Solved Browser hijacked by http://search.entru.com/?s=1109

[Bobbye]

Perhaps you cou;d takle a moment to give me information about the files I asked about in Reply #16.
----------------------------------------
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\drivers\hitmanpro36.sys
c:\windows\system32\drivers\18676779.sys
Extra::
Firefox:: 
Firefox-: - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
Firefox-:- prefs.js -Search.DefaultURL -
Firefox-:- prefs.js -Stqrtup.Homepage -

Folder::
c:\program files\Enigma Software Group
c:\users\Owner\AppData\Local\Threat Expert
c:\windows\BDTSupport.dll0208.old
c:\windows\SGDetectionTool.dll0208.old
c:\windows\PCTBDCore.dll0208.old

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;
====================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==============================================
See if this will help with DDS:
Please download this file: xp_scr_fix

Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

You should then be able to run DDS.scr. It's the .scr file extension cauing the problem.

 

[Rev1979]

From #16... (sorry, slipped past me)

+++++

"Did you do an upgrade or reinstall and save some folders. There are several with the .old extension"

Yes, I think I've deleted most of them

+++++

"There a documents on the D Drive I cannot identify:

[2012/01/28 11:12:40 | 054,363,179 | ---- | M] () -- D:\Documents\kehrcjeu.flv

This is a flash video of a TV show

[2012/01/23 17:31:48 | 000,002,034 |-H-- | M] () -- D:\Documents\Default.rdp>> hidden file

Remote Desktop file
[2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip

Both are Backup files for BeyondTV

 

[Rev1979]

I don't find either Conduit Engine or Hitman Pro to uninstall

 

[Rev1979]

Otl #1

OTL logfile created on: 2/17/2012 1:40:23 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.46 Gb Available Physical Memory | 57.72% Memory free
11.99 Gb Paging File | 8.71 Gb Available in Paging File | 72.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 35.94 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive D: | 1297.26 Gb Total Space | 203.83 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
Drive G: | 1397.26 Gb Total Space | 11.55 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 44.17 Gb Free Space | 3.16% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 52.36 Gb Free Space | 3.75% Space Free | Partition Type: NTFS
Drive J: | 1397.26 Gb Total Space | 14.05 Gb Free Space | 1.01% Space Free | Partition Type: NTFS
Drive K: | 1863.01 Gb Total Space | 160.73 Gb Free Space | 8.63% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 181.91 Gb Free Space | 19.53% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: HTPC1 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
PRC - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
PRC - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
PRC - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe (SnapStream Media)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
PRC - C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b72c04c7d5394da58d814e7b3ded682c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fcbbef3305d919f7623f2a51e0317cdd\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b089246a0525cbdcf55a9307fc9ad125\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c6f808608348fbec463839b87c8d95a2\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7931b3d26361054481c56a4356c27b78\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\1df51a3e6802c3afae1d42f4a4615fe5\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3a3cfe31a7c09e240e9ff01ab9c1e94f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f5d3ce54a29a0e8c898de1620bc274e5\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\6bb6896a9623c2488ce055f455eca4d0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\841a2b4cd8d9f7e026d0b31dc46eea19\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0eecf1452a456898ab8647cb2ee9b2c1\System.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MyMoviesCommon\3.2.2.0__4f079cf7f10a3651\MyMoviesCommon.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ec9fb48d48efff299373f3153d3f3b6f\mscorlib.ni.dll ()
MOD - C:\ProgramData\SnapStream\Beyond TV\ASPNetTemp\root\2174df64\811e7b63\App_Browsers.mv0in0mr.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SnapStream.Web\4.9.2.6525__0c24ea407914d741\SnapStream.Web.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNotifierManager.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SnapStream.DirectShow.Native.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAuthentication.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SlimMiscUtil.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\SSWebServices2.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
MOD - C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll ()
MOD - C:\Program Files (x86)\Virtual CD v10\System\ogg.dll ()
MOD - C:\Program Files (x86)\SnapStream Media\Beyond TV\zlibwapi.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VC10SecS) -- C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (x10nets) -- C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (ArcSec) -- C:\Windows\SysNative\drivers\ArcSec.sys ()
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AvsBluebird) -- C:\Windows\SysNative\drivers\bluebird64.sys (Dvico, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hcw89) -- C:\Windows\SysNative\drivers\hcw89.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vdrv1000) -- C:\Windows\SysNative\drivers\vdrv1000.sys (H+H Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (HH10Help.sys) -- C:\Windows\SysNative\drivers\HH10Help.sys (H+H Software GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\drivers\vcd10bus.sys (H+H Software GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Si3132r5) -- C:\Windows\SysNative\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV:64bit: - (hcwAVD2) -- C:\Windows\SysNative\drivers\HCWUSB264.sys (Conexant Systems, Inc.)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 5E 85 F9 EB E1 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ESV Bible"
FF - prefs.js..browser.startup.homepage: "www.google.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 09:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/15 12:50:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/02/12 12:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/13 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions
[2012/01/27 12:25:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/07/21 20:01:10 | 000,000,000 | ---D | M] (Map This) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}
[2011/07/21 20:01:10 | 000,000,000 | ---D | M] ("Sourceforge Direct Download") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{05ff5280-47e6-11da-8cd6-0800200c9a66}
[2012/01/27 12:25:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] ("Form History Manager") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1C609C49-F3A1-4f18-8C5E-BFBB6B5BC15D}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Print Image) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{2990C60B-0C93-496e-90F6-176E68895AF6}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/07/21 20:01:13 | 000,000,000 | ---D | M] (WindowsUpdate) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2b}
[2011/07/21 20:01:14 | 000,000,000 | ---D | M] ("Forecastbar Enhanced") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2011/07/21 20:01:14 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Duplicate Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] ("Copy Plain Text") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (SlimSearch) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{8ca8ec90-9bf3-11da-a746-0800200c9a66}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (D-Link Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{926a10d2-4ce7-4331-b96f-ca4e22590fac}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/07/21 20:01:15 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2012/01/27 12:25:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Bookmarks Menu Button) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{d9a65dd1-419b-4419-bba8-15fd1aec456a}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/07/21 20:01:16 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Bandwidth Meter and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\bandwidthmeter@gotomyhelp.com
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (MegaUpload DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\mgDownloadHelper@yevgenyandrov.net
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\noia2_option@kk.noia
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\speedtest@gotomyhelp.com
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\tabkit@jomel.me.uk
[2011/07/21 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\temp
[2011/03/07 21:34:23 | 000,001,871 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\ask.uk.xml
[2012/02/10 19:51:00 | 000,001,218 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\comcast.xml
[2009/10/21 19:01:26 | 000,000,866 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\conduit.xml
[2010/01/14 07:33:56 | 000,002,055 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\daemon-search.xml
[2012/02/16 13:24:08 | 000,001,489 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\esv-bible.xml
[2011/03/07 19:48:01 | 000,000,941 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\searchplugins\filestubecom-software.xml
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{04514A2C-A3AB-4F47-8688-55F911B0FE75}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{39952C40-5197-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{5E594888-3E8E-47DA-B2C6-B0B545112F84}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I4Y12BXE.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
[2012/02/11 09:39:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 08:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 08:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Social Fixer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.401_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

[Rev1979]

