1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Firefox Highjacked

Discussion in 'Malware and Virus Removal Archive' started by Fredb38, 2010/06/20.

Page 2 of 2
  1. 2010/06/21
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP folder moved successfully.
    ADS C:\ProgramData\TEMP:21654C57 deleted successfully.
    ADS C:\ProgramData\TEMP:4BF2F6B5 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Fred
    ->Temp folder emptied: 0 bytes

    User: Fredb38
    ->Temp folder emptied: 98782 bytes
    ->Temporary Internet Files folder emptied: 10556802 bytes
    ->Java cache emptied: 396435 bytes
    ->FireFox cache emptied: 83456118 bytes
    ->Flash cache emptied: 8140 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2219 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 90.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Fred

    User: Fredb38
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.1 log created on 06222010_004859

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Fredb38,
    #21
  2. 2010/06/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on....
     
    broni,
    #22


  3. to hide this advert.

  4. 2010/06/21
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    OTL logfile created on: 6/22/2010 12:55:36 AM - Run 2
    OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\Fredb38\Downloads
    Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): [Binary data over 100 bytes]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 326.38 Gb Total Space | 272.73 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
    Drive D: | 8.87 Gb Total Space | 1.20 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    Drive H: | 465.76 Gb Total Space | 222.89 Gb Free Space | 47.85% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 337.75 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 345.15 Gb Free Space | 37.05% Space Free | Partition Type: NTFS

    Computer Name: FREDB38-PC
    Current User Name: Fredb38
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/06/21 23:57:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fredb38\Downloads\OTL.exe
    PRC - [2010/06/13 20:50:21 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/04/21 20:52:22 | 000,186,760 | ---- | M] () -- H:\Program Files\Proshow Gold\scsiaccess.exe
    PRC - [2010/04/03 08:31:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
    PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
    PRC - [2009/04/27 02:22:04 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2009/04/27 02:11:54 | 002,029,640 | ---- | M] (Cracked By Wh!5t|eR) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2009/04/04 03:20:00 | 000,471,040 | ---- | M] (Felitec Inc.) -- C:\Program Files\Felitec\Mindful 2\Mindful.exe
    PRC - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\System32\NMSAccessU.exe
    PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/06/21 23:57:19 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Fredb38\Downloads\OTL.exe
    MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
    MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 21:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
    MOD - [2009/07/13 21:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
    MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
    MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
    MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (SBSDWSCService)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/04/21 20:52:22 | 000,186,760 | ---- | M] () [Auto | Running] -- H:\Program Files\Proshow Gold\scsiaccess.exe -- (ScsiAccess)
    SRV - [2010/03/11 13:32:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/02/02 13:35:30 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2010/02/02 13:35:20 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/04/27 02:22:08 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2009/04/27 02:22:04 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2009/01/12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\System32\NMSAccessU.exe -- (NMSAccess)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/06/20 08:58:00 | 003,086,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/09/27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
    DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
    DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/04/27 02:22:12 | 000,113,960 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
    DRV - [2009/04/27 02:22:08 | 000,038,240 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2009/04/27 02:22:08 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2009/04/27 02:22:06 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2009/04/27 02:22:04 | 000,131,976 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..keyword.URL: "http://Bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-71-0-12QPy&q= "


    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/10 19:43:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 13:20:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 13:20:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/03/10 19:53:22 | 000,000,000 | ---D | M]

    [2010/03/19 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Extensions
    [2010/03/19 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/06/21 22:48:02 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\extensions
    [2010/03/11 09:25:46 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/06/09 22:06:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/05/15 20:58:24 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\extensions\anttoolbar@ant.com
    [2010/05/06 17:10:22 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\extensions\searchtoolbar@zugo.com
    [2010/04/13 08:56:03 | 000,001,836 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\searchplugins\bing-ff.xml
    [2010/05/06 17:10:47 | 000,001,944 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\Mozilla\Firefox\Profiles\z0wdj7p0.default\searchplugins\bing-zugo.xml
    [2010/06/09 22:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/15 03:11:28 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{8c67aaa4-a39e-e2d9-3ed6-4b5088d3d8ce}
    [2010/06/04 08:33:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/06/04 08:32:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2010/06/22 00:49:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (Cracked By Wh!5t|eR)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Mindful 2] C:\Program Files\Felitec\Mindful 2\Mindful.exe (Felitec Inc.)
    O4 - HKCU..\Run: [SansaDispatch] C:\Users\Fredb38\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2008/12/31 01:04:27 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    Fredb38,
    #23
  5. 2010/06/22
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    O

