also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

TechSpot News Products Downloads Forums

Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Browser hijacked by http://search.entru.com/?s=1109

Discussion in 'Virus and Malware Removal' started by Rev1979, Feb 3, 2012.

Thread Status:: Not open for further replies.

Page 2 of 3

Rev1979 Newcomer, in training

Found it ... it was in the extension PDF Download (Nitro) ... uninstalled it and reinstalled it ... redirect gone

Thanks

Rev1979, Feb 12, 2012

#21
Bobbye Helper on the Fringe

Are you telling me that you resolved the problem and are finished?

There is still malware on the system showing in both OTL and Combofix.

Bobbye, Feb 12, 2012

#22
Rev1979 Newcomer, in training

No, just alerting you that main symptom which caused me to address this is now gone

Rev1979, Feb 12, 2012

#23
Rev1979 Newcomer, in training

Am I supposed to be doing something else?

Rev1979, Feb 16, 2012

#24

Bobbye Helper on the Fringe

We haven't gotten it all yet. Run the following please, while I check the Combofix log to see if there are other entries:

OTL Custom Scan Fixes

Run OTL

Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

Code:

:OTL
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:3440EB47
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2
[2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\ask.uk.xml
[2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\conduit.xml
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.entru.com/?s=1109"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2012/02/02 16:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/02/02 16:21:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/02 11:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/02/02 16:27:19 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ex tensions\temp
[2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\ask.uk.xml
[2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\comcast.xml
[2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\se archplugins\conduit.xml
[2012/02/02 14:42:36 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0208.old
[2012/02/02 14:42:34 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0208.old

:Commands
[purity]
[emptytemp]
[resethosts]
[CreateRestorePoint]
[Reboot]

Then click the Run Fix button at the top
Let the program run uninterrupted, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

=======================================
Please uninsatll the Conduit Engine and Hitman Pro.

Bobbye, Feb 17, 2012

#25

Bobbye Helper on the Fringe
Perhaps you cou;d takle a moment to give me information about the files I asked about in Reply #16.
----------------------------------------
Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

Code:

File:: c:\windows\system32\PerfStringBackup.TMP c:\windows\system32\drivers\hitmanpro36.sys c:\windows\system32\drivers\18676779.sys Extra:: Firefox:: Firefox-: - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ Firefox-:- prefs.js -Search.DefaultURL - Firefox-:- prefs.js -Stqrtup.Homepage - Folder:: c:\program files\Enigma Software Group c:\users\Owner\AppData\Local\Threat Expert c:\windows\BDTSupport.dll0208.old c:\windows\SGDetectionTool.dll0208.old c:\windows\PCTBDCore.dll0208.old

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;
====================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan

Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer

Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window

Continue with the directions.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==============================================
See if this will help with DDS:
Please download this file: xp_scr_fix

Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

You should then be able to run DDS.scr. It's the .scr file extension cauing the problem.
Bobbye, Feb 17, 2012

#26
Rev1979 Newcomer, in training

From #16... (sorry, slipped past me)

+++++

"Did you do an upgrade or reinstall and save some folders. There are several with the .old extension"

Yes, I think I've deleted most of them

+++++

"There a documents on the D Drive I cannot identify:

[2012/01/28 11:12:40 | 054,363,179 | ---- | M] () -- D:\Documents\kehrcjeu.flv

This is a flash video of a TV show

[2012/01/23 17:31:48 | 000,002,034 |-H-- | M] () -- D:\Documents\Default.rdp>> hidden file

