time: 0x01ccaf94df719b89 Faulting application path: C:\Users\Paul\Desktop\SpyHunter.exe
Faulting
module path: unknown Report Id: 462e708e-1b88-11e1-afc4-f80f41109dcb

Error - 11/30/2011 3:58:01 PM | Computer Name = PSK | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 11/29/2011 11:59:50 PM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/29/2011 11:59:58 PM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/30/2011 12:00:21 AM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/30/2011 12:00:32 AM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/30/2011 12:11:01 AM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/30/2011 12:11:31 AM | Computer Name = PSK | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/30/2011 2:21:38 AM | Computer Name = PSK | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:19:54 AM on ?30/?11/?2011 was unexpected.

Error - 11/30/2011 2:21:45 AM | Computer Name = PSK | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 11/30/2011 2:21:47 AM | Computer Name = PSK | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 11/30/2011 2:21:47 AM | Computer Name = PSK | Source = Service Control Manager | ID = 7000
Description = The PMEM service failed to start due to the following error: %%1275


< End of report >

Share this post


Link to post
Share on other sites
No need to apologize :)

Upload this file to http://www.virustotal.com/ using the "Upload a file" function and post back the link to the scan report:
C:\ProgramData\31D40A3D11.sys

I can see that you already have run ComboFix, please paste the existing log C:\ComboFix.txt.

Have the programs, for example Malwarebytes Anti-Malware, found and removed any malicious files? Please, provide logs if possible.

Save TDSSKiller on the Desktop:
[url=http://support.kaspersky.com/downloads/utils/tdsskiller.zip]http://support.kaspersky.com/downloads/utils/tdsskiller.zip[/url]

Right-click and select [b]Extract all[/b]. Remember the location of the extracted file.
Turn off all programs.
Run the program TDSSKiller.exe which is the file you extracted.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

Share this post


Link to post
Share on other sites
Sorry for the delay!

1) Link to S1D40A3S11.sys file:

http://www.virustotal.com/file-scan/report.html?id=c5862798537f6f3010c6ef0a4f75cb0964edccf300785038a5cfcc5daf3a5b68-1323458093

2) Contents of ComboFix.txt:

