Solved Browser hijacked

[Resolved] Browser hijacked

Hello,

I believe I changed the show system specifications option to Yes successfully will know in a bit.

I seem to have a browser hijacked malware program that I can't seem to remove. I have tried Malwarebytes' Anti-Malware and Hitman Pro 3.5 to remove it to no success. I also tried combofix but it won't run on x64 system. My antivirus did not catch it (I use Avast Free version). My computer seems to run normally and I normally use Firefox but my wife uses Internet Exporer and that is where I am having the problem only in IE.

I ran DDS and unfortunately it says it cannot be run in DOS mode and gives me a bunch of ASCII characters in the log file. I don't believe I have any script blocking software installed.

I instead ran HijackThis and here is the log from that.

Using windows 7 x64 with Internet Explorer 8 and all updated.

Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:08:57 AM, on 7/24/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/search?hl=en&q=photography+PETAWAWA&aq=f&aqi=g1g-m1&aql=&oq=&gs_rfai=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [U1_USB] I:\AiGuru U1\AiGuru_U1usb.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0 "
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1927404120-4160168214-3788367595-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-1927404120-4160168214-3788367595-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: palmOne Registration.lnk = C:\Program Files (x86)\palmOne\register.exe
O4 - Startup: pidgin - Shortcut.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - Startup: Raff.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: DiskCopy - {359c67f7-766d-45a9-b453-208d8180bd23} - C:\Program Files (x86)\Common Files\Disk\DiskCopy.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 12877 bytes


Thank you

 

I am sorry but not sure what I am missing.

The only thing I didn't do is run DDS.scr (It seems to be associated with Autocad for Autocad uses that extension and I don't know how to run it otherwise, hence why I used HijackThis, I saw a lot of posts using it and thought I would use it too) I have searched and tried other solutions on this website to no avail.

If you can help me run DDS.scr would be appreciated. Then I can post its results.

 

Here are the contents of Extras.txt

OTL Extras logfile created on: 7/24/2010 12:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 213.12 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Drive D: | 80.01 Gb Total Space | 4.58 Gb Free Space | 5.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 19.62 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive F: | 218.08 Gb Total Space | 67.91 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive G: | 283.44 Gb Total Space | 138.02 Gb Free Space | 48.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUGS
Current User Name: Ziofel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E541ACEE-CA65-4E67-915B-C11710AC61AB}" = Sun VirtualBox
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Ultravnc2_is1" = UltraVNC 1.0.8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235674B0-A35F-4811-8A8F-E8F42A919EA3}" = PhotoPresets with One-Click WOW!
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video/Audio Device Driver
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.5 Free
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D80B6D8-C7FC-C635-B3D2-1DFE9BEE890D}" = TiltShiftGenerator: artandmobile.com
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE2ED609-7C07-4F6B-8E83-3800F8A133D6}" = PhotoPresets Wow Effects for Lightroom
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0B9F312-2CAC-4EB0-AF68-E9D6C88935A7}" = AiGuru U1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E22253C5-2AEE-4CE9-9094-0AF148859C86}" = TableNinjaFT
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adventure Maker v4.6.0_is1" = Adventure Maker v4.6.0 (build1)
"Akamai" = Akamai NetSession Interface
"AMCap" = AMCap
"AU10_is1" = Advanced Uninstaller PRO - Version 10
"avast5" = avast! Free Antivirus
"Bokeh" = Alien Skin Bokeh
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GPS Photo Tagger_TSI" = GPS Photo Tagger V1.2.3.h14
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HitmanPro35" = Hitman Pro 3.5
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"HotspotShield" = Hotspot Shield 1.34
"INsanes Small HUD" = INsanes Small HUD 8 Black
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Miro" = Miro
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MythTV Filters_is1" = MythTV Filters svnbuild-2006-10-15
"nCleaner" = nCleaner second 2.3.4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"PC Wizard 2009_is1" = PC Wizard 2009.1.9111
"Pidgin" = Pidgin
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PunkBusterSvc" = PunkBuster Services
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SystemRequirementsLab" = System Requirements Lab
"TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1" = TiltShiftGenerator: artandmobile.com
"Torrent Episode Downloader 0.971" = Torrent Episode Downloader
"Torrent Episode Downloader 0.9715" = Torrent Episode Downloader
"TrueCrypt" = TrueCrypt
"uberOptions" = uberOptions 4.60.9
"uTorrent" = µTorrent
"ViSo_is1" = ViSo version 1.3
"VLC media player" = VLC media player 1.0.5
"winscp3_is1" = WinSCP 4.2.7
"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12/2/2009 12:12:36 PM | Computer Name = Bugs | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/23/2010 11:38:33 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2010 11:38:33 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12184

Error - 7/23/2010 11:38:33 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12184

Error - 7/23/2010 11:38:34 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2010 11:38:34 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13292

Error - 7/23/2010 11:38:34 PM | Computer Name = Bugs | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13292

Error - 7/24/2010 12:39:26 AM | Computer Name = Bugs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/24/2010 12:39:37 AM | Computer Name = Bugs | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 7/24/2010 7:05:48 AM | Computer Name = Bugs | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll ".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll "
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 7/24/2010 7:06:17 AM | Computer Name = Bugs | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll ".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 2/9/2010 9:27:13 AM | Computer Name = Bugs | Source = MCUpdate | ID = 0
Description = 8:27:13 AM - Error connecting to the internet. 8:27:13 AM - Unable
to contact server..

Error - 2/9/2010 9:27:23 AM | Computer Name = Bugs | Source = MCUpdate | ID = 0
Description = 8:27:18 AM - Error connecting to the internet. 8:27:18 AM - Unable
to contact server..