Remote Desktop file
[2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip

Both are Backup files for BeyondTV

Rev1979, Feb 17, 2012

#27
Rev1979 Newcomer, in training

I don't find either Conduit Engine or Hitman Pro to uninstall

Rev1979, Feb 17, 2012

#28
Rev1979 Newcomer, in training

Otl #1

OTL logfile created on: 2/17/2012 1:40:23 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 57.72% Memory free
11.99 Gb Paging File | 8.71 Gb Available in Paging File | 72.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 35.94 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive D: | 1297.26 Gb Total Space | 203.83 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 11.55 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 160.73 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 181.91 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b72c04c7d5394da58d814e7b3ded682c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fcbbef3305d919f7623f2a51e0317cdd\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b089246a0525cbdcf55a9307fc9ad125\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6f808608348fbec463839b87c8d95a2\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7931b3d26361054481c56a4356c27b78\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\1df51a3e6802c3afae1d42f4a4615fe5\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3a3cfe31a7c09e240e9ff01ab9c1e94f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5d3ce54a29a0e8c898de1620bc274e5\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6bb6896a9623c2488ce055f455eca4d0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\841a2b4cd8d9f7e026d0b31dc46eea19\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0eecf1452a456898ab8647cb2ee9b2c1\System.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Browsers.mv0in0mr.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SnapStream.Web\4.9.2.6525__0c24ea407914d741\SnapStream.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNotifierManager.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SnapStream.DirectShow.Native.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAuthentication.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SlimMiscUtil.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SSWebServices2.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\zlibwapi.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5E 85 F9 EB E1 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ESV Bible"
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 09:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/15 12:50:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/13 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions
[2012/01/27 12:25:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/21 20:01:10 | 000,000,000 | ---D | M] (Map This) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
[2011/07/21 20:01:10 | 000,000,000 | ---D | M] ("Sourceforge Direct Download") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05ff5280-47e6-11da-8cd6-0800200c9a66}
[2012/01/27 12:25:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] ("Form History Manager") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1C609C49-F3A1-4f18-8C5E-BFBB6B5BC15D}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Print Image) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{2990C60B-0C93-496e-90F6-176E68895AF6}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2011/07/21 20:01:14 | 000,000,000 | ---D | M] ("Forecastbar Enhanced") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2011/07/21 20:01:14 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] ("Copy Plain Text") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (SlimSearch) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{8ca8ec90-9bf3-11da-a746-0800200c9a66}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2012/01/27 12:25:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Bookmarks Menu Button) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{d9a65dd1-419b-4419-bba8-15fd1aec456a}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Bandwidth Meter and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\bandwidthmeter@gotomyhelp.com
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\mgDownloadHelper@yevgenyandrov.net
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\noia2_option@kk.noia
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\speedtest@gotomyhelp.com
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\tabkit@jomel.me.uk
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\temp
[2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\ask.uk.xml
[2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\comcast.xml
[2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\conduit.xml
[2010/01/14 07:33:56 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\daemon-search.xml
[2012/02/16 13:24:08 | 000,001,489 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\esv-bible.xml
[2011/03/07 19:48:01 | 000,000,941 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\filestubecom-software.xml
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
[2012/02/11 09:39:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Social Fixer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.401_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