Otl #2

O1 HOSTS File: ([2012/02/17 13:33:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe (SnapStream Media)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [My Movies Tray] C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe (Binnerup Consult)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [EPSON Artisan 810 (Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "D:\Temp\E_SC94D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe (AnalogX, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/19 08:21:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 16:49:12 | 023,824,272 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
[2012/02/15 17:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/02/15 12:15:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/14 14:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/02/14 14:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/02/14 14:34:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WM Recorder 14
[2012/02/14 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WM_R_14.10.1
[2012/02/14 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMR14
[2012/02/13 17:17:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/13 17:13:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2012/02/13 12:07:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/02/13 11:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 11:27:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/13 10:41:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
[2012/02/13 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\gmer
[2012/02/13 10:40:41 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/02/13 10:38:50 | 004,403,246 | ---- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/02/13 10:29:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/12 20:44:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/02/12 20:41:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/02/11 22:16:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/11 21:00:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/02/11 19:07:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 19:07:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 19:07:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 19:02:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 18:32:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Epson
[2012/02/11 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nanoPEG for WinTV
[2012/02/11 15:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nanoPEG for WinTV
[2012/02/11 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
[2012/02/11 10:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2012/02/11 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/02/11 10:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/02/11 09:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/02/11 09:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/02/11 09:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/11 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/02/10 19:47:53 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/02/07 15:49:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/02 17:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/02/02 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/02/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/02 16:20:58 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
[2012/02/02 15:00:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Threat Expert
[2012/02/02 14:38:12 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/02/02 14:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/02/02 14:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/02/02 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/02 14:37:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TestApp
[2012/02/02 14:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binnerup Consult
[2012/02/02 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Movies
[2012/02/02 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/02 14:28:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/02 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 4.01 Build 2
[2012/02/02 12:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/02 11:58:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/02 11:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/02 11:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/02 11:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/02/01 16:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/02/01 16:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/01 13:34:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
[2012/01/30 13:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoReDoTVSuite4
[2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
[2012/01/29 17:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo
[2012/01/29 17:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2012/01/28 18:56:44 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2012/01/28 18:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/01/28 18:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012/01/28 14:18:54 | 000,000,000 | ---D | C] -- D:\Documents\NetXfer
[2012/01/28 14:16:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xi
[2012/01/28 14:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xi
[2012/01/28 14:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xi
[2012/01/28 13:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Hensense.com
[2012/01/28 12:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetFLV
[2012/01/28 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Moyea
[2012/01/28 12:26:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\vlc
[2012/01/28 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/01/28 12:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/01/28 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012/01/28 12:12:46 | 000,000,000 | ---D | C] -- D:\Documents\Freemake
[2012/01/28 12:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2012/01/28 10:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FDRLab
[2012/01/28 10:42:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\.streamCapture
[2012/01/28 09:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/01/27 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpexplorer
[2012/01/27 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rtmpdump-2.4
[2012/01/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\My Movies for Windows Media Center 3.21
[2012/01/27 14:40:28 | 000,257,784 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
[2012/01/27 14:40:28 | 000,175,864 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
[2012/01/27 14:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
[2012/01/27 14:40:25 | 000,566,008 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturing.dll
[2012/01/27 14:40:25 | 000,421,624 | -H-- | C] (Bytescout) -- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
[2012/01/27 14:40:25 | 000,361,720 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutScreenCapturingFilter.dll
[2012/01/27 14:40:25 | 000,231,672 | -H-- | C] (Bytescout) -- C:\Windows\SysNative\BytescoutVideoMixerFilter.dll
[2012/01/27 14:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2012/01/27 14:05:41 | 000,000,000 | ---D | C] -- D:\Documents\Streaming Video Recorder
[2012/01/27 14:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/27 14:01:51 | 000,029,288 | -H-- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
[2012/01/27 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apowersoft
[2012/01/27 10:42:10 | 000,000,000 | ---D | C] -- C:\Windows\Applian Director
[2012/01/27 10:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Director
[2012/01/27 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Video Capture
[2012/01/24 16:11:11 | 000,000,000 | ---D | C] -- D:\Documents\Moyea
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:44:12 | 000,006,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 13:38:16 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/02/17 13:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 13:35:53 | 534,941,695 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 13:33:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/17 13:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
[2012/02/16 17:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
[2012/02/16 16:49:28 | 023,824,272 | ---- | M] (Any-Video-Converter.com ) -- C:\Users\Owner\Desktop\avc-free (3.3.4).exe
[2012/02/16 13:18:27 | 318,036,324 | ---- | M] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
[2012/02/15 14:35:41 | 012,487,264 | ---- | M] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
[2012/02/15 12:53:27 | 000,417,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 12:50:17 | 000,002,147 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/02/15 10:50:16 | 000,001,474 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/14 19:23:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 19:23:12 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/14 14:34:41 | 000,002,104 | ---- | M] () -- C:\Users\Owner\Desktop\WM Converter.lnk
[2012/02/14 14:34:41 | 000,002,024 | ---- | M] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
[2012/02/14 14:34:41 | 000,001,905 | ---- | M] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
[2012/02/14 12:40:06 | 024,886,984 | ---- | M] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
[2012/02/13 17:19:17 | 000,002,311 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/13 10:40:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/02/13 10:38:59 | 004,403,246 | ---- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/02/13 10:29:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/02/13 10:24:08 | 000,294,400 | ---- | M] () -- C:\Users\Owner\Desktop\exeHelper.com
[2012/02/13 10:23:13 | 001,008,141 | ---- | M] () -- C:\Users\Owner\Desktop\rkill.exe
[2012/02/12 20:41:14 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/11 19:20:00 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/02/11 15:56:57 | 000,000,382 | ---- | M] () -- C:\Windows\HCWBlast.ini
[2012/02/11 15:46:35 | 000,031,047 | ---- | M] () -- C:\Windows\Irremote.ini
[2012/02/11 15:46:09 | 000,000,483 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/02/11 15:46:09 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/02/11 15:45:17 | 000,006,213 | ---- | M] () -- C:\Windows\HCWPNP.INI
[2012/02/03 19:10:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/02/02 23:25:56 | 000,000,017 | ---- | M] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/02/02 17:38:26 | 000,001,167 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 16:20:58 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\18676779.sys
[2012/02/02 14:38:40 | 001,519,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/02 13:59:44 | 000,017,920 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 16:39:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/01 16:39:48 | 000,812,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/30 15:05:15 | 000,001,547 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/29 17:16:45 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/01/28 18:57:20 | 000,000,658 | ---- | M] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
[2012/01/28 12:47:06 | 037,665,066 | ---- | M] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
[2012/01/28 09:43:17 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/27 20:03:31 | 000,000,228 | ---- | M] () -- C:\Users\Owner\.swfinfo
[2012/01/23 17:31:48 | 000,002,034 | -H-- | M] () -- D:\Documents\Default.rdp
[2012/01/23 15:28:54 | 155,893,257 | ---- | M] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:52:04 | 158,110,986 | ---- | M] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/16 13:14:53 | 318,036,324 | ---- | C] () -- C:\Users\Owner\Desktop\Harrison Speaks Before House Committee.mov
[2012/02/15 14:35:28 | 012,487,264 | ---- | C] () -- C:\Users\Owner\Desktop\SUFT_2-15-12.mp3
[2012/02/15 12:50:17 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/02/14 19:23:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/14 19:23:12 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/14 14:34:41 | 000,002,104 | ---- | C] () -- C:\Users\Owner\Desktop\WM Converter.lnk
[2012/02/14 14:34:41 | 000,002,024 | ---- | C] () -- C:\Users\Owner\Desktop\LOOPBACK.lnk
[2012/02/14 14:34:41 | 000,001,905 | ---- | C] () -- C:\Users\Owner\Desktop\WM Recorder 14.lnk
[2012/02/14 12:39:53 | 024,886,984 | ---- | C] () -- C:\Users\Owner\Desktop\install_wmrecorder.exe
[2012/02/13 17:19:17 | 000,002,311 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/13 17:13:27 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
[2012/02/13 17:13:26 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
[2012/02/13 10:24:07 | 000,294,400 | ---- | C] () -- C:\Users\Owner\Desktop\exeHelper.com
[2012/02/13 10:23:09 | 001,008,141 | ---- | C] () -- C:\Users\Owner\Desktop\rkill.exe
[2012/02/12 20:41:14 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/12 20:41:14 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/02/11 19:20:00 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/02/11 19:07:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 19:07:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 19:07:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 19:07:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 19:07:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 18:26:08 | 000,006,448 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 09:54:25 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/02/11 09:54:25 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/02/11 09:54:25 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/02/11 09:54:25 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/02/11 09:54:25 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/02/11 09:54:25 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/02/11 09:54:25 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/02/11 09:54:25 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/02/11 09:54:25 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/02/11 09:54:25 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/02/11 09:54:25 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/02/11 09:54:25 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/02/11 09:54:25 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/02/11 09:54:25 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/02/11 09:54:25 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/02/11 09:54:25 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/02/11 09:54:25 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/02/11 09:54:25 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/02/02 23:25:56 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/02/02 17:38:26 | 000,001,167 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 17:37:44 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/02 14:38:21 | 001,519,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/02 12:11:26 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/02/01 16:39:43 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/30 15:05:15 | 000,001,547 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/29 17:16:43 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/28 18:57:19 | 000,000,658 | ---- | C] () -- C:\Users\Owner\Desktop\CD Digital 3.4.lnk
[2012/01/28 12:46:47 | 037,665,066 | ---- | C] () -- C:\Users\Owner\Desktop\cd-digital-34.exe
[2012/01/28 09:43:17 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/01/27 20:03:31 | 000,000,228 | ---- | C] () -- C:\Users\Owner\.swfinfo
[2012/01/27 14:40:28 | 000,376,432 | -H-- | C] () -- C:\Windows\SysWow64\x86.zip
[2012/01/23 15:27:07 | 155,893,257 | ---- | C] () -- D:\Documents\BTV_1_23_2012_(BUILD_6525).zip
[2012/01/21 16:50:24 | 158,110,986 | ---- | C] () -- D:\Documents\BTV_1_21_2012_(BUILD_6525).zip
[2011/07/27 19:49:32 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2011/07/27 18:36:05 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2011/07/27 13:19:23 | 000,017,920 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 15:30:24 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/07/26 15:30:23 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/07/26 15:30:23 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/07/26 10:01:44 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/07/26 10:01:44 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2011/07/24 12:14:54 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/07/24 12:09:26 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/07/23 09:17:28 | 000,812,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/21 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/20 15:44:12 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011/07/20 13:28:49 | 000,000,387 | ---- | C] () -- C:\Windows\HCWBlast_sav.ini
[2011/07/20 13:28:49 | 000,000,382 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2011/07/20 13:28:35 | 000,031,047 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/07/20 12:30:01 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\hcwChDB.dll
[2011/07/20 12:30:01 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/20 12:30:01 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/20 12:29:11 | 000,006,213 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/07/20 12:07:20 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/07/20 11:55:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/07/19 13:28:59 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\uuirtdrv.dll
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/08/27 02:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/27 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acronis
[2012/01/29 17:10:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2012/01/27 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apowersoft
[2011/07/24 15:11:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
[2012/02/11 18:32:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Epson
[2011/07/23 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2012/01/28 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hensense.com
[2012/02/02 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/01/28 12:36:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Moyea
[2011/07/25 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
[2011/07/25 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/07/26 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\proDAD
[2011/07/26 08:15:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Recordpad
[2011/07/25 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\STOIK
[2012/02/12 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/02/15 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2012/02/02 14:37:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TestApp
[2011/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird
[2011/07/25 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite
[2012/02/13 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
[2011/07/25 20:30:25 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Virtual CD v10
[2012/01/28 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xi
[2009/07/14 00:08:49 | 000,017,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >

 

[Rev1979]

Combofix hung for 3/4 hr after reboot when preparing log ... no log

====================

Did you set this>> uInternet Settings,ProxyOverride = <-loopback>;

Don't know what that is

 

[Rev1979]

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 17:43:54 on 2012-02-17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.3410 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~2\COMMON~1\SNAPST~1\Common\x10nets.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Virtual CD v10\System\VC10Tray.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Virtual CD v10\System\vc10fwd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <-loopback>;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: NXIECatcher Class: {83b80a9c-d91a-4f22-8dcf-ea7204039f79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: NetXfer: {c16cbaac-a75c-4db5-a0dd-cdf5cafcdd3a} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MaxMem.lnk - C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BEYOND~1.LNK - C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05} : DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: NXIECatcher Class: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
BHO-X64: NetXfer - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: NetXfer: {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
FF - prefs.js: browser.search.selectedEngine - ESV Bible
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 ArcSec;archlp;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vdrv1000;vdrv1000;C:\Windows\system32\DRIVERS\vdrv1000.sys --> C:\Windows\system32\DRIVERS\vdrv1000.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-7-22 3246040]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-1-28 8704]
R2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-12 3027840]
R2 VC10SecS;Virtual CD v10 Management Service;C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-7-25 145224]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
R3 AvsBluebird;FusionHDTV USB, AVStream Capture;C:\Windows\system32\drivers\bluebird64.sys --> C:\Windows\system32\drivers\bluebird64.sys [?]
R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?]
R3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;C:\Windows\system32\drivers\HCWUSB264.sys --> C:\Windows\system32\drivers\HCWUSB264.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04:19;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-14 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-7-20 30528]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\HCWTVS~1.EXE [2012-2-11 815104]
S3 HH10Help.sys;HH10Help.sys;\??\C:\Windows\system32\drivers\HH10Help.sys --> C:\Windows\system32\drivers\HH10Help.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-17 19:52:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-17 19:49:05 -------- d-s---w- C:\ComboFix
2012-02-17 19:28:13 5544 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-02-17 19:24:08 -------- d-----w- C:\$RECYCLE.BIN
2012-02-17 19:20:35 -------- d-----w- C:\Users\Owner\AppData\Local\temp
2012-02-17 18:02:01 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC758BF3-08B4-4E24-8970-42A9161C7F9C}\mpengine.dll
2012-02-15 17:10:28 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 17:10:28 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 17:10:26 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 17:10:25 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 17:10:25 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 17:10:20 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 17:09:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 17:09:56 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-14 19:37:44 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-02-14 17:40:20 -------- d-----w- C:\Program Files (x86)\WMR14
2012-02-13 22:13:25 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2012-02-13 16:27:55 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-13 01:44:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\TeamViewer
2012-02-13 01:41:06 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-02-12 00:07:43 98816 ----a-w- C:\Windows\sed.exe
2012-02-12 00:07:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-12 00:07:43 256000 ----a-w- C:\Windows\PEV.exe
2012-02-12 00:07:43 208896 ----a-w- C:\Windows\MBR.exe
2012-02-11 20:46:37 -------- d-----w- C:\Program Files (x86)\nanoPEG for WinTV
2012-02-11 15:05:49 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll
2012-02-11 15:05:49 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll
2012-02-11 15:05:49 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll
2012-02-11 15:05:49 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll
2012-02-11 15:05:49 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll
2012-02-11 15:02:14 -------- d-----w- C:\Program Files (x86)\EpsonNet
2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\ensppmon.dll
2012-02-11 15:01:08 558592 ----a-w- C:\Windows\System32\enppmon.dll
2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\ensppui.dll
2012-02-11 15:01:08 538112 ----a-w- C:\Windows\System32\enppui.dll
2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enspres.dll
2012-02-11 15:01:08 250880 ----a-w- C:\Windows\System32\enpres.dll
2012-02-11 15:01:08 -------- d-----w- C:\Program Files\EpsonNet
2012-02-11 15:00:06 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON
2012-02-11 14:54:27 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-02-11 14:54:25 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2012-02-11 14:54:25 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2012-02-11 14:54:25 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2012-02-11 14:54:25 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2012-02-11 14:54:11 118784 ----a-w- C:\Windows\System32\E_ILMFRA.DLL
2012-02-11 14:54:10 81920 ----a-w- C:\Windows\System32\E_IBCBFRA.DLL
2012-02-11 14:54:05 -------- d-----w- C:\ProgramData\EPSON
2012-02-11 14:53:55 459776 ----a-w- C:\Windows\System32\esxwiaud.dll
2012-02-11 14:53:55 17408 ----a-w- C:\Windows\System32\esxcdev.dll
2012-02-11 14:53:55 128392 ----a-w- C:\Windows\System32\esdevapp.exe
2012-02-11 14:53:55 -------- d-----w- C:\Program Files (x86)\epson
2012-02-11 00:47:53 -------- d-----w- C:\Windows\Downloaded Installations
2012-02-10 22:30:08 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:30:06 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
2012-02-07 20:49:19 -------- d-----w- C:\_OTL
2012-02-02 22:19:50 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-02 22:09:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-02-02 21:45:16 -------- d-----w- C:\Windows\pss
2012-02-02 19:38:12 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-02-02 19:38:10 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-02 19:38:09 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-02-02 19:37:35 -------- d-----w- C:\ProgramData\PC Tools
2012-02-02 19:37:33 -------- d-----w- C:\Users\Owner\AppData\Roaming\TestApp
2012-02-02 19:36:47 -------- d-----w- C:\Program Files (x86)\Binnerup Consult
2012-02-02 19:30:02 -------- d-----w- C:\ProgramData\CPA_VA
2012-02-02 18:17:02 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 16:58:09 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-02-02 16:57:52 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-02 16:57:52 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-02 16:28:52 -------- d-----w- C:\ProgramData\IObit
2012-02-01 21:39:46 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-02-01 21:39:42 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-02-01 18:27:51 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
2012-01-30 18:09:01 -------- d-----w- C:\Users\Owner\AppData\Roaming\VideoReDo-TVSuite4