ComboFix 11-11-29.04 - Paul 29/11/2011 15:21:01.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8174.5480 [GMT -5:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 20:29 . 2011-11-29 20:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79B25F82-365D-426D-883F-EE4F3CDEE363}\offreg.dll
2011-11-29 20:25 . 2011-11-29 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 20:25 . 2011-11-29 20:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-11-29 14:40 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79B25F82-365D-426D-883F-EE4F3CDEE363}\mpengine.dll
2011-11-29 05:10 . 2011-11-29 05:10 -------- d-----w- c:\users\Paul\AppData\Roaming\dBpoweramp
2011-11-29 04:26 . 2011-11-29 04:26 -------- d-----w- c:\program files (x86)\ESET
2011-11-28 15:31 . 2011-11-28 15:31 -------- d-----w- c:\users\Paul\AppData\Local\Apple Computer
2011-11-28 03:51 . 2011-11-28 03:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-28 01:14 . 2011-11-28 01:14 72280 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\users\Paul\AppData\Local\adaware
2011-11-27 18:22 . 2011-11-28 22:27 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-27 18:22 . 2011-11-27 18:22 -------- d-----w- c:\program files (x86)\adawaretb
2011-11-27 17:15 . 2011-11-27 17:15 -------- d-----w- c:\users\Paul\AppData\Local\IdealSoftware
2011-11-27 17:15 . 2011-11-27 17:15 -------- d-----w- C:\IDEALBDCOPY_TEMP
2011-11-26 03:25 . 2011-09-16 23:00 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-11-23 16:29 . 2011-11-23 16:29 -------- d-----w- C:\CERTIFICATE
2011-11-23 16:29 . 2011-11-23 16:29 -------- d-----w- C:\BDMV
2011-11-21 20:21 . 2011-11-21 20:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Mp3tag
2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\programdata\Elcomsoft Password Recovery
2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\program files (x86)\Elcomsoft
2011-11-21 20:05 . 2011-11-21 20:05 -------- d-----w- c:\program files (x86)\Elcomsoft Password Recovery
2011-11-21 19:59 . 2011-11-21 19:59 -------- d-----w- c:\users\Paul\AppData\Roaming\PWC
2011-11-21 19:57 . 2011-11-21 19:57 -------- d-----w- c:\program files (x86)\PasswordTools
2011-11-20 18:34 . 2011-11-27 18:18 -------- d-----w- c:\users\Paul\AVS menu
2011-11-19 19:25 . 2011-11-19 19:25 -------- d-----w- c:\program files\Popcorn Hour
2011-11-19 19:25 . 2009-07-27 03:34 744072 ----a-w- c:\windows\system32\drivers\ext2fsd.sys
2011-11-19 19:15 . 2011-11-19 19:15 -------- d-----w- c:\users\Paul\AppData\Roaming\SmartFTP
2011-11-19 19:13 . 2011-11-19 19:13 -------- d-----w- c:\program files\SmartFTP Client
2011-11-19 19:13 . 2011-11-19 19:13 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files
2011-11-19 18:36 . 2011-11-19 18:36 -------- d-----w- c:\users\Paul\AppData\Roaming\CoffeeCup Software
2011-11-19 18:36 . 2011-11-19 18:36 -------- d-----w- c:\programdata\CoffeeCup Software
2011-11-15 04:55 . 2011-11-15 18:24 -------- d-----w- c:\users\Paul\AVS error messages
2011-11-15 03:10 . 2011-11-17 19:22 -------- d-----w- c:\users\Paul\AppData\Roaming\dvdcss
2011-11-14 23:29 . 2011-11-26 03:31 -------- d-----w- c:\users\Paul\AppData\Roaming\AVS4YOU
2011-11-14 23:29 . 2011-11-14 23:29 -------- d-----w- c:\programdata\AVS4YOU
2011-11-14 23:29 . 2011-11-26 03:25 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-11-14 23:28 . 2011-11-26 03:25 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\IsolatedStorage
2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\ACT
2011-11-13 05:11 . 2011-11-13 05:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\CheckPoint
2011-11-12 16:09 . 2011-11-29 03:13 -------- d-----w- c:\windows\Internet Logs
2011-11-12 16:01 . 2011-11-12 16:09 -------- d-----w- c:\program files (x86)\CheckPoint
2011-11-10 05:12 . 2011-11-10 05:12 -------- d-----w- c:\program files (x86)\Sony
2011-11-10 04:30 . 2008-12-08 17:53 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-11-10 04:30 . 2008-06-09 03:58 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\ffdshow
2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\Haali
2011-11-10 04:30 . 2011-11-10 04:30 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2011-11-10 04:13 . 2011-11-18 03:00 -------- d-----w- c:\users\Paul\AppData\Local\Akamai
2011-11-09 19:30 . 2011-11-09 19:31 -------- d-----w- c:\programdata\Protexis
2011-11-09 19:30 . 2011-11-09 23:25 -------- d-----w- c:\users\Paul\AppData\Roaming\Ulead Systems
2011-11-09 19:27 . 2011-11-09 19:27 -------- d-----w- c:\programdata\eSellerate
2011-11-09 19:27 . 2011-11-09 19:27 -------- d-----w- c:\program files (x86)\SmartSound Software
2011-11-09 19:27 . 2011-11-09 19:28 -------- d-----w- c:\programdata\SmartSound Software Inc
2011-11-09 19:24 . 2011-11-09 19:24 -------- d-----w- c:\programdata\Ulead Systems
2011-11-09 19:22 . 2011-11-09 19:22 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-11-09 19:06 . 2011-11-29 20:27 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-11-09 13:09 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:09 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:09 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 02:56 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-05 18:35 . 2011-11-05 18:37 -------- d-----w- C:\VueScan
2011-11-05 03:46 . 2011-11-10 05:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Sony Creative Software Inc
2011-11-04 21:04 . 2011-11-10 05:23 -------- d-----w- c:\programdata\Sony
2011-11-04 21:04 . 2011-11-04 21:04 -------- d-----w- c:\users\Paul\AppData\Roaming\Publish Providers
2011-11-04 20:58 . 2011-11-10 05:12 -------- d-----w- c:\users\Paul\AppData\Local\Sony
2011-11-04 20:58 . 2011-11-04 20:58 -------- d-----w- c:\windows\SysWow64\spool
2011-11-04 20:55 . 2011-11-10 05:23 -------- d-----w- c:\users\Paul\AppData\Roaming\Sony
2011-10-31 21:12 . 2011-10-31 21:12 -------- d-----w- c:\program files (x86)\Pegasys Inc
2011-10-31 18:53 . 2011-10-31 18:53 -------- d-----w- c:\users\Paul\AppData\Roaming\Pegasys Inc
2011-10-31 18:43 . 2011-10-31 18:42 59240 ----a-w- c:\windows\SysWow64\GenSvcInst.exe
2011-10-31 18:43 . 2011-10-31 18:42 38944 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2011-10-31 18:43 . 2011-10-31 18:42 139264 ----a-w- c:\windows\SysWow64\bgsvcgen.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 22:27 . 2011-10-09 05:41 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-10 17:07 . 2011-10-11 13:22 4022504 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-11-03 17:06 . 2011-10-07 00:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-31 22:36 . 2011-10-11 21:20 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-27 01:53 . 2011-10-27 01:53 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-10-17 17:30 . 2011-10-06 18:53 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-17 17:30 . 2011-10-06 18:53 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-11 21:18 . 2011-10-11 21:18 88 --sh--r- c:\programdata\31D40A3D11.sys