Rev1979, Feb 17, 2012

#29
Rev1979 Newcomer, in training

Otl #2

O1 HOSTS File: ([2012/02/17 13:33:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [EPSON Artisan 810 (Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "D:\Temp\E_SC94D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/19 08:21:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 16:49:12 | 023,824,272 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
[2012/02/15 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/02/15 12:15:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/14 14:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/14 14:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/02/14 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WM Recorder 14
[2012/02/14 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WM_R_14.10.1
[2012/02/14 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR14
[2012/02/13 17:17:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/13 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2012/02/13 12:07:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/02/13 11:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 11:27:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/13 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/02/13 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
[2012/02/13 10:40:41 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/02/13 10:38:50 | 004,403,246 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/02/13 10:29:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/12 20:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/02/12 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/02/11 22:16:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/02/11 19:07:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 19:07:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 19:07:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 19:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Epson
[2012/02/11 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nanoPEG for WinTV
[2012/02/11 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nanoPEG for WinTV
[2012/02/11 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012/02/11 10:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2012/02/11 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/02/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/02/11 09:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/02/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/02/11 09:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/02/10 19:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/02/07 15:49:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/02 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/02 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/02/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/02 16:20:58 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
[2012/02/02 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Threat Expert
[2012/02/02 14:38:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/02/02 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/02/02 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/02/02 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/02 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/02/02 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
[2012/02/02 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
[2012/02/02 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/02 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/02 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 4.01 Build 2
[2012/02/02 12:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/02 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/01 16:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/01 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/01 13:34:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
[2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoReDoTVSuite4
[2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012/01/29 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2012/01/28 18:56:44 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2012/01/28 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/01/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012/01/28 14:18:54 | 000,000,000 | ---D | C] -- D:\Documents\NetXfer
[2012/01/28 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xi
[2012/01/28 14:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xi
[2012/01/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xi
[2012/01/28 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Hensense.com
[2012/01/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetFLV
[2012/01/28 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Moyea
[2012/01/28 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2012/01/28 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/28 12:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/01/28 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/01/28 12:12:46 | 000,000,000 | ---D | C] -- D:\Documents\Freemake
[2012/01/28 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012/01/28 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FDRLab
[2012/01/28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.streamCapture
[2012/01/28 09:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/01/27 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpexplorer
[2012/01/27 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpdump-2.4
[2012/01/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 3.21
[2012/01/27 14:40:28 | 000,257,784 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
[2012/01/27 14:40:28 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
[2012/01/27 14:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[2012/01/27 14:40:25 | 000,566,008 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturing.dll
[2012/01/27 14:40:25 | 000,421,624 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
[2012/01/27 14:40:25 | 000,361,720 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturingFilter.dll
[2012/01/27 14:40:25 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutVideoMixerFilter.dll
[2012/01/27 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2012/01/27 14:05:41 | 000,000,000 | ---D | C] -- D:\Documents\Streaming Video Recorder
[2012/01/27 14:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/27 14:01:51 | 000,029,288 | -H-- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
[2012/01/27 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apowersoft
[2012/01/27 10:42:10 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
[2012/01/27 10:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Director
[2012/01/27 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Video Capture
[2012/01/24 16:11:11 | 000,000,000 | ---D | C] -- D:\Documents\Moyea
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:38:16 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/02/17 13:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 13:35:53 | 534,941,695 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 13:33:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/17 13:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
[2012/02/16 17:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
[2012/02/16 16:49:28 | 023,824,272 | ---- | M] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
[2012/02/16 13:18:27 | 318,036,324 | ---- | M] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
[2012/02/15 14:35:41 | 012,487,264 | ---- | M] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
[2012/02/15 12:53:27 | 000,417,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 12:50:17 | 000,002,147 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/15 10:50:16 | 000,001,474 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/14 19:23:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 19:23:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/14 14:34:41 | 000,002,104 | ---- | M] () -- C:\Users\Owner\Desktop\WM Converter.lnk
[2012/02/14 14:34:41 | 000,002,024 | ---- | M] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
[2012/02/14 14:34:41 | 000,001,905 | ---- | M] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
[2012/02/14 12:40:06 | 024,886,984 | ---- | M] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
[2012/02/13 17:19:17 | 000,002,311 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/13 10:40:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/02/13 10:38:59 | 004,403,246 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/02/13 10:29:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/13 10:24:08 | 000,294,400 | ---- | M] () -- C:\Users\Owner\Desktop\exeHelper.com