2012-01-30 18:09:01 -------- d-----w- C:\Program Files (x86)\VideoReDoTVSuite4
2012-01-29 22:19:36 -------- d-----w- C:\Program Files\MediaInfo
2012-01-29 22:10:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\AnvSoft
2012-01-28 23:56:44 -------- d-----w- C:\Hauppauge
2012-01-28 23:41:32 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-01-28 19:16:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\Xi
2012-01-28 19:16:42 -------- d-----w- C:\Program Files (x86)\Xi
2012-01-28 18:26:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Hensense.com
2012-01-28 17:45:19 -------- d-----w- C:\Program Files (x86)\GetFLV
2012-01-28 17:36:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Moyea
2012-01-28 17:25:57 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-01-28 17:12:42 -------- d-----w- C:\Program Files (x86)\Freemake
2012-01-28 15:57:56 -------- d-----w- C:\Program Files (x86)\FDRLab
2012-01-28 15:42:54 -------- d-----w- C:\Users\Owner\.streamCapture
2012-01-28 01:21:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-01-28 01:20:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-01-28 01:18:48 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-01-28 01:18:47 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-01-28 01:18:47 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-01-28 01:18:44 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-28 01:18:44 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-28 01:16:24 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-28 01:16:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-27 19:40:28 257784 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40:28 175864 ---ha-w- C:\Windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-01-27 19:40:25 566008 ---ha-w- C:\Windows\System32\BytescoutScreenCapturing.dll
2012-01-27 19:40:25 421624 ---ha-w- C:\Windows\SysWow64\BytescoutScreenCapturing.dll
2012-01-27 19:40:25 361720 ---ha-w- C:\Windows\System32\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40:25 231672 ---ha-w- C:\Windows\System32\BytescoutVideoMixerFilter.dll
2012-01-27 19:40:17 -------- d-----w- C:\Program Files\Apowersoft
2012-01-27 19:01:51 29288 ---ha-w- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys
2012-01-27 19:01:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Apowersoft
2012-01-27 15:42:10 -------- d-----w- C:\Windows\Applian Director
2012-01-27 15:42:09 -------- d-----w- C:\Program Files (x86)\Applian Director
2012-01-27 15:41:59 -------- d-----w- C:\Program Files (x86)\Replay Video Capture
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-27 22:40:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:44:14.83 ===============

 

[Rev1979]

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2011 12:53:57 PM
System Uptime: 2/17/2012 2:22:45 PM (3 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-USB3
Processor: AMD Athlon(tm) II X4 635 Processor | Socket M2 | 2900/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 35.083 GiB free.
D: is FIXED (NTFS) - 1297 GiB total, 240.959 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 1397 GiB total, 11.548 GiB free.
H: is FIXED (NTFS) - 1397 GiB total, 44.165 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 52.358 GiB free.
J: is FIXED (NTFS) - 1397 GiB total, 14.045 GiB free.
K: is FIXED (NTFS) - 1863 GiB total, 160.732 GiB free.
M: is CDROM ()
N: is CDROM ()
O: is Removable
P: is CDROM ()
Q: is CDROM ()
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP145: 2/14/2012 7:20:07 PM - Windows Update
RP146: 2/15/2012 11:00:10 AM - Windows Update
RP147: 2/15/2012 12:10:39 PM - Windows Update
RP148: 2/16/2012 12:59:42 PM - Windows Update
RP149: 2/17/2012 1:01:49 PM - Windows Update
RP150: 2/17/2012 1:33:58 PM - OTL Restore Point
.
==== Installed Programs ======================
.
@BIOS
Acronis*True*Image*Home
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Flash Player 11 Plugin
Aimersoft Media Converter(Build 1.4.2.1)
AnalogX MaxMem
Any Video Converter 3.3.4
AnyDVD
Apple Application Support
Apple Software Update
Applian Director
ArcSoft TotalMedia Theatre 5
AudibleManager
Avid Studio
Avid Studio Bonus Content
Avid Studio Plugins
Avid Studio Registration Freebie - Adorage Vol. 11 Selection
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Belarc Advisor 8.2
Beyond TV DVD Burning Foundation
Boris Graffiti
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
D3DX10
Digital Voice Editor 3
DolbyFiles
DVDFab 8.0.9.0 (09/05/2011) Qt
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Rip
Getting Started with Avid Studio MULTILINGUAL
Google Chrome
Hard Disk Sentinel PRO
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV TV Services
High-Definition Video Playback 10
ImagXpress
InterVideo FilterSDK for Hauppauge
Knoll Light Factory EZ Studio
LG Tool Kit
LightScribe System Software
Magic Bullet Looks Studio
Malwarebytes Anti-Malware version 1.60.1.1000
Menu Templates - Starter Kit
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MixPad Audio Mixer
Movie Templates - Starter Kit
Mozilla Firefox 10.0.1 (x86 en-US)
Mozilla Thunderbird 10.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Movies for Windows Media Center
nanoPEG-Editor 2.6.0 for WinTV
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero Disc Copy Gadget
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero PhotoSnap
Nero Recode
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero Rescue Agent
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero ShowTime
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero StartSmart OEM
Nero Update
Nero Vision
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroBurningROM
NeroExpress
neroxml
NetTransport 2.96c.620
NewBlue Video Essentials Special for Studio
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ON_OFF Charge B10.0427.1
Pinnacle Creative Pack Volume 1
Pinnacle Creative Pack Volume 2
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Studio 14
Pinnacle Studio Ultimate Collection Plugins
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
proDAD Mercalli 1.0
proDAD Vitascene 1.0
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Renesas Electronics USB 3.0 Host Controller Driver
Replay Video Capture
Revo Uninstaller 1.93
ScoreFitter Volume 1
ScoreFitter Volume 2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Smart Defrag 2
SnapStream Beyond TV 4.9.2
Snapstream Firefly 1.2.1.916
SnapStream Firefly Mini 1.0.2
SoundTrax
STOIK Video Converter 2
Studio Premium Pack 1
SureThing Express Labeler
Switch Sound File Converter
TeamViewer 7
Trapcode 3DStroke Studio
Trapcode Particular Studio
Trapcode Shine Studio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoReDo TVSuite Version 3.20.2.616
VideoReDo TVSuite Version 4.20.7.629
Virtual CD v10
VirtualCloneDrive
Visual Studio 2005 Redist Package
VLC media player 1.1.11
VOB2MPG PRO
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WM Recorder
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 2:24:02 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
2/17/2012 2:21:30 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/17/2012 2:12:31 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/17/2012 1:33:03 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
2/14/2012 7:00:24 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on cannot be read.
2/13/2012 11:38:09 AM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: fe80:0000:0000:0000:e126:1795:7bb2:e33e.
2/11/2012 6:20:23 PM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s).
2/11/2012 12:17:07 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).
2/11/2012 10:22:19 AM, Error: Schannel [36887] - The following fatal alert was received: 42.
2/10/2012 10:20:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