    ========== Files - Modified Within 90 Days ==========

    [2010/06/22 00:50:43 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/06/22 00:50:43 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2010/06/22 00:50:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/06/22 00:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/06/22 00:50:23 | 2716,708,864 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/22 00:49:19 | 003,932,160 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat
    [2010/06/22 00:49:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2010/06/21 23:48:01 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/06/21 23:48:01 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/06/21 23:39:53 | 004,108,550 | -H-- | M] () -- C:\Users\Fredb38\AppData\Local\IconCache.db
    [2010/06/21 23:31:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/06/21 23:04:04 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Sothink Movie DVD Maker.lnk
    [2010/06/21 23:04:04 | 000,000,784 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
    [2010/06/21 22:59:44 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO DVD Creator 6.lnk
    [2010/06/21 22:59:44 | 000,000,836 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator 6.lnk
    [2010/06/21 22:12:48 | 000,001,041 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\vso_ts_preview.xml
    [2010/06/21 17:00:11 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010/06/20 20:09:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2010/06/20 20:04:43 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/06/20 09:52:46 | 000,019,501 | ---- | M] () -- C:\Windows\hpqins13.dat
    [2010/06/20 09:52:24 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
    [2010/06/20 09:50:28 | 000,019,104 | ---- | M] () -- C:\Windows\hpqins13.dat.temp
    [2010/06/20 09:01:50 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    [2010/06/20 08:57:57 | 000,299,424 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
    [2010/06/20 08:51:03 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
    [2010/06/20 08:51:03 | 000,000,651 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
    [2010/06/20 08:25:29 | 000,000,679 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
    [2010/06/20 08:15:01 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\nvcuvidb.dll
    [2010/06/20 03:28:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\File Helper.job
    [2010/06/18 08:03:08 | 000,065,536 | ---- | M] () -- C:\Users\Fredb38\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/15 19:59:16 | 000,000,712 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Maker 3.lnk
    [2010/06/14 09:07:28 | 000,205,984 | ---- | M] () -- C:\Users\Fredb38\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/06/14 08:27:20 | 000,623,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/06/14 01:38:39 | 000,000,028 | ---- | M] () -- C:\Windows\v2d.INI
    [2010/06/13 20:45:27 | 000,623,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/13 20:45:27 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/13 20:45:26 | 000,727,362 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/13 13:19:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/06/11 21:48:52 | 000,001,087 | ---- | M] () -- C:\Users\Fredb38\Desktop\SyncBackPro.lnk
    [2010/06/10 23:18:18 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
    [2010/06/10 23:18:14 | 000,000,165 | ---- | M] () -- C:\Windows\QUICKEN.INI
    [2010/06/10 19:43:57 | 000,023,127 | ---- | M] () -- C:\Windows\hpqins15.dat
    [2010/06/10 07:59:10 | 000,001,107 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/06/10 00:38:17 | 000,000,534 | ---- | M] () -- C:\Windows\win.ini
    [2010/06/09 08:54:30 | 000,000,406 | ---- | M] () -- C:\Windows\System32\ioloBootDefrag.cfg
    [2010/06/09 08:49:21 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll
    [2010/06/08 00:09:04 | 000,002,741 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
    [2010/06/04 12:24:09 | 000,000,789 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo ClipFisher.lnk
    [2010/06/03 19:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/06/03 19:04:30 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/06/03 19:04:30 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TM.blf
    [2010/06/03 19:03:03 | 000,345,328 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