[2012/02/13 10:23:13 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.exe
[2012/02/12 20:41:14 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/11 19:20:00 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/02/11 15:56:57 | 000,000,382 | ---- | M] () -- C:\Windows\HCWBlast.ini
[2012/02/11 15:46:35 | 000,031,047 | ---- | M] () -- C:\Windows\Irremote.ini
[2012/02/11 15:46:09 | 000,000,483 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/02/11 15:46:09 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/02/11 15:45:17 | 000,006,213 | ---- | M] () -- C:\Windows\HCWPNP.INI
[2012/02/03 19:10:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/02/02 23:25:56 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/02/02 17:38:26 | 000,001,167 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 16:20:58 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
[2012/02/02 14:38:40 | 001,519,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/02 13:59:44 | 000,017,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 16:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/01 16:39:48 | 000,812,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/30 15:05:15 | 000,001,547 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/29 17:16:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/01/28 18:57:20 | 000,000,658 | ---- | M] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
[2012/01/28 12:47:06 | 037,665,066 | ---- | M] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
[2012/01/28 09:43:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/27 20:03:31 | 000,000,228 | ---- | M] () -- C:\Users\Owner\.swfinfo
[2012/01/23 17:31:48 | 000,002,034 | -H-- | M] () -- D:\Documents\Default.rdp
[2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 13:14:53 | 318,036,324 | ---- | C] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
[2012/02/15 14:35:28 | 012,487,264 | ---- | C] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
[2012/02/15 12:50:17 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/02/14 19:23:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 19:23:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/14 14:34:41 | 000,002,104 | ---- | C] () -- C:\Users\Owner\Desktop\WM Converter.lnk
[2012/02/14 14:34:41 | 000,002,024 | ---- | C] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
[2012/02/14 14:34:41 | 000,001,905 | ---- | C] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
[2012/02/14 12:39:53 | 024,886,984 | ---- | C] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
[2012/02/13 17:19:17 | 000,002,311 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/13 17:13:27 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
[2012/02/13 17:13:26 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
[2012/02/13 10:24:07 | 000,294,400 | ---- | C] () -- C:\Users\Owner\Desktop\exeHelper.com
[2012/02/13 10:23:09 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.exe
[2012/02/12 20:41:14 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/12 20:41:14 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/11 19:20:00 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/02/11 19:07:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 19:07:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 19:07:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 19:07:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 19:07:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 09:54:25 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/02/11 09:54:25 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/02/11 09:54:25 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/02/11 09:54:25 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/02/11 09:54:25 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/02/11 09:54:25 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/02/11 09:54:25 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/02/11 09:54:25 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/02/11 09:54:25 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/02/11 09:54:25 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/02/11 09:54:25 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/02/11 09:54:25 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/02/11 09:54:25 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/02/11 09:54:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/02/02 23:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/02/02 17:38:26 | 000,001,167 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 17:37:44 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/02 14:38:21 | 001,519,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/02 12:11:26 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/02/01 16:39:43 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/30 15:05:15 | 000,001,547 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/29 17:16:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/28 18:57:19 | 000,000,658 | ---- | C] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
[2012/01/28 12:46:47 | 037,665,066 | ---- | C] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
[2012/01/28 09:43:17 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/27 20:03:31 | 000,000,228 | ---- | C] () -- C:\Users\Owner\.swfinfo
[2012/01/27 14:40:28 | 000,376,432 | -H-- | C] () -- C:\Windows\SysWow64\x86.zip
[2012/01/23 15:27:07 | 155,893,257 | ---- | C] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:50:24 | 158,110,986 | ---- | C] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
[2011/07/27 19:49:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2011/07/27 18:36:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/07/27 13:19:23 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 15:30:24 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/07/26 15:30:23 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/07/26 15:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/07/26 10:01:44 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/07/26 10:01:44 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/07/24 12:14:54 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/24 12:09:26 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/07/23 09:17:28 | 000,812,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/21 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/20 15:44:12 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011/07/20 13:28:49 | 000,000,387 | ---- | C] () -- C:\Windows\HCWBlast_sav.ini
[2011/07/20 13:28:49 | 000,000,382 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2011/07/20 13:28:35 | 000,031,047 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/07/20 12:30:01 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2011/07/20 12:30:01 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/20 12:30:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/20 12:29:11 | 000,006,213 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/07/20 12:07:20 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/07/20 11:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/07/19 13:28:59 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/27 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acronis
[2012/01/29 17:10:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2012/01/27 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apowersoft
[2011/07/24 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
[2012/02/11 18:32:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2011/07/23 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2012/01/28 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hensense.com
[2012/02/02 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/01/28 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
[2011/07/25 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2011/07/25 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/07/26 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\proDAD
[2011/07/26 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Recordpad
[2011/07/25 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\STOIK
[2012/02/12 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/02/15 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2012/02/02 14:37:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/07/25 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite
[2012/02/13 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
[2011/07/25 20:30:25 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Virtual CD v10
[2012/01/28 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xi
[2009/07/14 00:08:49 | 000,017,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >

Rev1979, Feb 17, 2012

#30
Rev1979 Newcomer, in training

Combofix hung for 3/4 hr after reboot when preparing log ... no log

====================

Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;

Don't know what that is

Rev1979, Feb 17, 2012

#31
Rev1979 Newcomer, in training

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 17:43:54 on 2012-02-17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.3410 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~2\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Virtual CD v10\System\vc10fwd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <-loopback>;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MaxMem.lnk - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BEYOND~1.LNK - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: NXIECatcher Class: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO-X64: NetXfer - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: NetXfer: {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
FF - prefs.js: browser.search.selectedEngine - ESV Bible
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 ArcSec;archlp;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vdrv1000;vdrv1000;C:\Windows\system32\DRIVERS\vdrv1000.sys --> C:\Windows\system32\DRIVERS\vdrv1000.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-22 3246040]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-1-28 8704]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-12 3027840]
R2 VC10SecS;Virtual CD v10 Management Service;C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-7-25 145224]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
R3 AvsBluebird;FusionHDTV USB, AVStream Capture;C:\Windows\system32\drivers\bluebird64.sys --> C:\Windows\system32\drivers\bluebird64.sys [?]
R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\Windows\system32\drivers\HCWUSB264.sys --> C:\Windows\system32\drivers\HCWUSB264.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04:19;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-20 30528]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\HCWTVS~1.EXE [2012-2-11 815104]
S3 HH10Help.sys;HH10Help.sys;\??\C:\Windows\system32\drivers\HH10Help.sys --> C:\Windows\system32\drivers\HH10Help.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-17 19:52:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-17 19:49:05 -------- d-s---w- C:\ComboFix
2012-02-17 19:28:13 5544 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-02-17 19:24:08 -------- d-----w- C:\$RECYCLE.BIN
2012-02-17 19:20:35 -------- d-----w- C:\Users\Owner\AppData\Local\temp
2012-02-17 18:02:01 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC758BF3-08B4-4E24-8970-42A9161C7F9C}\mpengine.dll
2012-02-15 17:10:28 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 17:10:28 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:10:26 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 17:10:25 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 17:10:25 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:10:20 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 17:09:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 17:09:56 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 19:37:44 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-02-14 17:40:20 -------- d-----w- C:\Program Files (x86)\WMR14
2012-02-13 22:13:25 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2012-02-13 16:27:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-13 01:44:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\TeamViewer
2012-02-13 01:41:06 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-02-12 00:07:43 98816 ----a-w- C:\Windows\sed.exe
2012-02-12 00:07:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-12 00:07:43 256000 ----a-w- C:\Windows\PEV.exe
2012-02-12 00:07:43 208896 ----a-w- C:\Windows\MBR.exe
2012-02-11 20:46:37 -------- d-----w- C:\Program Files (x86)\nanoPEG for WinTV
2012-02-11 15:05:49 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2012-02-11 15:05:49 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2012-02-11 15:05:49 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2012-02-11 15:05:49 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2012-02-11 15:05:49 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2012-02-11 15:02:14 -------- d-----w- C:\Program Files (x86)\EpsonNet
2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\enppmon.dll
2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\ensppui.dll
2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\enppui.dll
2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enspres.dll
2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enpres.dll
2012-02-11 15:01:08 -------- d-----w- C:\Program Files\EpsonNet