[ System Events ]
Error - 6/27/2010 10:36:46 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/28/2010 7:45:46 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/29/2010 8:28:15 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 8:23:57 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 10:21:39 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 10:37:13 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 10:48:32 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 11:29:19 AM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 1:47:19 PM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183

Error - 6/30/2010 4:59:37 PM | Computer Name = Bugs | Source = Service Control Manager | ID = 7023
Description = The Nalpeiron Licensing Service service terminated with the following
error: %%183


< End of report >

 

Here are the contents of OTL.txt

OTL logfile created on: 7/24/2010 12:41:43 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 213.12 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
Drive D: | 80.01 Gb Total Space | 4.58 Gb Free Space | 5.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 19.62 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive F: | 218.08 Gb Total Space | 67.91 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive G: | 283.44 Gb Total Space | 138.02 Gb Free Space | 48.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUGS
Current User Name: Ziofel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 12:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2010/07/10 23:36:56 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
PRC - [2010/07/10 23:36:56 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/31 12:05:06 | 000,048,106 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2010/05/29 12:29:27 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/15 19:29:48 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2009/11/17 18:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/06/05 18:42:04 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/04/20 12:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\32788R22FWJFW\n.pif
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 12:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
MOD - [2010/02/14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010/02/14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009/07/20 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2009/07/13 21:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 21:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\ASTSRV.EXE -- (ASTSRV)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\astsrv.exe -- (astcc)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/12/02 23:27:55 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/11/20 15:23:40 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2010/07/10 23:36:56 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/07/10 13:23:33 | 002,561,624 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/29 12:29:27 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/25 16:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 23:27:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)
SRV - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2009/11/17 18:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/11/17 18:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

 

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/30 12:49:04 | 000,146,384 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/11/12 17:42:18 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/09 20:22:26 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/search?hl=en&q=photography+PETAWAWA&aq=f&aqi=g1g-m1&aql=&oq=&gs_rfai=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 59 0C 76 F7 60 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en&source=iglk "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: chromeditplus@webdesigns.ms11.net:2.7.2
FF - prefs.js..extensions.enabledItems: CLEO@guid.customsoftwareconsult.com:4.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: pirates-of-the-amazon@work:0.6.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a66}:2.0.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:1.2
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.35
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.1.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.4
FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.6
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.5
FF - prefs.js..extensions.enabledItems: {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.6
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531}:1.4.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2pre.091012
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.25
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {8e12f188-352c-4476-8198-e9b8f4a4353a}:5.69
FF - prefs.js..extensions.enabledItems: {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}:2.1
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.7.08.07.28
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95
FF - prefs.js..network.proxy.ftp: "67.69.254.243 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "67.69.254.243 "
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "67.69.254.243 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "67.69.254.243 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "67.69.254.243 "
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 12:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 12:40:25 | 000,000,000 | ---D | M]