    [2010/06/03 19:03:03 | 000,140,528 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
    [2010/06/03 19:02:59 | 000,357,576 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
    [2010/06/03 19:02:59 | 000,168,648 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
    [2010/06/03 19:02:59 | 000,076,488 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
    [2010/06/03 19:02:59 | 000,062,664 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
    [2010/06/03 19:02:58 | 000,293,584 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
    [2010/06/03 19:02:58 | 000,293,584 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
    [2010/05/22 07:41:06 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010/05/19 21:22:30 | 000,001,131 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
    [2010/05/12 22:01:04 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Fredb38\AppData\Roaming\pcouffin.sys
    [2010/05/12 22:01:04 | 000,007,887 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\pcouffin.cat
    [2010/05/12 22:01:04 | 000,001,144 | ---- | M] () -- C:\Users\Fredb38\AppData\Roaming\pcouffin.inf
    [2010/05/12 22:01:02 | 000,001,186 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
    [2010/05/08 19:37:26 | 001,152,655 | ---- | M] () -- C:\Users\Fredb38\Big **** Round Asses - Carly Parker.wmv
    [2010/05/04 22:25:47 | 000,000,757 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/04/28 11:35:32 | 000,000,726 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Audio Converter.lnk
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
    [2010/04/25 00:17:02 | 000,020,487 | ---- | M] () -- C:\Users\Fredb38\Documents\test.sdr
    [2010/04/21 20:52:38 | 000,000,834 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
    [2010/04/21 20:35:33 | 000,000,002 | ---- | M] () -- C:\Users\Fredb38\tenmy.ini
    [2010/04/21 19:35:06 | 000,108,137 | ---- | M] () -- C:\Windows\unins000.dat
    [2010/04/21 19:35:05 | 000,010,750 | ---- | M] () -- C:\Windows\unins000.msg
    [2010/04/21 19:33:59 | 000,708,432 | ---- | M] () -- C:\Windows\unins000.exe
    [2010/04/21 14:11:49 | 000,000,766 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Collage Maker Pro.lnk
    [2010/04/21 11:33:10 | 000,000,853 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Slideshow Studio HD.lnk
    [2010/04/20 22:29:41 | 000,025,778 | ---- | M] () -- C:\Users\Fredb38\Documents\metart.wlmp
    [2010/04/20 21:54:37 | 000,000,020 | ---- | M] () -- C:\Windows\”úB
    [2010/04/20 19:09:36 | 002,843,648 | ---- | M] () -- C:\Users\Fredb38\Documents\METART.ppt
    [2010/04/20 18:52:59 | 002,844,672 | ---- | M] () -- C:\Users\Fredb38\Documents\METART.pps
    [2010/04/18 10:29:47 | 005,149,496 | ---- | M] (Aimersoft Software ) -- C:\Users\Fredb38\Documents\download.exe
    [2010/04/17 22:51:57 | 000,004,932 | ---- | M] () -- C:\ProgramData\kbkwknay.ayh
    [2010/04/14 23:30:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/14 23:30:15 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/14 23:30:15 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TM.blf
    [2010/04/14 22:35:09 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/14 22:35:09 | 000,524,288 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/14 22:35:09 | 000,065,536 | -HS- | M] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TM.blf
    [2010/04/13 11:22:26 | 005,301,345 | ---- | M] () -- C:\Users\Fredb38\Documents\This is not my modification...pdf
    [2010/04/12 15:47:13 | 000,000,760 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Snap 3.lnk
    [2010/04/09 22:56:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2010/04/09 22:56:55 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/04/09 17:51:44 | 000,049,682 | ---- | M] () -- C:\Users\Fredb38\Documents\cc_20100409_175130.reg
    [2010/04/09 11:03:50 | 000,001,167 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Music Studio 3.lnk
    [2010/04/09 09:45:23 | 000,001,191 | ---- | M] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 9.lnk
    [2010/03/31 11:48:55 | 000,410,624 | ---- | M] () -- C:\Users\Fredb38\Documents\easter.hmk
    [2010/03/30 18:49:48 | 000,114,688 | ---- | M] (Striata Communication Solutions) -- C:\Windows\keymail.dll
    [2010/03/27 13:21:08 | 000,000,008 | ---- | M] () -- C:\Users\Fredb38\ntuser.pol

