TechSpot

Browser hijacked by http://search.entru.com/?s=1109

Solved
By Rev1979
Feb 3, 2012
Topic Status:
Not open for further replies.
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Perhaps you cou;d takle a moment to give me information about the files I asked about in Reply #16.
    ----------------------------------------
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\PerfStringBackup.TMP
    c:\windows\system32\drivers\hitmanpro36.sys
    c:\windows\system32\drivers\18676779.sys
    Extra::
    Firefox:: 
    Firefox-: - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    Firefox-:- prefs.js -Search.DefaultURL -
    Firefox-:- prefs.js -Stqrtup.Homepage -
    
    Folder::
    c:\program files\Enigma Software Group
    c:\users\Owner\AppData\Local\Threat Expert
    c:\windows\BDTSupport.dll0208.old
    c:\windows\SGDetectionTool.dll0208.old
    c:\windows\PCTBDCore.dll0208.old
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;
    ====================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==============================================
    See if this will help with DDS:
    Please download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr. It's the .scr file extension cauing the problem.
  2. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    From #16... (sorry, slipped past me)

    +++++

    "Did you do an upgrade or reinstall and save some folders. There are several with the .old extension"

    Yes, I think I've deleted most of them

    +++++

    "There a documents on the D Drive I cannot identify:

    [2012/01/28 11:12:40 | 054,363,179 | ---- | M] () -- D:\Documents\kehrcjeu.flv

    This is a flash video of a TV show

    [2012/01/23 17:31:48 | 000,002,034 |-H-- | M] () -- D:\Documents\Default.rdp>> hidden file

    Remote Desktop file
    [2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip

    Both are Backup files for BeyondTV
  3. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    I don't find either Conduit Engine or Hitman Pro to uninstall
  4. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Otl #1

    OTL logfile created on: 2/17/2012 1:40:23 PM - Run 4
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
    64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 57.72% Memory free
    11.99 Gb Paging File | 8.71 Gb Available in Paging File | 72.66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 100.00 Gb Total Space | 35.94 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
    Drive D: | 1297.26 Gb Total Space | 203.83 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
    Drive G: | 1397.26 Gb Total Space | 11.55 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
    Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
    Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
    Drive K: | 1863.01 Gb Total Space | 160.73 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
    Drive L: | 931.51 Gb Total Space | 181.91 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
    PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
    PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b72c04c7d5394da58d814e7b3ded682c\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fcbbef3305d919f7623f2a51e0317cdd\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b089246a0525cbdcf55a9307fc9ad125\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6f808608348fbec463839b87c8d95a2\System.EnterpriseServices.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7931b3d26361054481c56a4356c27b78\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\1df51a3e6802c3afae1d42f4a4615fe5\System.Transactions.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3a3cfe31a7c09e240e9ff01ab9c1e94f\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5d3ce54a29a0e8c898de1620bc274e5\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6bb6896a9623c2488ce055f455eca4d0\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\841a2b4cd8d9f7e026d0b31dc46eea19\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0eecf1452a456898ab8647cb2ee9b2c1\System.ni.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
    MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Browsers.mv0in0mr.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\SnapStream.Web\4.9.2.6525__0c24ea407914d741\SnapStream.Web.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
    MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNotifierManager.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SnapStream.DirectShow.Native.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAuthentication.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SlimMiscUtil.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SSWebServices2.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
    MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
    MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
    MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()
    MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\zlibwapi.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
    SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
    SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
    SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
    SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
    DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
    DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
    DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
    DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
    DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
    DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
    DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
    DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
    DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
    DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
    DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
    DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
    DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
    DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
    DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
    DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
    DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
    DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
    DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
    DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5E 85 F9 EB E1 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "ESV Bible"
    FF - prefs.js..browser.startup.homepage: "www.google.com"


    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 09:39:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/15 12:50:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

    [2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2012/02/13 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions
    [2012/01/27 12:25:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] (Map This) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
    [2011/07/21 20:01:10 | 000,000,000 | ---D | M] ("Sourceforge Direct Download") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05ff5280-47e6-11da-8cd6-0800200c9a66}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] ("Form History Manager") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1C609C49-F3A1-4f18-8C5E-BFBB6B5BC15D}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Print Image) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{2990C60B-0C93-496e-90F6-176E68895AF6}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2011/07/21 20:01:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] ("Forecastbar Enhanced") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2011/07/21 20:01:14 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] ("Copy Plain Text") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (SlimSearch) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{8ca8ec90-9bf3-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
    [2012/01/27 12:25:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Bookmarks Menu Button) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{d9a65dd1-419b-4419-bba8-15fd1aec456a}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Bandwidth Meter and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\bandwidthmeter@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\mgDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\noia2_option@kk.noia
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\rsDownloadHelper@yevgenyandrov.net
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\speedtest@gotomyhelp.com
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\tabkit@jomel.me.uk
    [2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\temp
    [2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\ask.uk.xml
    [2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\comcast.xml
    [2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\conduit.xml
    [2010/01/14 07:33:56 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\daemon-search.xml
    [2012/02/16 13:24:08 | 000,001,489 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\esv-bible.xml
    [2011/03/07 19:48:01 | 000,000,941 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\filestubecom-software.xml
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
    () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
    [2012/02/11 09:39:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Social Fixer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.401_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
  5. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Otl #2