 

[Rev1979]

ESET no log

 

[Bobbye]

Combofix is on the desktop: C:\Users\Owner\Desktop\ComboFix.exeC:\Users\Owner\Desktop\ComboFix.exe. Please run again.

NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode. If it won't run, go one to #2.

2. Delete Combofix file, download fresh one, but rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.

3.See which one of the following runs. You do not need to download all three versions:
This is a slight variation on the RKill:
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.exe
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, add the following:

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
(Directions courtesy bleeping computer)

4. With both RKill and exehelper on board:
Go right to the renamed (Combofix) and double click on friday.exe to run
If it won't run in Normal Mode, run BOTH tools from safe mode, then try the double click on friday.exe to run.

If successful, please leave RKill, Exehelper and Combofix logs.

 

[Rev1979]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/20/2012 at 12:30:45.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 02/20/2012 at 12:30:56.

 

[Rev1979]

exeHelper by Raktor
Build 20100414
Run at 12:32:06 on 02/20/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

 

[Rev1979]

ComboFix 12-02-19.02 - Owner 02/20/2012 12:33:59.7.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4012 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-20 17:45 . 2012-02-20 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 19:31 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B77D1A7E-30FF-454D-8448-7D46F10E5642}\mpengine.dll
2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-19 17:57 . 2008-11-12 08:00 118784 ----a-w- c:\windows\system32\E_ILMGYA.DLL
2012-02-19 17:57 . 2009-10-01 08:01 88064 ----a-w- c:\windows\system32\E_IBCBGYA.DLL
2012-02-17 19:52 . 2012-02-17 19:52 -------- d-----w- c:\program files (x86)\ESET
2012-02-17 19:28 . 2012-02-20 17:53 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-15 22:32 . 2012-02-15 22:32 -------- d-----w- c:\programdata\FLEXnet
2012-02-15 17:10 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:10 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:10 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:10 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:10 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:09 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:09 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 19:37 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WinPcap
2012-02-14 17:40 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WMR14
2012-02-13 22:13 . 2012-02-13 22:17 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-02-13 16:27 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 01:44 . 2012-02-13 01:44 -------- d-----w- c:\users\Owner\AppData\Roaming\TeamViewer
2012-02-13 01:41 . 2012-02-13 01:41 -------- d-----w- c:\program files (x86)\TeamViewer
2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
2012-02-11 14:54 . 2012-02-19 17:58 -------- d-----w- c:\programdata\EPSON
2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
2012-02-02 22:19 . 2012-01-06 02:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-01 18:27 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5362664-BA60-4893-A505-D04FDE12C52E}\mpengine.dll
2012-01-30 18:09 . 2012-02-20 02:59 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
2012-01-28 01:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-20_16.58.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-02-20 17:49 44248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-20 17:01 . 2012-02-20 17:49 14816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
+ 2011-07-20 17:54 . 2012-02-20 17:46 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-07-20 17:54 . 2012-02-20 16:54 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-20 17:47 . 2012-02-20 17:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-20 16:54 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-20 17:46 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-02-19 23:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-20 17:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-07-22 14:39 . 2012-02-20 16:54 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
+ 2011-07-22 14:39 . 2012-02-20 17:46 10077204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;
IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
FF - prefs.js: browser.search.selectedEngine - ESV Bible
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\progra~2\COMMON~1\SNAPST~1\Common\x10nets.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe
c:\program files (x86)\Virtual CD v10\System\vc10fwd.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
c:\program files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
.
**************************************************************************
.
Completion time: 2012-02-20 13:47:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-20 18:47
ComboFix2.txt 2012-02-20 17:28
ComboFix3.txt 2012-02-12 01:59
ComboFix4.txt 2012-02-12 00:24
ComboFix5.txt 2012-02-20 17:33
.
Pre-Run: 41,473,179,648 bytes free
Post-Run: 41,433,329,664 bytes free
.
- - End Of File - - BFE2307A2DA2AF79F3A1A539BE1746B6

 

[Rev1979]

Anything else?

 

[Bobbye]

Still some malware but it looks like the hijack to the fake Google page is resolved:

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
c:\windows\system32\drivers\hitmanpro36.sys
c:\windows\system32\drivers\18676779.sys
c:\windows\BDTSupport.dll0208.old
c:\windows\SGDetectionTool.dll0208.old
c:\windows\PCTBDCore.dll0208.old
ADS::
C:\ProgramData\Temp:3440EB47
C:\ProgramData\TempFC5A2B2

FileLook::
c:\windows\system32\DRIVERS\vdrv1000.sys 
Extra::
File::
Firefox::
Firefox-: - Profile- FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
Firefox-: - prefs.js- Search.DefaultURL 
Firefox-: - prefs.js- Startup.Homepage
DDS::
uInternet Settings,ProxyOverride = <-loopback>;

Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Short, last scans:
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
================================
Download Security Check by screen317 and save to the desktop

• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt please
• Post the contents of that document.

================================
HijackThis: First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
====================================
Tell me about this please: C:\Users\Owner\AppData\Roaming\Hensense.com

A larger Chinese site is available at the root URL. The site appears to be that of an individual, likely based in China or Taiwan.
Hensense.com produces CooJah a product to extract video or music from download streams.
Download videos with Coojah> The program installs a sniffer that captures all network resources requested by the computer and difficult resources are easily downloadable. It's like debugging tool Dragonfly from Opera, just that one step further in detection.
"We start the installation...will be in chinese, but as the installers are traced from each other, there will be not problems."