[2009/11/17 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Extensions
[2009/11/17 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\8h7rqn7g.default\extensions
[2009/12/05 11:36:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\backup of extensions
[2010/07/24 09:51:08 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions
[2010/07/22 16:38:27 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/01/17 11:20:51 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2010/02/17 21:11:08 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/06/03 00:07:36 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/07/17 22:00:00 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2010/06/03 00:07:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/12/05 11:36:17 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2010/05/01 10:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/10 20:44:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/13 23:11:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/24 00:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/16 10:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2010/01/23 01:44:56 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/05 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\elemhidehelper@adblockplus.org
[2010/06/08 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\firefox1@myibay.com
[2010/05/01 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\FirefoxAddon@similarWeb.com
[2010/07/03 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\foxmarks@kei.com
[2010/07/10 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\foxyproxy@eric.h.jung
[2010/06/18 08:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\ietab@ip.cn
[2010/06/18 08:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\piclens@cooliris.com
[2010/06/18 08:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\piclens@cooliris.com-trash
[2009/12/05 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\pirates-of-the-amazon@work
[2009/12/05 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\redshift_V2@shift-themes.com
[2010/07/24 00:45:23 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\staged-xpis
[2010/07/03 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\tineye@ideeinc.com
[2010/05/01 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\yetanothersmoothscrolling@kataho
[2010/07/17 22:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}\chrome\mozapps\extensions
[2010/07/24 09:51:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/26 16:31:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/20 16:14:16 | 000,408,575 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14125 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [U1_USB] I:\AiGuru U1\AiGuru_U1usb.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [JumiController] File not found
O4 - Startup: C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files (x86)\palmOne\register.exe File not found
O4 - Startup: C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin - Shortcut.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Raff.lnk = C:\Users\Ziofel\AppData\Roaming\Realtime Soft\UltraMon\3.0.7\Profiles\Raff.umprofile ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: DiskCopy - {359c67f7-766d-45a9-b453-208d8180bd23} - C:\Program Files (x86)\Common Files\Disk\DiskCopy.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 15:01:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 16:37:10 | 003,746,847 | ---- | M] () - E:\Autocad practice that Kaja gave me.zip -- [ NTFS ]
O32 - AutoRun File - [2008/04/29 22:01:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 00:26:15 | 000,000,000 | ---D | M] - G:\Autocad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/24 10:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/07/24 09:31:06 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Desktopicon
[2010/07/24 01:00:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/24 00:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/07/24 00:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/24 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/07/24 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Malwarebytes
[2010/07/24 00:17:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 00:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/24 00:17:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/24 00:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/22 22:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/21 19:03:24 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\CherryPickerLive
[2010/07/20 14:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2010/07/20 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2010/07/14 22:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/07/12 09:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/12 09:23:14 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/12 09:23:14 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 23:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/07/10 23:40:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/07/10 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/10 22:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/10 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/07/10 13:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/07/08 23:26:51 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\UltraVNC
[2010/07/08 23:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/07/08 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2010/07/08 23:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPodRobot
[2010/06/30 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Apps
[2010/06/29 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Google
[2010/06/29 20:53:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/20 15:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/20 15:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 00:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 00:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/16 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\.shsh
[2010/06/10 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2010/06/10 12:30:00 | 000,131,072 | ---- | C] (Alvaro Redondo) -- C:\Windows\SysWow64\ARButton.ocx
[2010/06/10 12:30:00 | 000,102,400 | ---- | C] (PV) -- C:\Windows\SysWow64\cpvButton.ocx
[2010/06/10 12:30:00 | 000,065,536 | ---- | C] (FLOMIX Studios) -- C:\Windows\SysWow64\FoxCBmp3.dl
[2010/06/10 12:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adventure Maker v4.6.0
[2010/06/10 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Alien Skin
[2010/06/10 10:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2010/06/09 22:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2010/06/09 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiltShift
[2010/05/30 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2010/05/30 11:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/05/30 11:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/05/29 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\PunkBuster
[2010/05/28 11:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/05/28 10:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/05/28 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\CyberLink
[2010/05/28 10:35:34 | 000,000,000 | ---D | C] -- F:\My Documents\Youcam
[2010/05/28 10:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\CyberLink
[2010/05/28 10:31:09 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\Desktop\Cyberlink.YouCam.v3.0.1811.7429-DVT
[2010/05/27 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/05/27 15:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMUSB2.0
[2010/05/27 15:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMPIA
[2010/05/27 15:22:19 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Microforum
[2010/05/27 15:22:09 | 000,018,944 | ---- | C] (Mozzysoft) -- C:\Windows\SysWow64\ft.ocx
[2010/05/27 15:22:08 | 000,032,768 | ---- | C] (Alvaro Redondo) -- C:\Windows\SysWow64\Base64.dll
[2010/05/27 15:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViSo
[2010/05/27 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\cache
[2010/05/16 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Mask Pro 4.0
[2010/05/16 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\onOne Software
[2010/05/16 16:29:22 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2010/05/16 16:29:22 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\ASTSRV.EXE
[2010/05/16 16:29:21 | 000,072,192 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlsInterface.EXE
[2010/05/16 16:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2010/05/16 16:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2010/05/04 15:16:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/04 15:16:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/04 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Noel Danjou
[2010/05/02 13:57:43 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\vlc
[2010/05/02 13:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/05/01 21:07:19 | 000,000,000 | ---D | C] -- F:\My Documents\JumiController
[2010/04/30 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Shai_Raiten
[2010/04/29 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\PCF-VLC
[2010/04/26 16:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/26 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/26 16:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/26 16:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ziofel\AppData\Local\*.tmp files -> C:\Users\Ziofel\AppData\Local\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/24 12:43:27 | 007,864,320 | -HS- | M] () -- C:\Users\Ziofel\NTUSER.DAT
[2010/07/24 11:50:04 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 11:50:04 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 09:18:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/24 00:33:50 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/24 00:17:21 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 08:32:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/23 08:31:53 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 00:02:30 | 001,990,631 | -H-- | M] () -- C:\Users\Ziofel\AppData\Local\IconCache.db
[2010/07/21 17:41:15 | 000,011,727 | ---- | M] () -- C:\Users\Ziofel\Desktop\Gazebo price.xlsx
[2010/07/21 08:56:08 | 003,093,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/20 15:56:04 | 000,140,856 | ---- | M] () -- C:\Users\Ziofel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/19 16:47:33 | 001,141,508 | ---- | M] () -- C:\Users\Ziofel\Desktop\MAN_Square-Gazebo.pdf
[2010/07/14 22:29:11 | 000,002,515 | ---- | M] () -- C:\Users\Ziofel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/14 22:29:11 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/13 22:15:23 | 000,000,600 | ---- | M] () -- C:\Users\Ziofel\AppData\Roaming\winscp.rnd
[2010/07/12 21:31:59 | 000,782,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/12 21:31:59 | 000,662,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/12 21:31:59 | 000,121,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/11 19:35:29 | 000,000,813 | ---- | M] () -- C:\Windows\win.ini
[2010/07/10 23:36:56 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2010/07/10 23:36:56 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\srvany.exe
[2010/07/10 21:52:46 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3 64-bit.lnk
[2010/07/09 08:07:53 | 000,001,128 | ---- | M] () -- C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/07/08 23:25:50 | 000,000,775 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltraVNC Viewer.lnk
[2010/07/08 23:25:50 | 000,000,758 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltraVNC Server.lnk
[2010/07/08 23:11:03 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/07 19:18:14 | 000,001,072 | ---- | M] () -- C:\Users\Ziofel\Desktop\Autocad - Shortcut.lnk
[2010/07/04 21:57:13 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/30 14:20:01 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010/06/30 14:20:01 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2010/06/30 13:58:11 | 000,000,017 | ---- | M] () -- C:\Users\Ziofel\AppData\Local\resmon.resmoncfg
[2010/06/30 13:52:53 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2010/06/29 20:53:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/27 16:17:56 | 000,000,752 | ---- | M] () -- C:\Users\Ziofel\Desktop\Downloads.lnk
[2010/06/27 16:16:37 | 000,000,827 | ---- | M] () -- C:\Users\Ziofel\Desktop\Downloads uTorrent.lnk
[2010/06/27 12:04:01 | 000,001,386 | ---- | M] () -- C:\Users\Ziofel\Desktop\Autocad 2010.lnk
[2010/06/24 13:07:08 | 000,028,672 | ---- | M] () -- C:\Users\Ziofel\Desktop\Application to Initiate.doc
[2010/06/20 16:44:22 | 000,001,041 | ---- | M] () -- C:\Users\Ziofel\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 16:14:16 | 000,408,575 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/06/20 15:59:28 | 000,001,272 | ---- | M] () -- C:\Users\Ziofel\Desktop\Spybot - Search & Destroy.lnk
[2010/06/20 15:31:02 | 188,588,216 | ---- | M] () -- F:\My Documents\registry back up June 19 2010.reg
[2010/06/20 15:30:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll
[2010/06/16 19:08:49 | 000,000,859 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100620-161416.backup
[2010/06/16 19:08:49 | 000,000,858 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2010/06/13 00:26:12 | 000,005,830 | ---- | M] () -- C:\Users\Ziofel\Desktop\domain.jpg
[2010/06/10 12:30:12 | 000,023,392 | ---- | M] () -- C:\Windows\SysWow64\nscompat.tlb
[2010/06/10 12:30:10 | 000,001,109 | ---- | M] () -- C:\Users\Ziofel\Desktop\Adventure Maker v4.6.0 Free Edition.lnk
[2010/06/09 22:11:02 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\TiltShift.lnk
[2010/06/09 13:54:46 | 001,899,121 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltimateBlogProfit.pdf
[2010/06/07 19:58:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/07 19:58:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/07 19:58:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/01 23:45:36 | 000,108,032 | ---- | M] () -- C:\Users\Ziofel\Desktop\Aide Memoire 2008-1.doc
[2010/05/30 11:48:27 | 000,001,803 | ---- | M] () -- C:\Users\Ziofel\Desktop\WinSCP.lnk
[2010/05/29 14:17:03 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/29 14:17:03 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 12:29:27 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 12:29:27 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 14:33:23 | 000,001,131 | ---- | M] () -- C:\Users\Ziofel\Desktop\CyberLink YouCam.lnk
[2010/05/19 21:44:59 | 000,163,936 | ---- | M] () -- C:\Users\Ziofel\Desktop\gazebo.dwg
[2010/05/19 15:57:08 | 000,900,966 | ---- | M] () -- C:\Users\Ziofel\Desktop\gazebo.pdf
[2010/05/18 10:08:29 | 004,255,624 | ---- | M] () -- C:\Users\Ziofel\Desktop\sixfigureaffiliateblogging.pdf
[2010/05/17 23:05:44 | 000,001,708 | ---- | M] () -- C:\Users\Ziofel\Desktop\Photoshop 32 bit.lnk
[2010/05/10 17:19:20 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk
[2010/04/30 21:01:46 | 000,772,848 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 11:00:30 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Miro.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ziofel\AppData\Local\*.tmp files -> C:\Users\Ziofel\AppData\Local\*.tmp -> ]