    O1 HOSTS File: ([2012/02/17 13:33:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
    O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
    O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [EPSON Artisan 810 (Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "D:\Temp\E_SC94D.tmp" /EF "HKCU" File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/07/19 08:21:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/16 16:49:12 | 023,824,272 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
    [2012/02/15 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
    [2012/02/15 12:15:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/02/14 14:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    [2012/02/14 14:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
    [2012/02/14 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WM Recorder 14
    [2012/02/14 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WM_R_14.10.1
    [2012/02/14 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR14
    [2012/02/13 17:17:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/02/13 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
    [2012/02/13 12:07:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/02/13 11:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/13 11:27:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/13 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
    [2012/02/13 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
    [2012/02/13 10:40:41 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2012/02/13 10:38:50 | 004,403,246 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/13 10:29:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/12 20:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TeamViewer
    [2012/02/12 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2012/02/11 22:16:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/02/11 19:07:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/11 19:07:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/11 19:07:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/11 19:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/11 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Epson
    [2012/02/11 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nanoPEG for WinTV
    [2012/02/11 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nanoPEG for WinTV
    [2012/02/11 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
    [2012/02/11 10:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
    [2012/02/11 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
    [2012/02/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
    [2012/02/11 09:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    [2012/02/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
    [2012/02/11 09:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
    [2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    [2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
    [2012/02/10 19:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2012/02/07 15:49:19 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/02/02 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/02/02 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/02/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/02 16:20:58 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Threat Expert
    [2012/02/02 14:38:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/02/02 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/02/02 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/02/02 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/02/02 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
    [2012/02/02 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
    [2012/02/02 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
    [2012/02/02 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/02/02 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/02/02 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 4.01 Build 2
    [2012/02/02 12:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/02/02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2012/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/02/02 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/02/01 16:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/02/01 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/01 13:34:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    [2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoReDoTVSuite4
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
    [2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
    [2012/01/29 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnvSoft
    [2012/01/28 18:56:44 | 000,000,000 | ---D | C] -- C:\Hauppauge
    [2012/01/28 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
    [2012/01/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
    [2012/01/28 14:18:54 | 000,000,000 | ---D | C] -- D:\Documents\NetXfer
    [2012/01/28 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xi
    [2012/01/28 14:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xi
    [2012/01/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xi
    [2012/01/28 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Hensense.com
    [2012/01/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetFLV
    [2012/01/28 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2012/01/28 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
    [2012/01/28 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/01/28 12:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2012/01/28 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    [2012/01/28 12:12:46 | 000,000,000 | ---D | C] -- D:\Documents\Freemake
    [2012/01/28 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
    [2012/01/28 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FDRLab
    [2012/01/28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.streamCapture
    [2012/01/28 09:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
    [2012/01/27 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpexplorer
    [2012/01/27 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpdump-2.4
    [2012/01/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 3.21
    [2012/01/27 14:40:28 | 000,257,784 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:28 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
    [2012/01/27 14:40:25 | 000,566,008 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,421,624 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
    [2012/01/27 14:40:25 | 000,361,720 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturingFilter.dll
    [2012/01/27 14:40:25 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutVideoMixerFilter.dll
    [2012/01/27 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
    [2012/01/27 14:05:41 | 000,000,000 | ---D | C] -- D:\Documents\Streaming Video Recorder
    [2012/01/27 14:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/01/27 14:01:51 | 000,029,288 | -H-- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
    [2012/01/27 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apowersoft
    [2012/01/27 10:42:10 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
    [2012/01/27 10:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Director
    [2012/01/27 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Video Capture
    [2012/01/24 16:11:11 | 000,000,000 | ---D | C] -- D:\Documents\Moyea
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/17 13:38:16 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2012/02/17 13:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/17 13:35:53 | 534,941,695 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/17 13:33:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2012/02/17 13:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
    [2012/02/16 17:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
    [2012/02/16 16:49:28 | 023,824,272 | ---- | M] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
    [2012/02/16 13:18:27 | 318,036,324 | ---- | M] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
    [2012/02/15 14:35:41 | 012,487,264 | ---- | M] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
    [2012/02/15 12:53:27 | 000,417,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/02/15 12:50:17 | 000,002,147 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2012/02/15 10:50:16 | 000,001,474 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/02/14 19:23:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/02/14 19:23:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/02/14 14:34:41 | 000,002,104 | ---- | M] () -- C:\Users\Owner\Desktop\WM Converter.lnk
    [2012/02/14 14:34:41 | 000,002,024 | ---- | M] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
    [2012/02/14 14:34:41 | 000,001,905 | ---- | M] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
    [2012/02/14 12:40:06 | 024,886,984 | ---- | M] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
    [2012/02/13 17:19:17 | 000,002,311 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/13 10:40:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2012/02/13 10:38:59 | 004,403,246 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/02/13 10:29:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/02/13 10:24:08 | 000,294,400 | ---- | M] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2012/02/13 10:23:13 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.exe
    [2012/02/12 20:41:14 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/02/11 19:20:00 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
    [2012/02/11 15:56:57 | 000,000,382 | ---- | M] () -- C:\Windows\HCWBlast.ini
    [2012/02/11 15:46:35 | 000,031,047 | ---- | M] () -- C:\Windows\Irremote.ini
    [2012/02/11 15:46:09 | 000,000,483 | ---- | M] () -- C:\Windows\ODBC.INI
    [2012/02/11 15:46:09 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
    [2012/02/11 15:45:17 | 000,006,213 | ---- | M] () -- C:\Windows\HCWPNP.INI
    [2012/02/03 19:10:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/02 23:25:56 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 17:38:26 | 000,001,167 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 16:20:58 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
    [2012/02/02 14:38:40 | 001,519,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 13:59:44 | 000,017,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/01 16:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/01 16:39:48 | 000,812,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/30 15:05:15 | 000,001,547 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:20 | 000,000,658 | ---- | M] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:47:06 | 037,665,066 | ---- | M] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 09:43:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | M] () -- C:\Users\Owner\.swfinfo
    [2012/01/23 17:31:48 | 000,002,034 | -H-- | M] () -- D:\Documents\Default.rdp
    [2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/16 13:14:53 | 318,036,324 | ---- | C] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
    [2012/02/15 14:35:28 | 012,487,264 | ---- | C] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
    [2012/02/15 12:50:17 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    [2012/02/14 19:23:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/02/14 19:23:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/02/14 14:34:41 | 000,002,104 | ---- | C] () -- C:\Users\Owner\Desktop\WM Converter.lnk
    [2012/02/14 14:34:41 | 000,002,024 | ---- | C] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
    [2012/02/14 14:34:41 | 000,001,905 | ---- | C] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
    [2012/02/14 12:39:53 | 024,886,984 | ---- | C] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
    [2012/02/13 17:19:17 | 000,002,311 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/13 17:13:27 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
    [2012/02/13 17:13:26 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
    [2012/02/13 10:24:07 | 000,294,400 | ---- | C] () -- C:\Users\Owner\Desktop\exeHelper.com
    [2012/02/13 10:23:09 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.exe
    [2012/02/12 20:41:14 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012/02/12 20:41:14 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/02/11 19:20:00 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2012/02/11 19:07:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/11 19:07:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/11 19:07:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/11 19:07:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/11 19:07:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/11 09:54:25 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012/02/11 09:54:25 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
    [2012/02/11 09:54:25 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
    [2012/02/11 09:54:25 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
    [2012/02/11 09:54:25 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
    [2012/02/11 09:54:25 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
    [2012/02/11 09:54:25 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
    [2012/02/11 09:54:25 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
    [2012/02/11 09:54:25 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
    [2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
    [2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
    [2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
    [2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
    [2012/02/11 09:54:25 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
    [2012/02/11 09:54:25 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
    [2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012/02/11 09:54:25 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012/02/11 09:54:25 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012/02/11 09:54:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
    [2012/02/02 23:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
    [2012/02/02 17:38:26 | 000,001,167 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/02 17:37:44 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/02 14:38:21 | 001,519,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/02/02 12:11:26 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/02/01 16:39:43 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/01/30 15:05:15 | 000,001,547 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2012/01/29 17:16:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2012/01/28 18:57:19 | 000,000,658 | ---- | C] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
    [2012/01/28 12:46:47 | 037,665,066 | ---- | C] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
    [2012/01/28 09:43:17 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
    [2012/01/27 20:03:31 | 000,000,228 | ---- | C] () -- C:\Users\Owner\.swfinfo
    [2012/01/27 14:40:28 | 000,376,432 | -H-- | C] () -- C:\Windows\SysWow64\x86.zip
    [2012/01/23 15:27:07 | 155,893,257 | ---- | C] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
    [2012/01/21 16:50:24 | 158,110,986 | ---- | C] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
    [2011/07/27 19:49:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
    [2011/07/27 18:36:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
    [2011/07/27 13:19:23 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/26 15:30:24 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
    [2011/07/26 15:30:23 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
    [2011/07/26 15:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
    [2011/07/26 10:01:44 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
    [2011/07/26 10:01:44 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
    [2011/07/24 12:14:54 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2011/07/24 12:09:26 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2011/07/23 09:17:28 | 000,812,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/21 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/20 15:44:12 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
    [2011/07/20 13:28:49 | 000,000,387 | ---- | C] () -- C:\Windows\HCWBlast_sav.ini
    [2011/07/20 13:28:49 | 000,000,382 | ---- | C] () -- C:\Windows\HCWBlast.ini
    [2011/07/20 13:28:35 | 000,031,047 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/07/20 12:30:01 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
    [2011/07/20 12:30:01 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/07/20 12:30:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/07/20 12:29:11 | 000,006,213 | ---- | C] () -- C:\Windows\HCWPNP.INI
    [2011/07/20 12:07:20 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
    [2011/07/20 11:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2011/07/19 13:28:59 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
    [2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
    [2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/07/27 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acronis
    [2012/01/29 17:10:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
    [2012/01/27 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apowersoft
    [2011/07/24 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
    [2012/02/11 18:32:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
    [2011/07/23 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2012/01/28 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hensense.com
    [2012/02/02 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
    [2012/01/28 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
    [2011/07/25 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
    [2011/07/25 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
    [2011/07/26 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\proDAD
    [2011/07/26 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Recordpad
    [2011/07/25 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\STOIK
    [2012/02/12 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
    [2012/02/15 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
    [2012/02/02 14:37:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
    [2011/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
    [2011/07/25 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite
    [2012/02/13 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    [2011/07/25 20:30:25 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Virtual CD v10
    [2012/01/28 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xi
    [2009/07/14 00:08:49 | 000,017,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >
  6. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Combofix hung for 3/4 hr after reboot when preparing log ... no log