2011-10-11 13:47 . 2011-10-11 13:47 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-11 04:45 . 2011-10-11 04:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-11 04:45 . 2011-10-11 04:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-11 04:45 . 2011-10-11 04:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-11 04:45 . 2011-10-11 04:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-11 04:45 . 2011-10-11 04:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-11 04:45 . 2011-10-11 04:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-11 04:45 . 2011-10-11 04:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-11 04:45 . 2011-10-11 04:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-11 04:45 . 2011-10-11 04:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-11 04:45 . 2011-10-11 04:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-11 04:45 . 2011-10-11 04:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-11 04:45 . 2011-10-11 04:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-11 04:45 . 2011-10-11 04:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-11 04:45 . 2011-10-11 04:45 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-11 04:45 . 2011-10-11 04:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-11 04:45 . 2011-10-11 04:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-11 04:45 . 2011-10-11 04:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-11 04:45 . 2011-10-11 04:45 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-10-11 04:45 . 2011-10-11 04:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-11 04:45 . 2011-10-11 04:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-11 04:45 . 2011-10-11 04:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-11 04:45 . 2011-10-11 04:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-11 04:45 . 2011-10-11 04:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-11 04:45 . 2011-10-11 04:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-11 04:45 . 2011-10-11 04:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-11 04:45 . 2011-10-11 04:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-11 04:45 . 2011-10-11 04:45 448512 ----a-w- c:\windows\system32\html.iec
2011-10-11 04:45 . 2011-10-11 04:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-11 04:45 . 2011-10-11 04:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-11 04:45 . 2011-10-11 04:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-11 04:45 . 2011-10-11 04:45 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-11 04:45 . 2011-10-11 04:45 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-11 04:45 . 2011-10-11 04:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-11 04:45 . 2011-10-11 04:45 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-11 04:45 . 2011-10-11 04:45 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-11 04:45 . 2011-10-11 04:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-11 04:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-11 04:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-07 00:13 . 2011-10-07 00:13 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-06 18:47 . 2011-10-06 18:47 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-10-03 09:06 . 2011-10-17 20:32 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-18 12:39 . 2011-10-07 00:10 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-09-16 03:55 . 2011-10-07 00:10 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-16 03:55 . 2011-10-07 00:10 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-06 21:00 . 2011-09-06 21:00 393920 ----a-w- c:\windows\system32\drivers\V0700Vid.sys
2011-09-01 05:24 . 2011-10-12 07:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 07:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 07:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 07:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-07-02 495616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Akamai NetSession Interface"="c:\users\Paul\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-10-26 136600]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"V0700Mon.exe"="c:\windows\V0700Mon.exe" [2011-08-22 28672]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-08-06 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-08-06 744072]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2008-07-31 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2008-07-31 393216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2011-11-1 2362720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2008-07-31 81920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\program files (x86)\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-08-06 60040]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-06 235624]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-07 17152]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 V0700Vid;Creative Live! Cam Chat HD Driver;c:\windows\system32\DRIVERS\V0700Vid.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gateway.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\6ziifzu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2687588113-3059001546-1709814781-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{059AF754-F0CE-742E-BBE4-619C145B8638}*]
"hajcaealggjhjnko"=hex:6b,61,65,62,6a,6c,61,61,69,69,67,67,62,6e,6d,68,61,6c,
70,69,64,65,00,00
"ialdjijellnkblhbnl"=hex:67,61,67,66,6b,6c,69,65,68,65,62,63,6f,66,00,00
"ialbobncjlogkegfpk"=hex:6b,61,65,62,6a,6c,61,61,69,69,67,67,62,6e,6d,68,61,6c,
70,69,64,65,00,00
"kabdfgllfmgiekkoghceki"=hex:62,62,64,65,63,70,6b,6e,6b,66,63,6e,67,63,65,67,
64,67,69,64,6b,6a,6b,66,6f,69,6b,63,62,68,69,64,69,65,6b,64,00,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-11-29 15:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 20:37
.
Pre-Run: 722,326,306,816 bytes free
Post-Run: 722,186,240,000 bytes free
.
- - End Of File - - 14FE779F29554B14F7F384BECAEE4AB8
3) Nothing recently

4) Nothing found, neutralized or quarantined.

Share this post


Link to post
Share on other sites
No need to apologize, but it will get more difficult to clean the computer a month after the infection.

1. Please, delete your current ComboFix. Follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

2. Please, let aswMBR scan the computer, see <a href='http://public.avast.com/~gmerek/aswMBR.htm' class='bbc_url' title='External link' rel='nofollow external'>http://public.avast....erek/aswMBR.htm</a>

Follow only the first section, &quot;How to scan&quot;, and don't try to fix anything. Post its log.
Reboot the computer.

3. Close all programs including antivirus programs and other similar programs. Otherwise they might stop OTL.

Start the program OTL.
Copy all the lines in the box:
[code]
:OTL
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:24051EFF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.

If you are asked to restart the computer do that.

Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.

Be sure that antivirus programs etc. are active before connecting to internet.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this