2012-02-11 15:00:06 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-02-11 14:54:27 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-02-11 14:54:25 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-02-11 14:54:25 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-02-11 14:54:25 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-02-11 14:54:11 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL
2012-02-11 14:54:10 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL
2012-02-11 14:54:05 -------- d-----w- C:\ProgramData\EPSON
2012-02-11 14:53:55 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-02-11 14:53:55 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2012-02-11 14:53:55 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2012-02-11 14:53:55 -------- d-----w- C:\Program Files (x86)\epson
2012-02-11 00:47:53 -------- d-----w- C:\Windows\Downloaded Installations
2012-02-10 22:30:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:30:06 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
2012-02-07 20:49:19 -------- d-----w- C:\_OTL
2012-02-02 22:19:50 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-02 22:09:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-02-02 21:45:16 -------- d-----w- C:\Windows\pss
2012-02-02 19:38:12 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-02-02 19:38:10 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-02 19:38:09 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-02-02 19:37:35 -------- d-----w- C:\ProgramData\PC Tools
2012-02-02 19:37:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\TestApp
2012-02-02 19:36:47 -------- d-----w- C:\Program Files (x86)\Binnerup Consult
2012-02-02 19:30:02 -------- d-----w- C:\ProgramData\CPA_VA
2012-02-02 18:17:02 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 16:58:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-02-02 16:57:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-02 16:57:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-02 16:28:52 -------- d-----w- C:\ProgramData\IObit
2012-02-01 21:39:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-01 21:39:42 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-01 18:27:51 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
2012-01-30 18:09:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
2012-01-30 18:09:01 -------- d-----w- C:\Program Files (x86)\VideoReDoTVSuite4
2012-01-29 22:19:36 -------- d-----w- C:\Program Files\MediaInfo
2012-01-29 22:10:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\AnvSoft
2012-01-28 23:56:44 -------- d-----w- C:\Hauppauge
2012-01-28 23:41:32 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-01-28 19:16:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\Xi
2012-01-28 19:16:42 -------- d-----w- C:\Program Files (x86)\Xi
2012-01-28 18:26:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Hensense.com
2012-01-28 17:45:19 -------- d-----w- C:\Program Files (x86)\GetFLV
2012-01-28 17:36:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Moyea
2012-01-28 17:25:57 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-01-28 17:12:42 -------- d-----w- C:\Program Files (x86)\Freemake
2012-01-28 15:57:56 -------- d-----w- C:\Program Files (x86)\FDRLab
2012-01-28 15:42:54 -------- d-----w- C:\Users\Owner\.streamCapture
2012-01-28 01:21:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-28 01:20:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-28 01:18:48 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-28 01:18:47 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-28 01:18:47 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-28 01:18:44 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-28 01:18:44 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-28 01:16:24 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-28 01:16:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-27 19:40:28 257784 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40:28 175864 ---ha-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-01-27 19:40:25 566008 ---ha-w- C:\Windows\System32\BytescoutScreenCapturing.dll
2012-01-27 19:40:25 421624 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
2012-01-27 19:40:25 361720 ---ha-w- C:\Windows\System32\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40:25 231672 ---ha-w- C:\Windows\System32\BytescoutVideoMixerFilter.dll
2012-01-27 19:40:17 -------- d-----w- C:\Program Files\Apowersoft
2012-01-27 19:01:51 29288 ---ha-w- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys
2012-01-27 19:01:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Apowersoft
2012-01-27 15:42:10 -------- d-----w- C:\Windows\Applian Director
2012-01-27 15:42:09 -------- d-----w- C:\Program Files (x86)\Applian Director
2012-01-27 15:41:59 -------- d-----w- C:\Program Files (x86)\Replay Video Capture
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-27 22:40:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:44:14.83 ===============