 

========== Files Created - No Company Name ==========

[2010/07/24 00:33:50 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/24 00:17:21 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 17:41:14 | 000,011,727 | ---- | C] () -- C:\Users\Ziofel\Desktop\Gazebo price.xlsx
[2010/07/19 16:47:33 | 001,141,508 | ---- | C] () -- C:\Users\Ziofel\Desktop\MAN_Square-Gazebo.pdf
[2010/07/14 22:29:11 | 000,002,515 | ---- | C] () -- C:\Users\Ziofel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/14 22:29:11 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/10 23:37:25 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2010/07/10 23:37:25 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/07/10 21:52:46 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3 64-bit.lnk
[2010/07/08 23:25:50 | 000,000,775 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltraVNC Viewer.lnk
[2010/07/08 23:25:50 | 000,000,758 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltraVNC Server.lnk
[2010/07/08 23:11:03 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/06/30 14:20:01 | 000,088,813 | ---- | C] () -- C:\wubildr
[2010/06/30 14:20:01 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010/06/30 13:58:11 | 000,000,017 | ---- | C] () -- C:\Users\Ziofel\AppData\Local\resmon.resmoncfg
[2010/06/27 12:04:01 | 000,001,386 | ---- | C] () -- C:\Users\Ziofel\Desktop\Autocad 2010.lnk
[2010/06/27 12:03:45 | 000,000,752 | ---- | C] () -- C:\Users\Ziofel\Desktop\Downloads.lnk
[2010/06/27 12:03:41 | 000,000,827 | ---- | C] () -- C:\Users\Ziofel\Desktop\Downloads uTorrent.lnk
[2010/06/27 11:45:00 | 000,001,072 | ---- | C] () -- C:\Users\Ziofel\Desktop\Autocad - Shortcut.lnk
[2010/06/20 15:59:28 | 000,001,272 | ---- | C] () -- C:\Users\Ziofel\Desktop\Spybot - Search & Destroy.lnk
[2010/06/20 15:30:52 | 188,588,216 | ---- | C] () -- F:\My Documents\registry back up June 19 2010.reg
[2010/06/19 00:40:32 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/13 00:26:12 | 000,005,830 | ---- | C] () -- C:\Users\Ziofel\Desktop\domain.jpg
[2010/06/10 12:30:12 | 000,023,392 | ---- | C] () -- C:\Windows\SysWow64\nscompat.tlb
[2010/06/10 12:30:10 | 000,001,109 | ---- | C] () -- C:\Users\Ziofel\Desktop\Adventure Maker v4.6.0 Free Edition.lnk
[2010/06/10 12:30:00 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010/06/09 22:11:02 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\TiltShift.lnk
[2010/06/09 13:54:46 | 001,899,121 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltimateBlogProfit.pdf
[2010/06/01 23:45:35 | 000,108,032 | ---- | C] () -- C:\Users\Ziofel\Desktop\Aide Memoire 2008-1.doc
[2010/06/01 23:45:19 | 000,028,672 | ---- | C] () -- C:\Users\Ziofel\Desktop\Application to Initiate.doc
[2010/05/30 11:48:28 | 000,000,600 | ---- | C] () -- C:\Users\Ziofel\AppData\Roaming\winscp.rnd
[2010/05/30 11:48:27 | 000,001,803 | ---- | C] () -- C:\Users\Ziofel\Desktop\WinSCP.lnk
[2010/05/29 13:27:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/29 12:29:29 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 12:29:27 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 12:29:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 11:12:59 | 000,001,131 | ---- | C] () -- C:\Users\Ziofel\Desktop\CyberLink YouCam.lnk
[2010/05/19 17:21:10 | 000,163,936 | ---- | C] () -- C:\Users\Ziofel\Desktop\gazebo.dwg
[2010/05/19 15:57:08 | 000,900,966 | ---- | C] () -- C:\Users\Ziofel\Desktop\gazebo.pdf
[2010/05/18 10:08:11 | 004,255,624 | ---- | C] () -- C:\Users\Ziofel\Desktop\sixfigureaffiliateblogging.pdf
[2010/05/17 23:05:44 | 000,001,708 | ---- | C] () -- C:\Users\Ziofel\Desktop\Photoshop 32 bit.lnk
[2010/03/25 11:41:09 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2010/01/22 22:05:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll
[2009/12/15 22:53:31 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2009/12/07 23:00:52 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/12/06 11:06:15 | 000,772,848 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/15 20:07:13 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 03:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/07/24 12:33:55 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\.purple
[2010/06/10 10:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Alien Skin
[2010/07/10 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Autodesk
[2010/07/21 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\CherryPickerLive
[2010/07/24 09:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Desktopicon
[2010/03/26 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\DiskAid
[2010/03/21 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\GetWare
[2010/07/17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\gtk-2.0
[2009/11/16 11:48:09 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\HotSync
[2009/12/04 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Leadertech
[2010/05/16 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mask Pro 4.0
[2010/05/27 15:22:19 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Microforum
[2010/01/22 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\nCleaner
[2010/05/26 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\onOne Software
[2009/12/11 23:39:21 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Participatory Culture Foundation
[2010/04/29 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\PCF-VLC
[2010/07/12 09:12:52 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\SystemRequirementsLab
[2010/06/09 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2009/11/14 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\TrueCrypt
[2010/07/24 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\uTorrent
[2010/06/20 16:44:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Vso
[2010/04/29 11:35:21 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\XBMC
[2010/07/10 08:37:01 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/06 11:06:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/06/30 13:52:53 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/05/08 13:40:22 | 000,000,068 | ---- | M] () -- C:\hcwclear.txt
[2009/12/02 00:31:59 | 000,025,701 | ---- | M] () -- C:\Heather Resume.docx
[2010/07/23 08:31:53 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/09/23 01:39:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/02/17 18:16:07 | 000,000,035 | ---- | M] () -- C:\NTSet.log
[2010/07/23 08:31:56 | 4293,189,632 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/06/30 14:20:01 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010/06/30 14:20:01 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 21:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:F4CA4D70
< End of report >