    ====================

    Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;

    Don't know what that is
  7. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 17:43:54 on 2012-02-17
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.3410 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
    C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\PROGRA~2\COMMON~1\SNAPST~1\Common\x10nets.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Virtual CD v10\System\vc10fwd.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <-loopback>;
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
    mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MaxMem.lnk - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BEYOND~1.LNK - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
    IE: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: NXIECatcher Class: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
    BHO-X64: NetXfer - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: NetXfer: {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
    mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
    mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    FF - prefs.js: browser.search.selectedEngine - ESV Bible
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
    R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
    R1 ArcSec;archlp;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vdrv1000;vdrv1000;C:\Windows\system32\DRIVERS\vdrv1000.sys --> C:\Windows\system32\DRIVERS\vdrv1000.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-22 3246040]
    R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-1-28 8704]
    R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-12 3027840]
    R2 VC10SecS;Virtual CD v10 Management Service;C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-7-25 145224]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
    R3 AvsBluebird;FusionHDTV USB, AVStream Capture;C:\Windows\system32\drivers\bluebird64.sys --> C:\Windows\system32\drivers\bluebird64.sys [?]
    R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?]
    R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\Windows\system32\drivers\HCWUSB264.sys --> C:\Windows\system32\drivers\HCWUSB264.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04:19;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-20 30528]
    S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\HCWTVS~1.EXE [2012-2-11 815104]
    S3 HH10Help.sys;HH10Help.sys;\??\C:\Windows\system32\drivers\HH10Help.sys --> C:\Windows\system32\drivers\HH10Help.sys [?]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-02-17 19:52:56 -------- d-----w- C:\Program Files (x86)\ESET
    2012-02-17 19:49:05 -------- d-s---w- C:\ComboFix
    2012-02-17 19:28:13 5544 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
    2012-02-17 19:24:08 -------- d-----w- C:\$RECYCLE.BIN
    2012-02-17 19:20:35 -------- d-----w- C:\Users\Owner\AppData\Local\temp
    2012-02-17 18:02:01 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC758BF3-08B4-4E24-8970-42A9161C7F9C}\mpengine.dll
    2012-02-15 17:10:28 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-15 17:10:28 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-15 17:10:26 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-15 17:10:25 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-15 17:10:25 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-15 17:10:20 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-15 17:09:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-15 17:09:56 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-14 19:37:44 -------- d-----w- C:\Program Files (x86)\WinPcap
    2012-02-14 17:40:20 -------- d-----w- C:\Program Files (x86)\WMR14
    2012-02-13 22:13:25 -------- d-----w- C:\Users\Owner\AppData\Local\Google
    2012-02-13 16:27:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-13 01:44:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\TeamViewer
    2012-02-13 01:41:06 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2012-02-12 00:07:43 98816 ----a-w- C:\Windows\sed.exe
    2012-02-12 00:07:43 518144 ----a-w- C:\Windows\SWREG.exe
    2012-02-12 00:07:43 256000 ----a-w- C:\Windows\PEV.exe
    2012-02-12 00:07:43 208896 ----a-w- C:\Windows\MBR.exe
    2012-02-11 20:46:37 -------- d-----w- C:\Program Files (x86)\nanoPEG for WinTV
    2012-02-11 15:05:49 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
    2012-02-11 15:05:49 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
    2012-02-11 15:05:49 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
    2012-02-11 15:05:49 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
    2012-02-11 15:05:49 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
    2012-02-11 15:02:14 -------- d-----w- C:\Program Files (x86)\EpsonNet
    2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\ensppmon.dll
    2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\enppmon.dll
    2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\ensppui.dll
    2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\enppui.dll
    2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enspres.dll
    2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enpres.dll
    2012-02-11 15:01:08 -------- d-----w- C:\Program Files\EpsonNet
    2012-02-11 15:00:06 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
    2012-02-11 14:54:27 -------- d-----w- C:\Program Files (x86)\Epson Software
    2012-02-11 14:54:25 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
    2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
    2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
    2012-02-11 14:54:25 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
    2012-02-11 14:54:25 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
    2012-02-11 14:54:11 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL
    2012-02-11 14:54:10 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL
    2012-02-11 14:54:05 -------- d-----w- C:\ProgramData\EPSON
    2012-02-11 14:53:55 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
    2012-02-11 14:53:55 17408 ----a-w- C:\Windows\System32\esxcdev.dll
    2012-02-11 14:53:55 128392 ----a-w- C:\Windows\System32\esdevapp.exe
    2012-02-11 14:53:55 -------- d-----w- C:\Program Files (x86)\epson
    2012-02-11 00:47:53 -------- d-----w- C:\Windows\Downloaded Installations
    2012-02-10 22:30:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 22:30:06 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
    2012-02-07 20:49:19 -------- d-----w- C:\_OTL
    2012-02-02 22:19:50 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-02 22:09:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-02-02 21:45:16 -------- d-----w- C:\Windows\pss
    2012-02-02 19:38:12 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-02-02 19:38:10 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-02-02 19:38:09 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-02-02 19:37:35 -------- d-----w- C:\ProgramData\PC Tools
    2012-02-02 19:37:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\TestApp
    2012-02-02 19:36:47 -------- d-----w- C:\Program Files (x86)\Binnerup Consult
    2012-02-02 19:30:02 -------- d-----w- C:\ProgramData\CPA_VA
    2012-02-02 18:17:02 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-02 16:58:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-02 16:57:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-02-02 16:57:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-02-02 16:28:52 -------- d-----w- C:\ProgramData\IObit
    2012-02-01 21:39:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-02-01 21:39:42 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-02-01 18:27:51 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
    2012-01-30 18:09:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    2012-01-30 18:09:01 -------- d-----w- C:\Program Files (x86)\VideoReDoTVSuite4
    2012-01-29 22:19:36 -------- d-----w- C:\Program Files\MediaInfo
    2012-01-29 22:10:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\AnvSoft
    2012-01-28 23:56:44 -------- d-----w- C:\Hauppauge
    2012-01-28 23:41:32 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
    2012-01-28 19:16:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\Xi
    2012-01-28 19:16:42 -------- d-----w- C:\Program Files (x86)\Xi
    2012-01-28 18:26:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Hensense.com