    ========== Files Created - No Company Name ==========

    [2010/06/21 23:24:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/06/21 23:24:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/06/21 23:24:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/06/21 23:24:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/06/21 23:24:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/06/21 22:59:44 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO DVD Creator 6.lnk
    [2010/06/21 22:59:44 | 000,000,836 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImTOO DVD Creator 6.lnk
    [2010/06/21 22:31:36 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Sothink Movie DVD Maker.lnk
    [2010/06/21 22:31:36 | 000,000,784 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
    [2010/06/20 20:04:42 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
    [2010/06/20 09:52:24 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
    [2010/06/20 09:50:28 | 000,019,104 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
    [2010/06/20 08:51:03 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
    [2010/06/20 08:51:03 | 000,000,651 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
    [2010/06/20 08:26:01 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
    [2010/06/20 08:26:01 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure.job
    [2010/06/20 08:25:29 | 000,000,679 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
    [2010/06/20 08:15:01 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\nvcuvidb.dll
    [2010/06/15 19:59:16 | 000,000,712 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Audio Maker 3.lnk
    [2010/06/14 01:38:39 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
    [2010/06/14 00:23:59 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2010/06/13 13:19:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/06/10 23:18:17 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2010.lnk
    [2010/06/10 19:42:22 | 000,023,127 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/06/09 08:54:30 | 000,000,406 | ---- | C] () -- C:\Windows\System32\ioloBootDefrag.cfg
    [2010/06/09 08:49:21 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2010/06/04 12:24:09 | 000,000,789 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo ClipFisher.lnk
    [2010/06/03 19:10:08 | 000,019,501 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2010/06/03 18:40:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/06/03 18:40:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/06/03 18:40:13 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{48a0c722-6f60-11df-a3f7-001bb9a9776f}.TM.blf
    [2010/05/19 21:22:30 | 000,001,131 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
    [2010/05/12 22:01:02 | 000,001,186 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
    [2010/05/08 19:37:18 | 001,152,655 | ---- | C] () -- C:\Users\Fredb38\Big **** Round Asses - Carly Parker.wmv
    [2010/05/08 15:43:56 | 000,119,296 | -HS- | C] () -- C:\Users\Fredb38\Thumbs.db
    [2010/05/04 22:25:47 | 000,000,757 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
    [2010/04/28 11:35:32 | 000,000,726 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\OJOsoft Audio Converter.lnk
    [2010/04/27 19:33:20 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
    [2010/04/27 19:33:10 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
    [2010/04/25 00:38:47 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2010/04/25 00:21:24 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
    [2010/04/24 22:57:37 | 000,020,487 | ---- | C] () -- C:\Users\Fredb38\Documents\test.sdr
    [2010/04/21 20:52:38 | 000,000,834 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\ProShow Gold.lnk
    [2010/04/21 20:35:33 | 000,000,002 | ---- | C] () -- C:\Users\Fredb38\tenmy.ini
    [2010/04/21 19:35:05 | 000,010,750 | ---- | C] () -- C:\Windows\unins000.msg
    [2010/04/21 19:34:55 | 000,708,432 | ---- | C] () -- C:\Windows\unins000.exe
    [2010/04/21 19:34:55 | 000,108,137 | ---- | C] () -- C:\Windows\unins000.dat
    [2010/04/21 11:33:10 | 000,000,853 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Slideshow Studio HD.lnk
    [2010/04/20 22:29:41 | 000,025,778 | ---- | C] () -- C:\Users\Fredb38\Documents\metart.wlmp
    [2010/04/20 21:54:36 | 000,000,020 | ---- | C] () -- C:\Windows\”úB
    [2010/04/20 16:30:45 | 002,844,672 | ---- | C] () -- C:\Users\Fredb38\Documents\METART.pps
    [2010/04/20 15:32:24 | 002,843,648 | ---- | C] () -- C:\Users\Fredb38\Documents\METART.ppt
    [2010/04/17 22:51:57 | 000,004,932 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
    [2010/04/14 23:23:42 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/14 23:23:42 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/14 23:23:42 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{38ad1690-483e-11df-a3b5-001bb9a9776f}.TM.blf
    [2010/04/14 22:27:45 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000002.regtrans-ms
    [2010/04/14 22:27:45 | 000,524,288 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TMContainer00000000000000000001.regtrans-ms