 

This problem happened long after I had the KMService on this computer, I can't see it being the problem but none the less I don't have Office any longer. So this program can go as well.

Java has been updated but why was this important?

Just want to know why I am doing this to learn more.

When I installed Java it apparently deleted previous versions because the one I just installed is the only one on the computer.

OTL crashes (Does not respond) at the end and does not create a log file.

Somewhere in this fix it seems to of fixed the IE problem for the hijack is not happening anymore.

 

When I installed Java it apparently deleted previous versions because the one I just installed is the only one on the computer.

OTL crashes (Does not respond) at the end of the run fix and does not create a log file.

Somewhere in this fix it seems to of fixed the IE problem for the hijack is not happening anymore.

After reboot I did a quick scan and this is the log from that.

OTL logfile created on: 7/24/2010 11:05:27 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 215.16 Gb Free Space | 72.18% Space Free | Partition Type: NTFS
Drive D: | 80.01 Gb Total Space | 4.58 Gb Free Space | 5.72% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 19.47 Gb Free Space | 13.07% Space Free | Partition Type: NTFS
Drive F: | 218.08 Gb Total Space | 67.91 Gb Free Space | 31.14% Space Free | Partition Type: NTFS
Drive G: | 283.44 Gb Total Space | 138.02 Gb Free Space | 48.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUGS
Current User Name: Ziofel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 12:40:25 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/24 12:40:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/24 12:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/05/29 12:29:27 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2009/11/17 18:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 12:39:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\ASTSRV.EXE -- (ASTSRV)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\astsrv.exe -- (astcc)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/12/02 23:27:55 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/11/20 15:23:40 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/13 21:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2010/07/10 13:23:33 | 002,561,624 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/05/29 12:29:27 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/25 16:21:24 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 23:27:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (ASTSRV)
SRV - [2009/11/20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2009/11/17 18:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/11/17 18:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/11/30 12:49:04 | 000,146,384 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/11/12 17:42:18 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/09 20:22:26 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/17 12:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 12:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/search?hl=en&q=photography+PETAWAWA&aq=f&aqi=g1g-m1&aql=&oq=&gs_rfai=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 59 0C 76 F7 60 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig?hl=en&source=iglk "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: chromeditplus@webdesigns.ms11.net:2.7.2
FF - prefs.js..extensions.enabledItems: CLEO@guid.customsoftwareconsult.com:4.3
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.5
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: pirates-of-the-amazon@work:0.6.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.5
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a66}:2.0.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:1.2
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.35
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.5.1
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.1.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.4
FF - prefs.js..extensions.enabledItems: {19EB90DC-A456-458b-8AAC-616D91AAFCE1}:0.6
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.5
FF - prefs.js..extensions.enabledItems: {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.6
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531}:1.4.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2pre.091012
FF - prefs.js..extensions.enabledItems: {BE2100B3-1D80-48eb-ACCF-D26750644378}:0.4.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.25
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {8e12f188-352c-4476-8198-e9b8f4a4353a}:5.69
FF - prefs.js..extensions.enabledItems: {a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}:2.1
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.7.08.07.28
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95
FF - prefs.js..network.proxy.ftp: "67.69.254.243 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "67.69.254.243 "
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "67.69.254.243 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "67.69.254.243 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "67.69.254.243 "
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/24 12:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/24 12:40:25 | 000,000,000 | ---D | M]