    2012-01-28 17:45:19 -------- d-----w- C:\Program Files (x86)\GetFLV
    2012-01-28 17:36:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Moyea
    2012-01-28 17:25:57 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-01-28 17:12:42 -------- d-----w- C:\Program Files (x86)\Freemake
    2012-01-28 15:57:56 -------- d-----w- C:\Program Files (x86)\FDRLab
    2012-01-28 15:42:54 -------- d-----w- C:\Users\Owner\.streamCapture
    2012-01-28 01:21:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-01-28 01:20:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2012-01-28 01:18:48 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-01-28 01:18:47 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-01-28 01:18:47 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-01-28 01:18:44 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-28 01:18:44 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-28 01:16:24 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-28 01:16:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-27 19:40:28 257784 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40:28 175864 ---ha-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40:25 566008 ---ha-w- C:\Windows\System32\BytescoutScreenCapturing.dll
    2012-01-27 19:40:25 421624 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
    2012-01-27 19:40:25 361720 ---ha-w- C:\Windows\System32\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40:25 231672 ---ha-w- C:\Windows\System32\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40:17 -------- d-----w- C:\Program Files\Apowersoft
    2012-01-27 19:01:51 29288 ---ha-w- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys
    2012-01-27 19:01:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Apowersoft
    2012-01-27 15:42:10 -------- d-----w- C:\Windows\Applian Director
    2012-01-27 15:42:09 -------- d-----w- C:\Program Files (x86)\Applian Director
    2012-01-27 15:41:59 -------- d-----w- C:\Program Files (x86)\Replay Video Capture
    .
    ==================== Find3M ====================
    .
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-27 22:40:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 17:44:14.83 ===============
  8. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/20/2011 12:53:57 PM
    System Uptime: 2/17/2012 2:22:45 PM (3 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-USB3
    Processor: AMD Athlon(tm) II X4 635 Processor | Socket M2 | 2900/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 100 GiB total, 35.083 GiB free.
    D: is FIXED (NTFS) - 1297 GiB total, 240.959 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is FIXED (NTFS) - 1397 GiB total, 11.548 GiB free.
    H: is FIXED (NTFS) - 1397 GiB total, 44.165 GiB free.
    I: is FIXED (NTFS) - 1397 GiB total, 52.358 GiB free.
    J: is FIXED (NTFS) - 1397 GiB total, 14.045 GiB free.
    K: is FIXED (NTFS) - 1863 GiB total, 160.732 GiB free.
    M: is CDROM ()
    N: is CDROM ()
    O: is Removable
    P: is CDROM ()
    Q: is CDROM ()
    Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP145: 2/14/2012 7:20:07 PM - Windows Update
    RP146: 2/15/2012 11:00:10 AM - Windows Update
    RP147: 2/15/2012 12:10:39 PM - Windows Update
    RP148: 2/16/2012 12:59:42 PM - Windows Update
    RP149: 2/17/2012 1:01:49 PM - Windows Update
    RP150: 2/17/2012 1:33:58 PM - OTL Restore Point
    .
    ==== Installed Programs ======================
    .
    @BIOS
    Acronis*True*Image*Home
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Flash Player 11 Plugin
    Aimersoft Media Converter(Build 1.4.2.1)
    AnalogX MaxMem
    Any Video Converter 3.3.4
    AnyDVD
    Apple Application Support
    Apple Software Update
    Applian Director
    ArcSoft TotalMedia Theatre 5
    AudibleManager
    Avid Studio
    Avid Studio Bonus Content
    Avid Studio Plugins
    Avid Studio Registration Freebie - Adorage Vol. 11 Selection
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Belarc Advisor 8.2
    Beyond TV DVD Burning Foundation
    Boris Graffiti
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite
    CyberLink LabelPrint
    CyberLink LG Burning Tool
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink PowerProducer
    CyberLink YouCam
    D3DX10
    Digital Voice Editor 3
    DolbyFiles
    DVDFab 8.0.9.0 (09/05/2011) Qt
    Epson Event Manager
    Epson Print CD
    EPSON Scan
    EpsonNet Print
    EpsonNet Setup
    ESET Online Scanner v3
    Express Burn Disc Burning Software
    Express Rip
    Getting Started with Avid Studio MULTILINGUAL
    Google Chrome
    Hard Disk Sentinel PRO
    Hauppauge WinTV Infrared Remote
    Hauppauge WinTV IR Blaster
    Hauppauge WinTV TV Services
    High-Definition Video Playback 10
    ImagXpress
    InterVideo FilterSDK for Hauppauge
    Knoll Light Factory EZ Studio
    LG Tool Kit
    LightScribe System Software
    Magic Bullet Looks Studio
    Malwarebytes Anti-Malware version 1.60.1.1000
    Menu Templates - Starter Kit
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Professional with FrontPage
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MYMOVIES)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MixPad Audio Mixer
    Movie Templates - Starter Kit
    Mozilla Firefox 10.0.1 (x86 en-US)
    Mozilla Thunderbird 10.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Movies for Windows Media Center
    nanoPEG-Editor 2.6.0 for WinTV
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero Disc Copy Gadget
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero PhotoSnap
    Nero Recode
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero Rescue Agent
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero ShowTime
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero StartSmart OEM
    Nero Update
    Nero Vision
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    NeroBurningROM
    NeroExpress
    neroxml
    NetTransport 2.96c.620
    NewBlue Video Essentials Special for Studio
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    ON_OFF Charge B10.0427.1
    Pinnacle Creative Pack Volume 1
    Pinnacle Creative Pack Volume 2
    Pinnacle Instant DVD Recorder
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Studio 14
    Pinnacle Studio Ultimate Collection Plugins
    PrimoPDF -- brought to you by Nitro PDF Software
    Prism Video File Converter
    proDAD Mercalli 1.0
    proDAD Vitascene 1.0
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Red Giant ToonIt Studio
    Renesas Electronics USB 3.0 Host Controller Driver
    Replay Video Capture
    Revo Uninstaller 1.93
    ScoreFitter Volume 1
    ScoreFitter Volume 2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Smart Defrag 2
    SnapStream Beyond TV 4.9.2
    Snapstream Firefly 1.2.1.916
    SnapStream Firefly Mini 1.0.2
    SoundTrax
    STOIK Video Converter 2
    Studio Premium Pack 1
    SureThing Express Labeler
    Switch Sound File Converter
    TeamViewer 7
    Trapcode 3DStroke Studio
    Trapcode Particular Studio
    Trapcode Shine Studio
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VideoReDo TVSuite Version 3.20.2.616
    VideoReDo TVSuite Version 4.20.7.629
    Virtual CD v10
    VirtualCloneDrive
    Visual Studio 2005 Redist Package
    VLC media player 1.1.11
    VOB2MPG PRO
    WavePad Sound Editor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinPcap 4.1.2
    WM Recorder
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/17/2012 2:24:02 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    2/17/2012 2:21:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/17/2012 2:12:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/17/2012 1:33:03 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
    2/14/2012 7:00:24 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
    2/13/2012 11:38:09 AM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: fe80:0000:0000:0000:e126:1795:7bb2:e33e.
    2/11/2012 6:20:23 PM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).
    2/11/2012 12:17:07 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
    2/11/2012 10:22:19 AM, Error: Schannel [36887] - The following fatal alert was received: 42.
    2/10/2012 10:20:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
  9. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    ESET no log
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Combofix is on the desktop: C:\Users\Owner\Desktop\ComboFix.exeC:\Users\Owner\Desktop\ComboFix.exe. Please run again.