Have you intentionally installed this? Have you considered that it may be a source of your malware?

Logs in next reply please.

 

[Bobbye]

Sorry- forgot one:

Clear Firefox Cache

1. Open Firefox> Click on Tools> Options
2. Select the Advanced panel.
3. Click on the Network tab
4. In the Offline Storage section, click Clear Now.

We want to make sure the search site is gone from Firefox.

 

[Rev1979]

ComboFix 12-02-24.02 - Owner 02/24/2012 22:35:10.8.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.6142.4233 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\BDTSupport.dll0208.old"
"c:\windows\PCTBDCore.dll0208.old"
"c:\windows\SGDetectionTool.dll0208.old"
"c:\windows\system32\drivers\18676779.sys"
"c:\windows\system32\drivers\hitmanpro36.sys"
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 03:47 . 2012-02-25 03:47 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-25 03:47 . 2012-02-25 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 14:51 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-02-24 14:51 . 2009-08-20 04:50 52568 ----a-r- c:\windows\system32\AdobePDF.dll
2012-02-24 14:49 . 2009-02-27 17:55 111992 ----a-w- c:\windows\SysWow64\acaptuser32.dll
2012-02-23 20:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE38380C-AA93-415A-B9F0-7806DF8E60DD}\mpengine.dll
2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files\iPod
2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files\iTunes
2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files (x86)\iTunes
2012-02-22 22:35 . 2012-02-22 22:35 -------- d-----w- c:\program files (x86)\Bonjour
2012-02-22 22:35 . 2012-02-22 22:35 -------- d-----w- c:\program files\Bonjour
2012-02-20 20:25 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94A7BAB8-80A8-4300-8BAE-669031529976}\mpengine.dll
2012-02-19 17:58 . 2012-02-19 17:58 -------- d-----w- c:\program files\Common Files\EPSON
2012-02-19 17:57 . 2008-11-12 08:00 118784 ----a-w- c:\windows\system32\E_ILMGYA.DLL
2012-02-19 17:57 . 2009-10-01 08:01 88064 ----a-w- c:\windows\system32\E_IBCBGYA.DLL
2012-02-17 19:52 . 2012-02-17 19:52 -------- d-----w- c:\program files (x86)\ESET
2012-02-17 19:28 . 2012-02-25 03:55 5544 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-15 22:32 . 2012-02-15 22:32 -------- d-----w- c:\programdata\FLEXnet
2012-02-15 17:10 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:10 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 17:10 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:10 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:10 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 17:10 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 17:09 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:09 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 19:37 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WinPcap
2012-02-14 17:40 . 2012-02-14 19:37 -------- d-----w- c:\program files (x86)\WMR14
2012-02-13 22:13 . 2012-02-13 22:17 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-02-13 16:27 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 01:44 . 2012-02-13 01:44 -------- d-----w- c:\users\Owner\AppData\Roaming\TeamViewer
2012-02-13 01:41 . 2012-02-13 01:41 -------- d-----w- c:\program files (x86)\TeamViewer
2012-02-11 23:32 . 2012-02-11 23:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Epson
2012-02-11 20:46 . 2012-02-11 20:46 -------- d-----w- c:\program files (x86)\nanoPEG for WinTV
2012-02-11 15:05 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2012-02-11 14:54 . 2012-02-11 15:00 -------- d-----w- c:\program files (x86)\Epson Software
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-02-11 14:54 . 2006-10-31 05:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-02-11 14:54 . 2006-10-20 05:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-02-11 14:54 . 2006-10-20 05:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-02-11 14:54 . 2006-10-20 05:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-02-11 14:54 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMFRA.DLL
2012-02-11 14:54 . 2008-11-12 07:00 81920 ----a-w- c:\windows\system32\E_IBCBFRA.DLL
2012-02-11 14:54 . 2012-02-19 17:58 -------- d-----w- c:\programdata\EPSON
2012-02-11 14:53 . 2012-02-11 14:55 -------- d-----w- c:\program files (x86)\epson
2012-02-11 14:53 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2012-02-11 14:53 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-02-11 14:53 . 2008-11-17 05:00 459776 ----a-w- c:\windows\system32\esxwiaud.dll
2012-02-11 00:47 . 2012-02-11 00:47 -------- d-----w- c:\windows\Downloaded Installations
2012-02-10 22:30 . 2012-02-01 21:40 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-10 22:30 . 2012-02-10 22:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BDAE80B-2CB4-48A0-ADEF-3E2C89AD24C5}\gapaengine.dll
2012-02-07 20:49 . 2012-02-07 20:49 -------- d-----w- C:\_OTL
2012-02-02 22:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-02 22:09 . 2012-02-02 22:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-02 19:38 . 2012-01-11 21:19 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-02-02 19:38 . 2012-02-03 00:29 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-02 19:38 . 2012-02-02 21:51 -------- d-----w- c:\program files (x86)\PC Tools
2012-02-02 19:37 . 2012-02-03 00:27 -------- d-----w- c:\programdata\PC Tools
2012-02-02 19:37 . 2012-02-02 19:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TestApp
2012-02-02 19:36 . 2012-02-02 19:36 -------- d-----w- c:\program files (x86)\Binnerup Consult
2012-02-02 19:30 . 2012-02-03 23:47 -------- d-----w- c:\programdata\CPA_VA
2012-02-02 18:17 . 2012-02-02 18:17 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 16:58 . 2012-02-02 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-02-02 16:57 . 2012-02-09 16:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-02 16:57 . 2012-02-02 16:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-02 16:28 . 2012-02-02 16:28 -------- d-----w- c:\programdata\IObit
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-01 21:39 . 2012-02-01 21:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-30 18:09 . 2012-02-24 02:32 -------- d-----w- c:\users\Owner\AppData\Roaming\VideoReDo-TVSuite4
2012-01-30 18:09 . 2012-01-30 18:11 -------- d-----w- c:\program files (x86)\VideoReDoTVSuite4
2012-01-29 22:19 . 2012-01-29 22:19 -------- d-----w- c:\program files\MediaInfo
2012-01-29 22:10 . 2012-01-29 22:10 -------- d-----w- c:\users\Owner\AppData\Roaming\AnvSoft
2012-01-28 23:56 . 2012-01-28 23:56 -------- d-----w- C:\Hauppauge
2012-01-28 23:41 . 2012-01-28 23:41 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Xi
2012-01-28 19:16 . 2012-01-28 19:16 -------- d-----w- c:\program files (x86)\Xi
2012-01-28 18:26 . 2012-01-28 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Hensense.com
2012-01-28 17:45 . 2012-01-28 23:55 -------- d-----w- c:\program files (x86)\GetFLV
2012-01-28 17:36 . 2012-01-28 17:36 -------- d-----w- c:\users\Owner\AppData\Roaming\Moyea
2012-01-28 17:26 . 2012-01-28 17:27 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2012-01-28 17:25 . 2012-01-28 17:25 -------- d-----w- c:\program files (x86)\VideoLAN
2012-01-28 17:12 . 2012-02-11 17:19 -------- d-----w- c:\program files (x86)\Freemake
2012-01-28 15:57 . 2012-01-28 15:57 -------- d-----w- c:\program files (x86)\FDRLab
2012-01-28 15:42 . 2012-01-28 15:42 -------- d-----w- c:\users\Owner\.streamCapture
2012-01-28 01:21 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-28 01:20 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-28 01:18 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-28 01:18 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-28 01:18 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-28 01:18 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-28 01:18 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-28 01:16 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-28 01:16 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-27 19:40 . 2011-08-23 01:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2011-08-23 01:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2012-01-27 19:40 . 2011-08-23 01:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2012-01-27 19:40 . 2011-07-08 06:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2012-01-27 19:40 . 2012-01-27 19:40 -------- d-----w- c:\program files\Apowersoft
2012-01-27 19:05 . 2012-01-27 19:05 -------- d-----w- c:\windows\system32\Macromed
2012-01-27 19:01 . 2012-01-27 19:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Apowersoft
2012-01-27 19:01 . 2010-12-24 16:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\windows\Applian Director
2012-01-27 15:42 . 2012-01-27 15:42 -------- d-----w- c:\program files (x86)\Applian Director
2012-01-27 15:41 . 2012-01-27 18:54 -------- d-----w- c:\program files (x86)\Replay Video Capture
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 07:13 . 2012-02-25 04:02 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4445CEC1-F8CD-4895-8302-771363C05F24}\mpengine.dll
2012-01-29 10:10 . 2011-07-20 17:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 22:40 . 2011-07-22 19:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\DRIVERS\vdrv1000.sys ---