Rev1979, Feb 17, 2012

#32
Rev1979 Newcomer, in training

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2011 12:53:57 PM
System Uptime: 2/17/2012 2:22:45 PM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-USB3
Processor: AMD Athlon(tm) II X4 635 Processor | Socket M2 | 2900/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 35.083 GiB free.
D: is FIXED (NTFS) - 1297 GiB total, 240.959 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 11.548 GiB free.
H: is FIXED (NTFS) - 1397 GiB total, 44.165 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 52.358 GiB free.
J: is FIXED (NTFS) - 1397 GiB total, 14.045 GiB free.
K: is FIXED (NTFS) - 1863 GiB total, 160.732 GiB free.
M: is CDROM ()
N: is CDROM ()
O: is Removable
P: is CDROM ()
Q: is CDROM ()
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP145: 2/14/2012 7:20:07 PM - Windows Update
RP146: 2/15/2012 11:00:10 AM - Windows Update
RP147: 2/15/2012 12:10:39 PM - Windows Update
RP148: 2/16/2012 12:59:42 PM - Windows Update
RP149: 2/17/2012 1:01:49 PM - Windows Update
RP150: 2/17/2012 1:33:58 PM - OTL Restore Point
.
==== Installed Programs ======================
.
@BIOS
Acronis*True*Image*Home
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Flash Player 11 Plugin
Aimersoft Media Converter(Build 1.4.2.1)
AnalogX MaxMem
Any Video Converter 3.3.4
AnyDVD
Apple Application Support
Apple Software Update
Applian Director
ArcSoft TotalMedia Theatre 5
AudibleManager
Avid Studio
Avid Studio Bonus Content
Avid Studio Plugins
Avid Studio Registration Freebie - Adorage Vol. 11 Selection
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Belarc Advisor 8.2
Beyond TV DVD Burning Foundation
Boris Graffiti
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Digital Voice Editor 3
DolbyFiles
DVDFab 8.0.9.0 (09/05/2011) Qt
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Rip
Getting Started with Avid Studio MULTILINGUAL
Google Chrome
Hard Disk Sentinel PRO
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV TV Services
High-Definition Video Playback 10
ImagXpress
InterVideo FilterSDK for Hauppauge
Knoll Light Factory EZ Studio
LG Tool Kit
LightScribe System Software
Magic Bullet Looks Studio
Malwarebytes Anti-Malware version 1.60.1.1000
Menu Templates - Starter Kit
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MixPad Audio Mixer
Movie Templates - Starter Kit
Mozilla Firefox 10.0.1 (x86 en-US)
Mozilla Thunderbird 10.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Movies for Windows Media Center
nanoPEG-Editor 2.6.0 for WinTV
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero Disc Copy Gadget
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero PhotoSnap
Nero Recode
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero Rescue Agent
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero ShowTime
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero StartSmart OEM
Nero Update
Nero Vision
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroBurningROM
NeroExpress
neroxml
NetTransport 2.96c.620
NewBlue Video Essentials Special for Studio
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B10.0427.1
Pinnacle Creative Pack Volume 1
Pinnacle Creative Pack Volume 2
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
proDAD Mercalli 1.0
proDAD Vitascene 1.0
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Renesas Electronics USB 3.0 Host Controller Driver
Replay Video Capture
Revo Uninstaller 1.93
ScoreFitter Volume 1
ScoreFitter Volume 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Smart Defrag 2
SnapStream Beyond TV 4.9.2
Snapstream Firefly 1.2.1.916
SnapStream Firefly Mini 1.0.2
SoundTrax
STOIK Video Converter 2
Studio Premium Pack 1
SureThing Express Labeler
Switch Sound File Converter
TeamViewer 7
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoReDo TVSuite Version 3.20.2.616
VideoReDo TVSuite Version 4.20.7.629
Virtual CD v10
VirtualCloneDrive
Visual Studio 2005 Redist Package
VLC media player 1.1.11
VOB2MPG PRO
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WM Recorder
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 2:24:02 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/17/2012 2:21:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/17/2012 2:12:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/17/2012 1:33:03 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
2/14/2012 7:00:24 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
2/13/2012 11:38:09 AM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: fe80:0000:0000:0000:e126:1795:7bb2:e33e.
2/11/2012 6:20:23 PM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).
2/11/2012 12:17:07 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
2/11/2012 10:22:19 AM, Error: Schannel [36887] - The following fatal alert was received: 42.
2/10/2012 10:20:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Rev1979, Feb 17, 2012

#33
Rev1979 Newcomer, in training

ESET no log

Rev1979, Feb 17, 2012

#34
Bobbye Helper on the Fringe
Combofix is on the desktop: C:\Users\Owner\Desktop\ComboFix.exeC:\Users\Owner\Desktop\ComboFix.exe. Please run again.

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com

Rkill.scr

Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.

Double-click on exeHelper.com or exeHelper.scr to run the fix tool.

A black window should pop up, press any key to close once the fix is completed.

A log file called exehelperlog.txt will be created and should open at the end of the scan)

A copy of that log will also be saved in the directory where you ran exeHelper.com

Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.
Bobbye, Feb 19, 2012

#35
Rev1979 Newcomer, in training

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/20/2012 at 12:30:45.
Operating System: Windows 7 Professional

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe

Rkill completed on 02/20/2012 at 12:30:56.

Rev1979, Feb 20, 2012

#36
Rev1979 Newcomer, in training

exeHelper by Raktor
Build 20100414
Run at 12:32:06 on 02/20/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Rev1979, Feb 20, 2012