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode. If it won't run, go one to #2.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    3.See which one of the following runs. You do not need to download all three versions:
    This is a slight variation on the RKill:
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, add the following:

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    (Directions courtesy bleeping computer)

    4. With both RKill and exehelper on board:
    Go right to the renamed (Combofix) and double click on friday.exe to run
    If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

    If successful, please leave RKill, Exehelper and Combofix logs.
  11. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 02/20/2012 at 12:30:45.
    Operating System: Windows 7 Professional


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\rundll32.exe


    Rkill completed on 02/20/2012 at 12:30:56.
     
  12. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    exeHelper by Raktor
    Build 20100414
    Run at 12:32:06 on 02/20/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  13. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    ComboFix 12-02-19.02 - Owner 02/20/2012 12:33:59.7.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4012 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-19 19:31 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B77D1A7E-30FF-454D-8448-7D46F10E5642}\mpengine.dll
    2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- c:\program files\Common Files\EPSON
    2012-02-19 17:57 . 2008-11-12 08:00 118784 ----a-w- c:\windows\system32\E_ILMGYA.DLL
    2012-02-19 17:57 . 2009-10-01 08:01 88064 ----a-w- c:\windows\system32\E_IBCBGYA.DLL
    2012-02-17 19:52 . 2012-02-17 19:52 -------- d-----w- c:\program files (x86)\ESET
    2012-02-17 19:28 . 2012-02-20 17:53 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-15 22:32 . 2012-02-15 22:32 -------- d-----w- c:\programdata\FLEXnet
    2012-02-15 17:10 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-15 17:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-15 17:10 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 17:10 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-15 17:10 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-15 17:10 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-15 17:09 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 17:09 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-14 19:37 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WinPcap
    2012-02-14 17:40 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WMR14
    2012-02-13 22:13 . 2012-02-13 22:17 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2012-02-13 16:27 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 01:44 . 2012-02-13 01:44 -------- d-----w- c:\users\Owner\AppData\Roaming\TeamViewer
    2012-02-13 01:41 . 2012-02-13 01:41 -------- d-----w- c:\program files (x86)\TeamViewer
    2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
    2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
    2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
    2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
    2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
    2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
    2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
    2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
    2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
    2012-02-11 14:54 . 2012-02-19 17:58 -------- d-----w- c:\programdata\EPSON
    2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
    2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
    2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
    2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
    2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
    2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
    2012-02-02 22:19 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
    2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
    2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
    2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
    2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
    2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-01 18:27 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
    2012-01-30 18:09 . 2012-02-20 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
    2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
    2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
    2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
    2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
    2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
    2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
    2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
    2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
    2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
    2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
    2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
    2012-01-28 01:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
    2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
    2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
    2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
    2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-02-20_16.58.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2012-02-20 17:49 44248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-20 17:01 . 2012-02-20 17:49 14816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
    + 2011-07-20 17:54 . 2012-02-20 17:46 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2011-07-20 17:54 . 2012-02-20 16:54 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-02-20 16:54 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-02-20 17:46 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 02:34 . 2012-02-19 23:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2012-02-20 17:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2011-07-22 14:39 . 2012-02-20 16:54 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
    + 2011-07-22 14:39 . 2012-02-20 17:46 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
    "Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
    "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
    R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
    S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
    S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
    S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
    S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
    S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
    S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>;
    IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    FF - prefs.js: browser.search.selectedEngine - ESV Bible
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
    "ImagePath"="system32\DRIVERS\vdrv1000.sys"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\progra~2\COMMON~1\SNAPST~1\Common\x10nets.exe
    c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe
    c:\program files (x86)\Virtual CD v10\System\vc10fwd.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-20 13:47:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-20 18:47
    ComboFix2.txt 2012-02-20 17:28
    ComboFix3.txt 2012-02-12 01:59
    ComboFix4.txt 2012-02-12 00:24
    ComboFix5.txt 2012-02-20 17:33
    .
    Pre-Run: 41,473,179,648 bytes free
    Post-Run: 41,433,329,664 bytes free
    .
    - - End Of File - - BFE2307A2DA2AF79F3A1A539BE1746B6
  14. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Anything else?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Still some malware but it looks like the hijack to the fake Google page is resolved:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\drivers\hitmanpro36.sys
    c:\windows\system32\drivers\18676779.sys
    c:\windows\BDTSupport.dll0208.old
    c:\windows\SGDetectionTool.dll0208.old
    c:\windows\PCTBDCore.dll0208.old
    ADS::
    C:\ProgramData\Temp:3440EB47
    C:\ProgramData\TempFC5A2B2
    
    FileLook::
    c:\windows\system32\DRIVERS\vdrv1000.sys 
    Extra::
    File::
    Firefox::
    Firefox-: - Profile- FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    Firefox-: - prefs.js- Search.DefaultURL 
    Firefox-: - prefs.js- Startup.Homepage
    DDS::
    uInternet Settings,ProxyOverride = <-loopback>;
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Short, last scans:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ================================
    HijackThis: First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    Tell me about this please: C:\Users\Owner\AppData\Roaming\Hensense.com
    Have you intentionally installed this? Have you considered that it may be a source of your malware?

    Logs in next reply please.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry- forgot one:

    Clear Firefox Cache
    1. Open Firefox> Click on Tools> Options
    2. Select the Advanced panel.
    3. Click on the Network tab
    4. In the Offline Storage section, click Clear Now.
    [​IMG]