[2009/11/17 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Extensions
[2009/11/17 11:06:25 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\8h7rqn7g.default\extensions
[2009/12/05 11:36:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\backup of extensions
[2010/07/24 22:18:39 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions
[2010/07/22 16:38:27 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/01/17 11:20:51 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2010/02/17 21:11:08 | 000,000,000 | ---D | M] (Integrated Gmail) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2010/06/03 00:07:36 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/07/17 22:00:00 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2009/12/05 11:36:16 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a}
[2010/06/03 00:07:39 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/12/05 11:36:17 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2010/05/01 10:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/07/10 20:44:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/13 23:11:28 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/24 00:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/05/16 10:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2010/01/23 01:44:56 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/05 11:36:11 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\elemhidehelper@adblockplus.org
[2010/06/08 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\firefox1@myibay.com
[2010/05/01 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\FirefoxAddon@similarWeb.com
[2010/07/03 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\foxmarks@kei.com
[2010/07/10 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\foxyproxy@eric.h.jung
[2010/06/18 08:43:31 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\ietab@ip.cn
[2010/06/18 08:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\piclens@cooliris.com
[2010/06/18 08:43:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\piclens@cooliris.com-trash
[2009/12/05 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\pirates-of-the-amazon@work
[2009/12/05 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\redshift_V2@shift-themes.com
[2010/07/24 00:45:23 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\staged-xpis
[2010/07/03 10:35:18 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\tineye@ideeinc.com
[2010/05/01 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\yetanothersmoothscrolling@kataho
[2010/07/17 22:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ziofel\AppData\Roaming\Mozilla\Firefox\Profiles\9vicm03q.Raff\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}\chrome\mozapps\extensions
[2010/07/24 22:18:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/26 16:31:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/24 22:18:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/20 16:14:16 | 000,408,575 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14125 more lines...
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pidgin - Shortcut.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Users\Ziofel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Raff.lnk = C:\Users\Ziofel\AppData\Roaming\Realtime Soft\UltraMon\3.0.7\Profiles\Raff.umprofile ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: DiskCopy - {359c67f7-766d-45a9-b453-208d8180bd23} - C:\Program Files (x86)\Common Files\Disk\DiskCopy.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 15:01:35 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 16:37:10 | 003,746,847 | ---- | M] () - E:\Autocad practice that Kaja gave me.zip -- [ NTFS ]
O32 - AutoRun File - [2008/04/29 22:01:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/10 00:26:15 | 000,000,000 | ---D | M] - G:\Autocad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/24 22:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/24 22:17:59 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/07/24 22:17:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/07/24 22:17:59 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/07/24 21:59:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/24 10:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/07/24 09:31:06 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Desktopicon
[2010/07/24 01:00:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/24 00:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/07/24 00:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/24 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hitman Pro 3.5
[2010/07/24 00:17:32 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Malwarebytes
[2010/07/24 00:17:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/24 00:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/24 00:17:17 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/24 00:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/22 22:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/07/21 19:03:24 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\CherryPickerLive
[2010/07/20 14:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2010/07/20 14:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2010/07/14 22:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/07/12 09:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/07/12 09:23:14 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/12 09:23:14 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 23:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/07/10 23:40:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/07/10 22:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/10 21:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010/07/10 13:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/07/08 23:26:51 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\UltraVNC
[2010/07/08 23:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2010/07/08 23:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2010/07/08 23:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPodRobot
[2010/06/30 13:59:30 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Apps
[2010/06/29 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Google
[2010/06/29 20:53:53 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/20 15:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/06/20 15:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 00:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 00:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 00:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/16 19:06:13 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\.shsh
[2010/06/10 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2010/06/10 12:30:00 | 000,131,072 | ---- | C] (Alvaro Redondo) -- C:\Windows\SysWow64\ARButton.ocx
[2010/06/10 12:30:00 | 000,102,400 | ---- | C] (PV) -- C:\Windows\SysWow64\cpvButton.ocx
[2010/06/10 12:30:00 | 000,065,536 | ---- | C] (FLOMIX Studios) -- C:\Windows\SysWow64\FoxCBmp3.dl
[2010/06/10 12:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adventure Maker v4.6.0
[2010/06/10 10:38:44 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Alien Skin
[2010/06/10 10:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alien Skin
[2010/06/09 22:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2010/06/09 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiltShift
[2010/05/30 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP
[2010/05/30 11:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/05/30 11:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/05/29 13:27:12 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\PunkBuster
[2010/05/28 11:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010/05/28 10:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/05/28 10:35:35 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\CyberLink
[2010/05/28 10:35:34 | 000,000,000 | ---D | C] -- F:\My Documents\Youcam
[2010/05/28 10:35:27 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\CyberLink
[2010/05/28 10:31:09 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\Desktop\Cyberlink.YouCam.v3.0.1811.7429-DVT
[2010/05/27 15:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2010/05/27 15:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMUSB2.0
[2010/05/27 15:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMPIA
[2010/05/27 15:22:19 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Microforum
[2010/05/27 15:22:09 | 000,018,944 | ---- | C] (Mozzysoft) -- C:\Windows\SysWow64\ft.ocx
[2010/05/27 15:22:08 | 000,032,768 | ---- | C] (Alvaro Redondo) -- C:\Windows\SysWow64\Base64.dll
[2010/05/27 15:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViSo
[2010/05/27 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\cache
[2010/05/16 16:50:23 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\Mask Pro 4.0
[2010/05/16 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\onOne Software
[2010/05/16 16:29:22 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\nlssrv32.exe
[2010/05/16 16:29:22 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\ASTSRV.EXE
[2010/05/16 16:29:21 | 000,072,192 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysNative\nlsInterface.EXE
[2010/05/16 16:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2010/05/16 16:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\onOne Software
[2010/05/04 15:16:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/04 15:16:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/04 14:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Noel Danjou
[2010/05/02 13:57:43 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\vlc
[2010/05/02 13:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/05/01 21:07:19 | 000,000,000 | ---D | C] -- F:\My Documents\JumiController
[2010/04/30 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Local\Shai_Raiten
[2010/04/29 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ziofel\AppData\Roaming\PCF-VLC
[2010/04/26 16:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/26 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/26 16:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/26 16:31:02 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll

========== Files - Modified Within 90 Days ==========

[2010/07/24 23:07:46 | 007,864,320 | -HS- | M] () -- C:\Users\Ziofel\NTUSER.DAT
[2010/07/24 23:00:50 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 23:00:50 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/24 22:52:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/24 22:52:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/24 22:52:28 | 3219,890,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 22:51:27 | 002,612,082 | -H-- | M] () -- C:\Users\Ziofel\AppData\Local\IconCache.db
[2010/07/24 00:33:50 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/24 00:17:21 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 17:41:15 | 000,011,727 | ---- | M] () -- C:\Users\Ziofel\Desktop\Gazebo price.xlsx
[2010/07/21 08:56:08 | 003,093,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/20 15:56:04 | 000,140,856 | ---- | M] () -- C:\Users\Ziofel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/19 16:47:33 | 001,141,508 | ---- | M] () -- C:\Users\Ziofel\Desktop\MAN_Square-Gazebo.pdf
[2010/07/14 22:29:11 | 000,002,515 | ---- | M] () -- C:\Users\Ziofel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/14 22:29:11 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/13 22:15:23 | 000,000,600 | ---- | M] () -- C:\Users\Ziofel\AppData\Roaming\winscp.rnd
[2010/07/12 21:31:59 | 000,782,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/12 21:31:59 | 000,662,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/12 21:31:59 | 000,121,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/11 19:35:29 | 000,000,813 | ---- | M] () -- C:\Windows\win.ini
[2010/07/10 21:52:46 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3 64-bit.lnk
[2010/07/08 23:25:50 | 000,000,775 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltraVNC Viewer.lnk
[2010/07/08 23:25:50 | 000,000,758 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltraVNC Server.lnk
[2010/07/08 23:11:03 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/07 19:18:14 | 000,001,072 | ---- | M] () -- C:\Users\Ziofel\Desktop\Autocad - Shortcut.lnk
[2010/07/04 21:57:13 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/30 14:20:01 | 000,088,813 | ---- | M] () -- C:\wubildr
[2010/06/30 14:20:01 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2010/06/30 13:58:11 | 000,000,017 | ---- | M] () -- C:\Users\Ziofel\AppData\Local\resmon.resmoncfg
[2010/06/30 13:52:53 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2010/06/29 20:53:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/06/28 16:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/06/28 16:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/06/28 16:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/06/28 16:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/06/27 16:17:56 | 000,000,752 | ---- | M] () -- C:\Users\Ziofel\Desktop\Downloads.lnk
[2010/06/27 16:16:37 | 000,000,827 | ---- | M] () -- C:\Users\Ziofel\Desktop\Downloads uTorrent.lnk
[2010/06/27 12:04:01 | 000,001,386 | ---- | M] () -- C:\Users\Ziofel\Desktop\Autocad 2010.lnk
[2010/06/24 13:07:08 | 000,028,672 | ---- | M] () -- C:\Users\Ziofel\Desktop\Application to Initiate.doc
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010/06/20 16:44:22 | 000,001,041 | ---- | M] () -- C:\Users\Ziofel\AppData\Roaming\vso_ts_preview.xml
[2010/06/20 16:14:16 | 000,408,575 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/06/20 15:59:28 | 000,001,272 | ---- | M] () -- C:\Users\Ziofel\Desktop\Spybot - Search & Destroy.lnk
[2010/06/20 15:31:02 | 188,588,216 | ---- | M] () -- F:\My Documents\registry back up June 19 2010.reg
[2010/06/20 15:30:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\w32apiw.dll
[2010/06/16 19:08:49 | 000,000,859 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100620-161416.backup
[2010/06/16 19:08:49 | 000,000,858 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2010/06/13 00:26:12 | 000,005,830 | ---- | M] () -- C:\Users\Ziofel\Desktop\domain.jpg
[2010/06/10 12:30:12 | 000,023,392 | ---- | M] () -- C:\Windows\SysWow64\nscompat.tlb
[2010/06/10 12:30:10 | 000,001,109 | ---- | M] () -- C:\Users\Ziofel\Desktop\Adventure Maker v4.6.0 Free Edition.lnk
[2010/06/09 22:11:02 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\TiltShift.lnk
[2010/06/09 13:54:46 | 001,899,121 | ---- | M] () -- C:\Users\Ziofel\Desktop\UltimateBlogProfit.pdf
[2010/06/07 19:58:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/06/07 19:58:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/06/07 19:58:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/01 23:45:36 | 000,108,032 | ---- | M] () -- C:\Users\Ziofel\Desktop\Aide Memoire 2008-1.doc
[2010/05/30 11:48:27 | 000,001,803 | ---- | M] () -- C:\Users\Ziofel\Desktop\WinSCP.lnk
[2010/05/29 14:17:03 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/29 14:17:03 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 12:29:27 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 12:29:27 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 14:33:23 | 000,001,131 | ---- | M] () -- C:\Users\Ziofel\Desktop\CyberLink YouCam.lnk
[2010/05/19 21:44:59 | 000,163,936 | ---- | M] () -- C:\Users\Ziofel\Desktop\gazebo.dwg
[2010/05/19 15:57:08 | 000,900,966 | ---- | M] () -- C:\Users\Ziofel\Desktop\gazebo.pdf
[2010/05/18 10:08:29 | 004,255,624 | ---- | M] () -- C:\Users\Ziofel\Desktop\sixfigureaffiliateblogging.pdf
[2010/05/17 23:05:44 | 000,001,708 | ---- | M] () -- C:\Users\Ziofel\Desktop\Photoshop 32 bit.lnk
[2010/05/10 17:19:20 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\GPS Photo Tagger.lnk
[2010/04/30 21:01:46 | 000,772,848 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/29 11:00:30 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Miro.lnk

 