#37
Rev1979 Newcomer, in training

ComboFix 12-02-19.02 - Owner 02/20/2012 12:33:59.7.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4012 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 19:31 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B77D1A7E-30FF-454D-8448-7D46F10E5642}\mpengine.dll
2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-19 17:57 . 2008-11-12 08:00 118784 ----a-w- c:\windows\system32\E_ILMGYA.DLL
2012-02-19 17:57 . 2009-10-01 08:01 88064 ----a-w- c:\windows\system32\E_IBCBGYA.DLL
2012-02-17 19:52 . 2012-02-17 19:52 -------- d-----w- c:\program files (x86)\ESET
2012-02-17 19:28 . 2012-02-20 17:53 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-15 22:32 . 2012-02-15 22:32 -------- d-----w- c:\programdata\FLEXnet
2012-02-15 17:10 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:10 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:10 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:10 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:10 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:09 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:09 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 19:37 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WinPcap
2012-02-14 17:40 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WMR14
2012-02-13 22:13 . 2012-02-13 22:17 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-02-13 16:27 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 01:44 . 2012-02-13 01:44 -------- d-----w- c:\users\Owner\AppData\Roaming\TeamViewer
2012-02-13 01:41 . 2012-02-13 01:41 -------- d-----w- c:\program files (x86)\TeamViewer
2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
2012-02-11 14:54 . 2012-02-19 17:58 -------- d-----w- c:\programdata\EPSON
2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
2012-02-02 22:19 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-01 18:27 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
2012-01-30 18:09 . 2012-02-20 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
2012-01-28 01:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-20_16.58.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-20 17:49 44248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-20 17:01 . 2012-02-20 17:49 14816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
+ 2011-07-20 17:54 . 2012-02-20 17:46 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-20 17:54 . 2012-02-20 16:54 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-20 16:54 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-20 17:46 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-02-19 23:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-20 17:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-07-22 14:39 . 2012-02-20 16:54 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
+ 2011-07-22 14:39 . 2012-02-20 17:46 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;
IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
FF - prefs.js: browser.search.selectedEngine - ESV Bible
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\progra~2\COMMON~1\SNAPST~1\Common\x10nets.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe
c:\program files (x86)\Virtual CD v10\System\vc10fwd.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
.
**************************************************************************
.
Completion time: 2012-02-20 13:47:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 18:47
ComboFix2.txt 2012-02-20 17:28
ComboFix3.txt 2012-02-12 01:59
ComboFix4.txt 2012-02-12 00:24
ComboFix5.txt 2012-02-20 17:33
.
Pre-Run: 41,473,179,648 bytes free
Post-Run: 41,433,329,664 bytes free
.
- - End Of File - - BFE2307A2DA2AF79F3A1A539BE1746B6

Rev1979, Feb 20, 2012

#38
Rev1979 Newcomer, in training

Anything else?

Rev1979, Feb 24, 2012

#39
Bobbye Helper on the Fringe
Still some malware but it looks like the hijack to the fake Google page is resolved:

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

Code:

File:: c:\windows\system32\drivers\hitmanpro36.sys c:\windows\system32\drivers\18676779.sys c:\windows\BDTSupport.dll0208.old c:\windows\SGDetectionTool.dll0208.old c:\windows\PCTBDCore.dll0208.old ADS:: C:\ProgramData\Temp:3440EB47 C:\ProgramData\TempFC5A2B2 FileLook:: c:\windows\system32\DRIVERS\vdrv1000.sys Extra:: File:: Firefox:: Firefox-: - Profile- FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\ Firefox-: - prefs.js- Search.DefaultURL Firefox-: - prefs.js- Startup.Homepage DDS:: uInternet Settings,ProxyOverride = <-loopback>; Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Short, last scans:
To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan

Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer

Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window

Continue with the directions.

Check 'Yes I accept terms of use.'

Click Start button

Accept any security warnings from your browser.

Uncheck 'Remove found threats'

Check 'Scan archives/

Leave remaining settings as is.

Press the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.

When the scan completes, press List of found threats

Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.

Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
================================
Download Security Check by screen317 and save to the desktop

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt please

Post the contents of that document.

================================
HijackThis: First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis and save to your desktop.

Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'

Extract it to the directory on your hard drive you created C:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
Tell me about this please: C:\Users\Owner\AppData\Roaming\Hensense.com

A larger Chinese site is available at the root URL. The site appears to be that of an individual, likely based in China or Taiwan.
Hensense.com produces CooJah a product to extract video or music from download streams.
Download videos with Coojah> The program installs a sniffer that captures all network resources requested by the computer and difficult resources are easily downloadable. It's like debugging tool Dragonfly from Opera, just that one step further in detection.
"We start the installation...will be in chinese, but as the installers are traced from each other, there will be not problems."

Have you intentionally installed this? Have you considered that it may be a source of your malware?

Logs in next reply please.
Bobbye, Feb 24, 2012

#40

(You must log in or sign up to reply here.)

Page 2 of 3

Thread Status:: Not open for further replies.

TechSpot | Technology News and Analysis
Copyright © 1998-2012, TechSpot, Inc.
Forum software by XenForo™
TechSpot is a registered trademark
All Rights Reserved