Company: H+H Software GmbH
File Description: Virtual CD - XP / 2003 / Vista Driver 64-Bit
File Version: 10.0.0.78
Product Name: Virtual CD
Copyright: Copyright © 2000-2008 by H+H Software GmbH
Original Filename: VDRV1000.SYS
File size: 220696
Created time: 2011-07-26 01:29
Modified time: 2009-08-24 15:45
MD5: 7439DEC2107430657350C8F2A20FE7CC
SHA1: 9AA337A9FE011E4AE08EC50F5680137F30390A43
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-20_16.58.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-12 15:20 . 2011-07-12 15:20 50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows\SysWOW64\jdns_sd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows\SysWOW64\dnssd.dll
- 2011-07-12 15:20 . 2011-07-12 15:20 73064 c:\windows\SysWOW64\dnssd.dll
- 2011-07-12 15:20 . 2011-07-12 15:20 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows\SysWOW64\dns-sd.exe
+ 2009-07-14 05:10 . 2012-02-25 03:52 44248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-20 17:01 . 2012-02-25 03:52 14904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3986105127-79878375-3251353310-1000_UserData.bin
+ 2011-07-25 17:48 . 2009-08-19 20:06 36488 c:\windows\system32\spool\drivers\x64\3\ADREGP.DLL
- 2011-07-25 17:48 . 2008-04-07 09:38 24416 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
+ 2011-07-25 17:48 . 2009-08-20 04:50 24416 c:\windows\system32\spool\drivers\x64\3\AdobePDFUI.dll
+ 2011-07-25 17:48 . 2009-08-20 04:50 52568 c:\windows\system32\spool\drivers\x64\3\AdobePdf.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 61288 c:\windows\system32\jdns_sd.dll
- 2011-07-12 15:34 . 2011-07-12 15:34 61288 c:\windows\system32\jdns_sd.dll
- 2009-07-14 05:30 . 2012-02-19 17:57 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-02-24 14:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 12:06 . 2011-05-10 12:06 51712 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaapl64.sys
+ 2011-05-10 12:06 . 2011-05-10 12:06 22528 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\netaapl64.sys
+ 2012-02-24 14:51 . 2009-08-20 04:50 24416 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64Vista\AdobePDFUI.dll
+ 2012-02-24 14:51 . 2009-08-20 04:50 52568 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64Vista\AdobePdf.dll
+ 2012-02-24 14:51 . 2009-08-19 20:06 36488 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64\ADREGP.DLL
- 2011-07-12 15:34 . 2011-07-12 15:34 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 85864 c:\windows\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 96104 c:\windows\system32\dns-sd.exe
- 2011-07-12 15:34 . 2011-07-12 15:34 96104 c:\windows\system32\dns-sd.exe
+ 2011-07-20 19:52 . 2012-02-21 15:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-20 19:52 . 2012-02-15 18:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-21 15:52 . 2012-02-21 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-15 18:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-21 15:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-20 16:54 . 2012-02-20 07:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-20 16:54 . 2012-02-24 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-20 16:54 . 2012-02-20 07:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-20 16:54 . 2012-02-24 19:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-20 16:54 . 2012-02-24 19:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-20 16:54 . 2012-02-20 07:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-25 17:48 . 2011-07-25 17:48 65536 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
+ 2011-07-25 17:48 . 2012-02-24 14:51 65536 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\_SC_A3DReviewer.exe
- 2011-07-20 17:54 . 2012-02-20 16:54 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-20 17:54 . 2012-02-25 03:48 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 03:51 . 2012-02-25 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-25 03:51 . 2012-02-25 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-20 16:56 . 2012-02-20 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-12 15:20 . 2011-07-12 15:20 178536 c:\windows\SysWOW64\dnssdX.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows\SysWOW64\dnssdX.dll
+ 2009-07-14 01:18 . 2009-07-14 01:41 629760 c:\windows\system32\spool\drivers\x64\3\PSCRIPT5.DLL
+ 2011-07-25 17:48 . 2009-08-20 04:48 219504 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
- 2011-07-25 17:48 . 2008-04-07 09:37 219504 c:\windows\system32\spool\drivers\x64\3\ADUIGP.DLL
+ 2009-07-14 05:30 . 2012-02-24 14:51 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-19 17:57 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-02-24 14:51 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-19 17:57 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-02-24 14:51 . 2009-08-20 04:48 219504 c:\windows\system32\DriverStore\FileRepository\adobepdf.inf_amd64_neutral_111c9da0d3cbdcb2\Amd64\ADUIGP.DLL
+ 2011-08-31 04:05 . 2011-08-31 04:05 212840 c:\windows\system32\dnssdX.dll
- 2011-07-12 15:34 . 2011-07-12 15:34 212840 c:\windows\system32\dnssdX.dll
+ 2009-07-14 05:01 . 2012-02-25 03:48 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-02-20 16:54 352384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-25 17:48 . 2012-02-24 14:51 335872 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
- 2011-07-25 17:48 . 2011-07-25 17:48 335872 c:\windows\Installer\{AC76BA86-1033-F400-7761-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2012-02-22 22:38 . 2012-02-22 22:38 380928 c:\windows\Installer\{5E11C972-1E76-45FE-8F92-14E0D1140B1B}\iTunesIco.exe
+ 2011-09-14 09:54 . 2011-09-14 09:54 236904 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn_x64.dll
+ 2011-09-14 09:54 . 2011-09-14 09:54 227176 c:\windows\Installer\$PatchCache$\Managed\638401577CACE4443AE9F3455191245F\4.0.0\OutlookChangeNotifierAddIn.dll
+ 2011-05-10 12:06 . 2011-05-10 12:06 4517664 c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_f9d62789100b9e9b\usbaaplrc.dll
+ 2011-04-08 18:59 . 2011-04-08 18:59 1721576 c:\windows\system32\DriverStore\FileRepository\netaapl64.inf_amd64_neutral_dc2cbd989eec1514\wdfcoinstaller01009.dll
+ 2011-11-15 01:12 . 2011-11-15 01:12 2682368 c:\windows\Installer\adaf153.msi
+ 2009-07-14 02:34 . 2012-02-24 15:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-02-19 23:41 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-07-22 14:39 . 2012-02-25 03:48 10209637 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3986105127-79878375-3251353310-1000-12288.dat
+ 2012-01-18 23:49 . 2012-01-18 23:49 44700672 c:\windows\Installer\adafbf2.msi
+ 2011-11-15 01:09 . 2011-11-15 01:09 11081728 c:\windows\Installer\adaf1b4.msi
+ 2011-11-29 21:38 . 2011-11-29 21:38 20304896 c:\windows\Installer\adaf0d1.msi
+ 2012-02-16 14:18 . 2012-02-16 14:18 37180928 c:\windows\Installer\1378c60c.msp
+ 2012-02-16 14:17 . 2012-02-16 14:17 125502976 c:\windows\Installer\1378c60d.msp
+ 2012-02-17 18:33 . 2012-02-17 18:33 169328128 c:\windows\Installer\1378c60b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-07-24 5201528]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-14 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-07-24 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"Firefly"="c:\program files (x86)\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 180224]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2009-10-08 383304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"My Movies Tray"="c:\program files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe" [2011-08-01 351952]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MaxMem.lnk - c:\program files (x86)\AnalogX\MaxMem\maxmem.exe [2011-7-23 125424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Beyond TV.lnk - c:\program files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe [2010-3-14 397312]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2011-7-24 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/24 13:04;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-05-14 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-07-20 30528]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-07-22 3246040]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-01-19 8704]
S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2009-10-08 145224]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
S3 AvsBluebird;FusionHDTV USB, AVStream Capture;c:\windows\system32\drivers\bluebird64.sys [x]
S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB264.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 17:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3986105127-79878375-3251353310-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-13 22:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\i4y12bxe.default\
FF - prefs.js: browser.search.selectedEngine - ESV Bible
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-02-24 23:18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-25 04:17
ComboFix2.txt 2012-02-20 18:48
ComboFix3.txt 2012-02-20 17:28
ComboFix4.txt 2012-02-12 01:59
ComboFix5.txt 2012-02-25 03:33
.
Pre-Run: 40,204,193,792 bytes free
Post-Run: 39,902,322,688 bytes free
.
- - End Of File - - 9A447A9FCDF8DD8402E698D1AFAB3D98