========== Files Created - No Company Name ==========

[2010/07/24 00:33:50 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010/07/24 00:17:21 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 17:41:14 | 000,011,727 | ---- | C] () -- C:\Users\Ziofel\Desktop\Gazebo price.xlsx
[2010/07/19 16:47:33 | 001,141,508 | ---- | C] () -- C:\Users\Ziofel\Desktop\MAN_Square-Gazebo.pdf
[2010/07/14 22:29:11 | 000,002,515 | ---- | C] () -- C:\Users\Ziofel\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/07/14 22:29:11 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/10 21:52:46 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3 64-bit.lnk
[2010/07/08 23:25:50 | 000,000,775 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltraVNC Viewer.lnk
[2010/07/08 23:25:50 | 000,000,758 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltraVNC Server.lnk
[2010/07/08 23:11:03 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/06/30 14:20:01 | 000,088,813 | ---- | C] () -- C:\wubildr
[2010/06/30 14:20:01 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010/06/30 13:58:11 | 000,000,017 | ---- | C] () -- C:\Users\Ziofel\AppData\Local\resmon.resmoncfg
[2010/06/27 12:04:01 | 000,001,386 | ---- | C] () -- C:\Users\Ziofel\Desktop\Autocad 2010.lnk
[2010/06/27 12:03:45 | 000,000,752 | ---- | C] () -- C:\Users\Ziofel\Desktop\Downloads.lnk
[2010/06/27 12:03:41 | 000,000,827 | ---- | C] () -- C:\Users\Ziofel\Desktop\Downloads uTorrent.lnk
[2010/06/27 11:45:00 | 000,001,072 | ---- | C] () -- C:\Users\Ziofel\Desktop\Autocad - Shortcut.lnk
[2010/06/20 15:59:28 | 000,001,272 | ---- | C] () -- C:\Users\Ziofel\Desktop\Spybot - Search & Destroy.lnk
[2010/06/20 15:30:52 | 188,588,216 | ---- | C] () -- F:\My Documents\registry back up June 19 2010.reg
[2010/06/19 00:40:32 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/13 00:26:12 | 000,005,830 | ---- | C] () -- C:\Users\Ziofel\Desktop\domain.jpg
[2010/06/10 12:30:12 | 000,023,392 | ---- | C] () -- C:\Windows\SysWow64\nscompat.tlb
[2010/06/10 12:30:10 | 000,001,109 | ---- | C] () -- C:\Users\Ziofel\Desktop\Adventure Maker v4.6.0 Free Edition.lnk
[2010/06/10 12:30:00 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010/06/09 22:11:02 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\TiltShift.lnk
[2010/06/09 13:54:46 | 001,899,121 | ---- | C] () -- C:\Users\Ziofel\Desktop\UltimateBlogProfit.pdf
[2010/06/01 23:45:35 | 000,108,032 | ---- | C] () -- C:\Users\Ziofel\Desktop\Aide Memoire 2008-1.doc
[2010/06/01 23:45:19 | 000,028,672 | ---- | C] () -- C:\Users\Ziofel\Desktop\Application to Initiate.doc
[2010/05/30 11:48:28 | 000,000,600 | ---- | C] () -- C:\Users\Ziofel\AppData\Roaming\winscp.rnd
[2010/05/30 11:48:27 | 000,001,803 | ---- | C] () -- C:\Users\Ziofel\Desktop\WinSCP.lnk
[2010/05/29 13:27:16 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/05/29 12:29:29 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/05/29 12:29:27 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/05/29 12:29:27 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/28 11:12:59 | 000,001,131 | ---- | C] () -- C:\Users\Ziofel\Desktop\CyberLink YouCam.lnk
[2010/05/19 17:21:10 | 000,163,936 | ---- | C] () -- C:\Users\Ziofel\Desktop\gazebo.dwg
[2010/05/19 15:57:08 | 000,900,966 | ---- | C] () -- C:\Users\Ziofel\Desktop\gazebo.pdf
[2010/05/18 10:08:11 | 004,255,624 | ---- | C] () -- C:\Users\Ziofel\Desktop\sixfigureaffiliateblogging.pdf
[2010/05/17 23:05:44 | 000,001,708 | ---- | C] () -- C:\Users\Ziofel\Desktop\Photoshop 32 bit.lnk
[2010/03/25 11:41:09 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2010/01/22 22:05:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\w32apiw.dll
[2009/12/15 22:53:31 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2009/12/07 23:00:52 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2009/12/06 11:06:15 | 000,772,848 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/15 20:07:13 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/12/28 03:22:04 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
========== LOP Check ==========

[2010/07/24 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\.purple
[2010/06/10 10:38:44 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Alien Skin
[2010/07/10 15:19:40 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Autodesk
[2010/07/21 19:03:24 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\CherryPickerLive
[2010/07/24 09:31:06 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Desktopicon
[2010/03/26 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\DiskAid
[2010/03/21 10:40:11 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\GetWare
[2010/07/17 16:06:59 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\gtk-2.0
[2009/11/16 11:48:09 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\HotSync
[2009/12/04 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Leadertech
[2010/05/16 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Mask Pro 4.0
[2010/05/27 15:22:19 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Microforum
[2010/01/22 22:05:30 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\nCleaner
[2010/05/26 22:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\onOne Software
[2009/12/11 23:39:21 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Participatory Culture Foundation
[2010/04/29 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\PCF-VLC
[2010/07/12 09:12:52 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\SystemRequirementsLab
[2010/06/09 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2009/11/14 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\TrueCrypt
[2010/07/24 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\uTorrent
[2010/06/20 16:44:22 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\Vso
[2010/04/29 11:35:21 | 000,000,000 | ---D | M] -- C:\Users\Ziofel\AppData\Roaming\XBMC
[2010/07/10 08:37:01 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

I wasn't upset. Here is the last log.

All processes killed
========== OTL ==========
Error: No service named Microsoft Office Groove Audit Service was found to stop!
Service\Driver key Microsoft Office Groove Audit Service not found.
File C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
File C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor not found.
File C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.
File C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Microsoft Office not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ziofel
->Temp folder emptied: 3533009 bytes
->Temporary Internet Files folder emptied: 5739574 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42032616 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 35267 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1605738 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 933233666 bytes

Total Files Cleaned = 941.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: postgres

User: Public

User: Ziofel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07252010_200029

Files\Folders moved on Reboot...
C:\Users\Ziofel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Ziofel\AppData\Local\Temp\~DFAE04F56F47E089C2.TMP not found!

Registry entries deleted on Reboot...

Tks for your help by the way.

 

Security check report:

Results of screen317's Security Check version 0.99.4
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
nCleaner second 2.3.4.0
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

TFC Crashed but said it cleaned temp folders in various locations

Kapersky is scanning and will post when its done.

 

Kapersky scanned and now have a clean computer. Took 7.5 hours to scan all drives

Thank you very much, greatly appreciate it.