    We want to make sure the search site is gone from Firefox.
  17. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    ComboFix 12-02-24.02 - Owner 02/24/2012 22:35:10.8.4 - x64
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4233 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\BDTSupport.dll0208.old"
    "c:\windows\PCTBDCore.dll0208.old"
    "c:\windows\SGDetectionTool.dll0208.old"
    "c:\windows\system32\drivers\18676779.sys"
    "c:\windows\system32\drivers\hitmanpro36.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-25 03:47 . 2012-02-25 03:47 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-02-25 03:47 . 2012-02-25 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-24 14:51 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-02-24 14:51 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll
    2012-02-24 14:49 . 2009-02-27 17:55 111992 ----a-w- c:\windows\SysWow64\acaptuser32.dll
    2012-02-23 20:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE38380C-AA93-415A-B9F0-7806DF8E60DD}\mpengine.dll
    2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files\iPod
    2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files\iTunes
    2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files (x86)\iTunes
    2012-02-22 22:35 . 2012-02-22 22:35 -------- d-----w- c:\program files (x86)\Bonjour
    2012-02-22 22:35 . 2012-02-22 22:35 -------- d-----w- c:\program files\Bonjour
    2012-02-20 20:25 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94A7BAB8-80A8-4300-8BAE-669031529976}\mpengine.dll
    2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- c:\program files\Common Files\EPSON
    2012-02-19 17:57 . 2008-11-12 08:00 118784 ----a-w- c:\windows\system32\E_ILMGYA.DLL
    2012-02-19 17:57 . 2009-10-01 08:01 88064 ----a-w- c:\windows\system32\E_IBCBGYA.DLL
    2012-02-17 19:52 . 2012-02-17 19:52 -------- d-----w- c:\program files (x86)\ESET
    2012-02-17 19:28 . 2012-02-25 03:55 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-15 22:32 . 2012-02-15 22:32 -------- d-----w- c:\programdata\FLEXnet
    2012-02-15 17:10 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-15 17:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-15 17:10 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 17:10 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-15 17:10 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-15 17:10 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-15 17:09 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 17:09 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-14 19:37 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WinPcap
    2012-02-14 17:40 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WMR14
    2012-02-13 22:13 . 2012-02-13 22:17 -------- d-----w- c:\users\Owner\AppData\Local\Google
    2012-02-13 16:27 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 01:44 . 2012-02-13 01:44 -------- d-----w- c:\users\Owner\AppData\Roaming\TeamViewer
    2012-02-13 01:41 . 2012-02-13 01:41 -------- d-----w- c:\program files (x86)\TeamViewer
    2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
    2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
    2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
    2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
    2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
    2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
    2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
    2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
    2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
    2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
    2012-02-11 14:54 . 2012-02-19 17:58 -------- d-----w- c:\programdata\EPSON
    2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
    2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
    2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
    2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
    2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
    2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
    2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
    2012-02-02 22:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
    2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
    2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
    2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
    2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
    2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-30 18:09 . 2012-02-24 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
    2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
    2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
    2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
    2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
    2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
    2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
    2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
    2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
    2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
    2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
    2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
    2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
    2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
    2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
    2012-01-28 01:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
    2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
    2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
    2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
    2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
    2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
    2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
    2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
    2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-08 07:13 . 2012-02-25 04:02 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4445CEC1-F8CD-4895-8302-771363C05F24}\mpengine.dll
    2012-01-29 10:10 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\DRIVERS\vdrv1000.sys ---
    Company: H+H Software GmbH
    File Description: Virtual CD - XP / 2003 / Vista Driver 64-Bit
    File Version: 10.0.0.78
    Product Name: Virtual CD
    Copyright: Copyright © 2000-2008 by H+H Software GmbH
    Original Filename: VDRV1000.SYS
    File size: 220696
    Created time: 2011-07-26 01:29
    Modified time: 2009-08-24 15:45
    MD5: 7439DEC2107430657350C8F2A20FE7CC
    SHA1: 9AA337A9FE011E4AE08EC50F5680137F30390A43
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-02-20_16.58.35 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-07-12 15:20 . 2011-07-12 15:20 50536 c:\windows\SysWOW64\jdns_sd.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows\SysWOW64\jdns_sd.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\SysWOW64\dnssd.dll
    - 2011-07-12 15:20 . 2011-07-12 15:20 73064 c:\windows\SysWOW64\dnssd.dll
    - 2011-07-12 15:20 . 2011-07-12 15:20 83816 c:\windows\SysWOW64\dns-sd.exe
    + 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\SysWOW64\dns-sd.exe
    + 2009-07-14 05:10 . 2012-02-25 03:52 44248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-20 17:01 . 2012-02-25 03:52 14904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
    + 2011-07-25 17:48 . 2009-08-19 20:06 36488 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
    - 2011-07-25 17:48 . 2008-04-07 09:38 24416 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    + 2011-07-25 17:48 . 2009-08-20 04:50 24416 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
    + 2011-07-25 17:48 . 2009-08-20 04:50 52568 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 61288 c:\windows\system32\jdns_sd.dll