    [2010/04/14 22:27:45 | 000,065,536 | -HS- | C] () -- C:\Users\Fredb38\ntuser.dat{08607ad4-4834-11df-a8fd-001bb9a9776f}.TM.blf
    [2010/04/13 11:22:26 | 005,301,345 | ---- | C] () -- C:\Users\Fredb38\Documents\This is not my modification...pdf
    [2010/04/12 15:47:13 | 000,000,760 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Snap 3.lnk
    [2010/04/09 22:55:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2010/04/09 22:55:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/04/09 17:51:34 | 000,049,682 | ---- | C] () -- C:\Users\Fredb38\Documents\cc_20100409_175130.reg
    [2010/04/09 11:03:50 | 000,001,167 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Music Studio 3.lnk
    [2010/04/09 09:45:23 | 000,001,191 | ---- | C] () -- C:\Users\Fredb38\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 9.lnk
    [2010/04/01 18:48:25 | 000,006,329 | ---- | C] () -- C:\Users\Fredb38\AppData\Roaming\ReplayMusicLog.log
    [2010/03/31 11:48:55 | 000,410,624 | ---- | C] () -- C:\Users\Fredb38\Documents\easter.hmk
    [2010/03/25 15:21:08 | 000,000,008 | ---- | C] () -- C:\Users\Fredb38\ntuser.pol
    [2010/03/11 02:19:20 | 000,017,408 | ---- | C] () -- C:\Windows\System32\SyncBackPro.dll
    [2010/03/10 20:35:38 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2010/03/10 20:26:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/02/21 04:48:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/09/16 19:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
    [2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/08 17:42:40 | 001,048,576 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter2.dll
    [2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
    [2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/06/10 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\1st Free Solitaire
    [2010/04/28 22:22:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\AQUATRA
    [2010/05/19 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Ashampoo
    [2010/05/06 17:14:37 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Blitware
    [2010/04/03 22:38:55 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\BSplayer PRO
    [2010/04/07 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Downloaded Installations
    [2010/03/10 19:56:58 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ESET
    [2010/03/30 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\GARMIN
    [2010/05/04 22:40:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImgBurn
    [2010/06/21 22:59:55 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImTOO
    [2010/03/11 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\ImTOO Software Studio
    [2010/06/09 09:02:57 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\iolo
    [2010/06/03 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\IrfanView
    [2010/06/05 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\LimeWire
    [2010/04/22 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Morpheus Software
    [2010/04/28 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\NCH Swift Sound
    [2010/03/11 14:12:52 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Netscape
    [2010/06/20 08:53:10 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Nitro PDF
    [2010/03/11 14:01:26 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Photodex
    [2010/06/13 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SanDisk
    [2010/04/24 11:09:54 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Serif
    [2010/04/24 22:40:54 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SmartDraw
    [2010/03/11 00:45:48 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Softland
    [2010/03/12 16:02:43 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SoftMaker
    [2010/06/18 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\SuperEasy Software
    [2010/05/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Thinstall
    [2010/06/03 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Uniblue
    [2010/04/26 15:46:37 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Unigraphics Solutions
    [2010/06/21 23:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\uTorrent
    [2010/06/21 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Vso
    [2010/06/14 08:58:51 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Win7codecs
    [2010/05/08 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\WinAVI
    [2010/06/21 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Xilisoft
    [2010/03/11 23:47:35 | 000,000,000 | ---D | M] -- C:\Users\Fredb38\AppData\Roaming\Xilisoft Corporation
    [2010/06/20 03:28:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
    [2010/06/21 17:00:11 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
    [2010/06/20 09:01:50 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
    [2010/06/09 20:57:40 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/06/22 00:50:43 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job
    [2010/06/22 00:50:43 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