 

[Rev1979]

ESET No threats found

 

[Rev1979]

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 11.1.102.55
Mozilla Firefox (10.0.2)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

 

[Rev1979]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:19 AM, on 2/25/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSettingsService.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVTaskManagerService.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVNetworkService.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVSchedulerService.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files (x86)\Virtual CD v10\System\vc10fwd.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVRecordingEngine.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Firefly] C:\Program Files (x86)\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [My Movies Tray] "C:\Program Files (x86)\Binnerup Consult\My Movies for Windows Media Center\My Movies Tray.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MaxMem.lnk = C:\Program Files (x86)\AnalogX\MaxMem\maxmem.exe
O4 - Global Startup: Beyond TV.lnk = C:\Program Files (x86)\SnapStream Media\Beyond TV\BTVAgent2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TotalMedia Server.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C594EBF4-FDDA-4BA9-878E-6AF148579B05}: NameServer = 8.26.56.26,156.154.70.22
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2011/07/24 13:04:19 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~2\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
aO23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~2\COMMON~1\SNAPST~1\Common\x10nets.exe

--
End of file - 12928 bytes

 

[Rev1979]

Tell me about this please: C:\Users\Owner\AppData\Roaming\Hensense.com

Installed ... didn't work, uninstalled a month ago

 

[Bobbye]

Okay, that entry is still on the system Suggest you ues Windows Explorer to access Computer> Local Drive> then you will have to unhide the files:

Show Hidden Files and Folders in Windows Vista and Windows 7:

• Click on the Start button and select Computer
• Press the Alt key on your keyboard and click on Tools
• Select Folder Options
• Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
• Next, uncheck the box next to Hide protected operating system files (Recommended)
• Then, uncheck the box next to Hide extensions for known filetypes
• Click on Yes to Confirm
• Click Apply then click OK
• Go you Documents & Settings> Choose User name
• Double click on AppDate,
• Find the file> C:\Users\Owner\AppData\Roaming\Hensense.com
• Do a right click> Delete.

--------------------
Please rehide the files.
=================================
HijackThis is okay and we finally got rid of the search hijack! If there are no other problems, you can Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
  [o] Click START> then RUN
  [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• Download OTCleanIt by OldTimer and save it to your Desktop.
  [o] Double click OTCleanIt.exe.
  [o] Click the CleanUp! button.
  [o] If you are prompted to Reboot during the cleanup, select Yes.
  [o]The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• Set a new, clean Restore Point
  [o] Click on Start> right click on Computer> Properties
  [o] Select System Protection
  [o] Click on the Create button (near bottom)
  [o] Type a name for the Restore Point
  [o] Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
  [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
  [o] Click Disk Cleanup from there.
  
  
  
  [o] Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
  [o] Click the More Options tab
  
  
  
  [o] Click the Clean up under System Restore and Shadow Copies.
  [o] Click OK.
  [o] You will get a confirmation screen> Just click Delete.
  [o] Click OK on the Disk Cleanup Screen.
  [o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
========================================
Have a look below- you could use added security: especially in #4:
You may find the following helpful: (Links are Bold Blue)
Tips for added security and safer browsing:

1. Browser Security
   [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer[/url]
   [o] Use a Site Advisor..
   Have layered Security:
2. Antivirus Software(only one):
   [o] Comodo AV
   [o]Avast Free
   [o]Microsoft Security Essentials
3. Firewall (only one)
   [o] Zone Alarm Free
   [o]Comodo Firewall Free
4. Antispyware/Security: I recommend all of the following:
   [o]Spywareblaster:Protects against bad ActiveX.
   [o]IE/Spyad Restricts bad domains.
   [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Popup Stopper
5. Stay current on updates:
   [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
   [o] Adobe Reade. Uninstall old.
   [o]Java Uninstall old.
6. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
7. Do regular Maintenance
   [o]To include Disc Cleanup, Defrag, Error Check/
8. Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribuneor
   [o]TFC
9. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
   [*] Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

Please let me know if you find any bad links.

Let me know if you have any questions.

 

[Rev1979]

Thank you very much.


+-+-+-+

A few issues:

Restore Point failed - image attached ... after reboot and turning on MS Security Essentials Restore point succeeded

http://www.bleepingcomputer.com/tutorials/tutorial102.htm - 404 ERROR: Page Not Found!

http://www.bleepingcomputer.com/tutorials/using-ie-spyad-to-enhance-your-privacy/ seems out of date and doesn't seem to correspond with what I found at the download link on that page (http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD)

Google Toolbar Discontinued http://www.google.com/toolbar/ff/index.html

ID doesn't exist http://www.atribune.org/ccount/click.php?id=1 (AND site says "This program is for XP and Windows 2000 only")

 

[Bobbye]

You're very welcome!

Thank you very much for telling me about the outdated material. I am updating it now. My bad- sometimes there isn't enough time to recheck the references, but I appreciate your help.

Google TB isn't available for Firefox as of v5. I still have FF v3 and Google TB is fine
There is a Google Toolbar for Internet Explorer, but only IE 7 and IE8. Looks like they've taken the best features off!> http://www.google.com/toolbar., including resident spell checker and popup blocker. Fortunately, Firefox has some coverage for both.

I had to beat it to death but I stopped the Google TB Update and Notifier. It is worrisome though because although I have deleted, blocked, removed those features,I still occasionally find it back in my Startup Menu.
-------------------------------
As for the Restore Point, I've not seen that message before. But it mentioned it was a 'transient' problem and glad to hear you were able to do it.

FYI: Between Google and Microsoft, I get the feeling I am being manipulated and/or 'controlled.' That has never set well for me and sadly I see it increasing!

Peace