    - 2011-07-12 15:34 . 2011-07-12 15:34 61288 c:\windows\system32\jdns_sd.dll
    - 2009-07-14 05:30 . 2012-02-19 17:57 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2009-07-14 05:30 . 2012-02-24 14:51 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2011-05-10 12:06 . 2011-05-10 12:06 51712 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaapl64.sys
    + 2011-05-10 12:06 . 2011-05-10 12:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
    + 2012-02-24 14:51 . 2009-08-20 04:50 24416 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64Vista\AdobePDFUI.dll
    + 2012-02-24 14:51 . 2009-08-20 04:50 52568 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64Vista\AdobePdf.dll
    + 2012-02-24 14:51 . 2009-08-19 20:06 36488 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64\ADREGP.DLL
    - 2011-07-12 15:34 . 2011-07-12 15:34 85864 c:\windows\system32\dnssd.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 85864 c:\windows\system32\dnssd.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 96104 c:\windows\system32\dns-sd.exe
    - 2011-07-12 15:34 . 2011-07-12 15:34 96104 c:\windows\system32\dns-sd.exe
    + 2011-07-20 19:52 . 2012-02-21 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-20 19:52 . 2012-02-15 18:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-02-21 15:52 . 2012-02-21 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-02-15 18:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-02-21 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-20 16:54 . 2012-02-20 07:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-20 16:54 . 2012-02-24 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-20 16:54 . 2012-02-20 07:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-20 16:54 . 2012-02-24 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-20 16:54 . 2012-02-24 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-20 16:54 . 2012-02-20 07:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-07-25 17:48 . 2011-07-25 17:48 65536 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
    + 2011-07-25 17:48 . 2012-02-24 14:51 65536 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
    - 2011-07-20 17:54 . 2012-02-20 16:54 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-07-20 17:54 . 2012-02-25 03:48 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-25 03:51 . 2012-02-25 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-02-25 03:51 . 2012-02-25 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-07-12 15:20 . 2011-07-12 15:20 178536 c:\windows\SysWOW64\dnssdX.dll
    + 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\SysWOW64\dnssdX.dll
    + 2009-07-14 01:18 . 2009-07-14 01:41 629760 c:\windows\system32\spool\drivers\x64\3\PSCRIPT5.DLL
    + 2011-07-25 17:48 . 2009-08-20 04:48 219504 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    - 2011-07-25 17:48 . 2008-04-07 09:37 219504 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
    + 2009-07-14 05:30 . 2012-02-24 14:51 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2012-02-19 17:57 143360 c:\windows\system32\DriverStore\infstrng.dat
    + 2009-07-14 05:30 . 2012-02-24 14:51 143360 c:\windows\system32\DriverStore\infstor.dat
    - 2009-07-14 05:30 . 2012-02-19 17:57 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2012-02-24 14:51 . 2009-08-20 04:48 219504 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64\ADUIGP.DLL
    + 2011-08-31 04:05 . 2011-08-31 04:05 212840 c:\windows\system32\dnssdX.dll
    - 2011-07-12 15:34 . 2011-07-12 15:34 212840 c:\windows\system32\dnssdX.dll
    + 2009-07-14 05:01 . 2012-02-25 03:48 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-02-20 16:54 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-25 17:48 . 2012-02-24 14:51 335872 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    - 2011-07-25 17:48 . 2011-07-25 17:48 335872 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
    + 2012-02-22 22:38 . 2012-02-22 22:38 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe
    + 2011-09-14 09:54 . 2011-09-14 09:54 236904 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn_x64.dll
    + 2011-09-14 09:54 . 2011-09-14 09:54 227176 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn.dll
    + 2011-05-10 12:06 . 2011-05-10 12:06 4517664 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaaplrc.dll
    + 2011-04-08 18:59 . 2011-04-08 18:59 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
    + 2011-11-15 01:12 . 2011-11-15 01:12 2682368 c:\windows\Installer\adaf153.msi
    + 2009-07-14 02:34 . 2012-02-24 15:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2012-02-19 23:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-07-22 14:39 . 2012-02-25 03:48 10209637 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
    + 2012-01-18 23:49 . 2012-01-18 23:49 44700672 c:\windows\Installer\adafbf2.msi
    + 2011-11-15 01:09 . 2011-11-15 01:09 11081728 c:\windows\Installer\adaf1b4.msi
    + 2011-11-29 21:38 . 2011-11-29 21:38 20304896 c:\windows\Installer\adaf0d1.msi
    + 2012-02-16 14:18 . 2012-02-16 14:18 37180928 c:\windows\Installer\1378c60c.msp
    + 2012-02-16 14:17 . 2012-02-16 14:17 125502976 c:\windows\Installer\1378c60d.msp
    + 2012-02-17 18:33 . 2012-02-17 18:33 169328128 c:\windows\Installer\1378c60b.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
    "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
    "Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
    "VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
    R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
    S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
    S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
    S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
    S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
    S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
    S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
    .
    2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
    - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
    IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
    TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
    FF - prefs.js: browser.search.selectedEngine - ESV Bible
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
    "ImagePath"="system32\DRIVERS\vdrv1000.sys"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-24 23:18:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-25 04:17
    ComboFix2.txt 2012-02-20 18:48
    ComboFix3.txt 2012-02-20 17:28
    ComboFix4.txt 2012-02-12 01:59
    ComboFix5.txt 2012-02-25 03:33
    .
    Pre-Run: 40,204,193,792 bytes free
    Post-Run: 39,902,322,688 bytes free
    .
    - - End Of File - - 9A447A9FCDF8DD8402E698D1AFAB3D98
  18. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    ESET No threats found
  19. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Results of screen317's Security Check version 0.99.31
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (10.0.2)
    Mozilla Thunderbird (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    ``````````End of Log````````````
  20. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:55:19 AM, on 2/25/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    C:\Program Files (x86)\Virtual CD v10\System\vc10fwd.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
    O4 - Global Startup: Beyond TV.lnk = C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: TotalMedia Server.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Product - 2011/07/24 13:04:19 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~2\WinTV\HCWTVS~1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    aO23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~2\COMMON~1\SNAPST~1\Common\x10nets.exe