    ========== Purity Check ==========


    < End of report >
     
    Fredb38,
    #24
  6. 2010/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #25
  7. 2010/06/22
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    The Kaspersky scan is at 1% so I see this taking a while
     
    Fredb38,
    #26
  8. 2010/06/22
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    I ran the Kaspersky scan and the first report is what I got. It found four folders that had something in them it didn't like so I deleted the folders and ran it again. I forgot to remove them from the recycle bin and yes when I ran it again it found them again only this time in the recycle bin. They are now gone.
    First scan
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, June 22, 2010
    Operating system: Microsoft Professional (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, June 22, 2010 01:58:38
    Records in database: 4308889
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics:
    Objects scanned: 152940
    Threats found: 4
    Infected objects found: 5
    Suspicious objects found: 0
    Scan duration: 04:51:52


    File name / Threat / Threats count
    I:\Downloaded programs\AVG 9.0 Build 707 Internet Security (Serial valid till 2018)\AVG 9.0 Build 707 Internet Security (Serial valid till 2018).rar Infected: Trojan.Win32.Cosmu.dxy 1
    I:\Downloaded programs\Business Cards\Avanquest My Professional Business Cards v5.5.0.0 Retail\Avanquest My Professional Business Cards v5.5.0.0 Retail\setup.exe Infected: Trojan-Downloader.Win32.Agent.pwa 1
    I:\Downloaded programs\Business Cards\Avanquest My Professional Business Cards v5.5.0.0 Retail\Avanquest My Professional Business Cards v5.5.0.0 Retail.rar Infected: Trojan-Downloader.Win32.Agent.pwa 1
    I:\Downloaded programs\Frame Photo Edtitor v1.0 [first person]\Frame Photo Edtitor v1.0 [first person].rar Infected: Trojan.Win32.Genome.ftf 1
    I:\Downloaded programs\MSI.to.EXE.Creator.v4.0-EMBER\setup\MSI2EXE-Trial.exe Infected: Trojan.Win32.Refroso.bczf 1

    Selected area has been scanned.

    Second scan

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Tuesday, June 22, 2010
    Operating system: Microsoft Professional (build 7600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, June 22, 2010 10:33:41
    Records in database: 4310543
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics:
    Objects scanned: 153025
    Threats found: 4
    Infected objects found: 4
    Suspicious objects found: 0
    Scan duration: 04:55:24


    File name / Threat / Threats count
    I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$R0HL0C1\Avanquest My Professional Business Cards v5.5.0.0 Retail\setup.exe Infected: Trojan-Downloader.Win32.Agent.pwa 1
    I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RAJ4DJN\Frame Photo Edtitor v1.0 [first person].rar Infected: Trojan.Win32.Genome.ftf 1
    I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RVWSJ2C\AVG 9.0 Build 707 Internet Security (Serial valid till 2018).rar Infected: Trojan.Win32.Cosmu.dxy 1
    I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RWMTGTK.0-EMBER\setup\MSI2EXE-Trial.exe Infected: Trojan.Win32.Refroso.bczf 1

    Selected area has been scanned.
     
    Fredb38,
    #27
  9. 2010/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$R0HL0C1\Avanquest My Professional Business Cards v5.5.0.0 Retail\setup.exe 
I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RAJ4DJN\Frame Photo Edtitor v1.0 [first person].rar 
I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RVWSJ2C\AVG 9.0 Build 707 Internet Security (Serial valid till 2018).rar 
I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RWMTGTK.0-EMBER\setup\MSI2EXE-Trial.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
    broni,
    #28
  10. 2010/06/22
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$R0HL0C1\Avanquest My Professional Business Cards v5.5.0.0 Retail\setup.exe not found.
    File\Folder I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RAJ4DJN\Frame Photo Edtitor v1.0 [first person].rar not found.
    File\Folder I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RVWSJ2C\AVG 9.0 Build 707 Internet Security (Serial valid till 2018).rar not found.
    File\Folder I:\$RECYCLE.BIN\S-1-5-21-3565079399-3050568046-2532789581-1001\$RWMTGTK.0-EMBER\setup\MSI2EXE-Trial.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Fred
    ->Temp folder emptied: 0 bytes

    User: Fredb38
    ->Temp folder emptied: 116649863 bytes
    ->Temporary Internet Files folder emptied: 2144962 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 112579016 bytes
    ->Flash cache emptied: 1904 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 12707 bytes
    RecycleBin emptied: 5332372632 bytes

    Total Files Cleaned = 5,306.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Fred

    User: Fredb38
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.6.1 log created on 06222010_211641

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    Fredb38,
    #29
  11. 2010/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ==============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #30
  12. 2010/06/22
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Wow you did it. All is working again.
    I really want to thank you for taking the time to help me fix my problem.
    Thank you very much.
     
    Fredb38,
    #31
  13. 2010/06/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
    Good luck and stay safe :)
     
    broni,
    #32
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...