    --
    End of file - 12928 bytes
  21. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Tell me about this please: C:\Users\Owner\AppData\Roaming\Hensense.com

    Installed ... didn't work, uninstalled a month ago
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, that entry is still on the system Suggest you ues Windows Explorer to access Computer> Local Drive> then you will have to unhide the files:

    Show Hidden Files and Folders in Windows Vista and Windows 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
    • Next, uncheck the box next to Hide protected operating system files (Recommended)
    • Then, uncheck the box next to Hide extensions for known filetypes
    • Click on Yes to Confirm
    • Click Apply then click OK
    • Go you Documents & Settings> Choose User name
    • Double click on AppDate,
    • Find the file> C:\Users\Owner\AppData\Roaming\Hensense.com
    • Do a right click> Delete.
    --------------------
    Please rehide the files.
    =================================
    HijackThis is okay and we finally got rid of the search hijack! If there are no other problems, you can Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
    ========================================
    Have a look below- you could use added security: especially in #4:
    You may find the following helpful: (Links are Bold Blue)
    Tips for added security and safer browsing:
    1. Browser Security
      [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer[/url]
      [o] Use a Site Advisor..
      Have layered Security:
    2. Antivirus Software(only one):
      [o] Comodo AV
      [o]Avast Free
      [o]Microsoft Security Essentials
    3. Firewall (only one)
      [o] Zone Alarm Free
      [o]Comodo Firewall Free
    4. Antispyware/Security: I recommend all of the following:
      [o]Spywareblaster:Protects against bad ActiveX.
      [o]IE/Spyad Restricts bad domains.
      [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Popup Stopper
    5. Stay current on updates:
      [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
      [o] Adobe Reade. Uninstall old.
      [o]Java Uninstall old.
    6. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
    7. Do regular Maintenance
      [o]To include Disc Cleanup, Defrag, Error Check/
    8. Remove Temporary Internet Files regularly:
      [o]ATF Cleaner by Atribuneor
      [o]TFC
    9. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
      [*] Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

    Please let me know if you find any bad links.

    Let me know if you have any questions.
  23. Rev1979

    Rev1979 TS Rookie Topic Starter Posts: 37

    Thank you very much.


    +-+-+-+

    A few issues:

    Restore Point failed - image attached ... after reboot and turning on MS Security Essentials Restore point succeeded

    http://www.bleepingcomputer.com/tutorials/tutorial102.htm - 404 ERROR: Page Not Found!

    http://www.bleepingcomputer.com/tutorials/using-ie-spyad-to-enhance-your-privacy/ seems out of date and doesn't seem to correspond with what I found at the download link on that page (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)

    Google Toolbar Discontinued http://www.google.com/toolbar/ff/index.html

    ID doesn't exist http://www.atribune.org/ccount/click.php?id=1 (AND site says "This program is for XP and Windows 2000 only")

    Attached Files:

  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're very welcome!

    Thank you very much for telling me about the outdated material. I am updating it now. My bad- sometimes there isn't enough time to recheck the references, but I appreciate your help.

    Google TB isn't available for Firefox as of v5. I still have FF v3 and Google TB is fine
    There is a Google Toolbar for Internet Explorer, but only IE 7 and IE8. Looks like they've taken the best features off!> http://www.google.com/toolbar., including resident spell checker and popup blocker. Fortunately, Firefox has some coverage for both.

    I had to beat it to death but I stopped the Google TB Update and Notifier. It is worrisome though because although I have deleted, blocked, removed those features,I still occasionally find it back in my Startup Menu.
    -------------------------------
    As for the Restore Point, I've not seen that message before. But it mentioned it was a 'transient' problem and glad to hear you were able to do it.

    FYI: Between Google and Microsoft, I get the feeling I am being manipulated and/or 'controlled.' That has never set well for me and sadly I see it increasing!

    [​IMG]Peace
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.