Solved: PC malfunctioning from malware

bombolinis · 20-Nov-2010, 01:19 AM #1

Hello everyone I am new to the forum and I hope you can assist me in resolving this issues.

A Spybot S&D found this > "Microsoft.WindowsSecurityCenter_disabled and I or it cannot fix it.

2- B- Kaspersky tell me with a pop up that does not go away no matter what I select that a process is trying to inject into another process.

3- C- cannot access in run > services.msc tells me ActiveX control cannot be displayed and won’t open to access files.

4- D- And other things that are probably related to the issue.

I am including with this post a files from HJD results at the bottom of this post. HJD report on Nov. 20-2010 12:51 AM for your review. The HJD report file is also attached for your convenience.

Thank you in advance and wish you all Happy Holidays ahead.
Bombo

-------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:07 AM, on 11/20/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Microsoft User\Downloads\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.bombolinis.com:2095/w...=1290122505614
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [cdloader] "C:\Users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFE82~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9350 bytes

emeraldnzl · 21-Nov-2010, 12:30 AM #2

Hello bombolinis

Welcome to TSG.

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

Code:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so.
- o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

So when you return please post
MBAM log

the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

bombolinis · 21-Nov-2010, 08:07 PM #3

Thank you so much for your speedy assistance to me.
Reports are as follows>

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5166

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/21/2010 7:45:57 PM
mbam-log-2010-11-21 (19-45-57).txt

Scan type: Quick scan
Objects scanned: 164761
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b 5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Assoc iations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Assoc iations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%...dir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

END OF Malwarebytes
--------------------------------------------
OTL>
OTL logfile created on: 11/21/2010 7:57:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Microsoft User\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 423.09 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

Computer Name: MICROSOFTUSER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 19:56:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft User\Downloads\OTL.exe
PRC - [2010/11/19 20:55:40 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/10/28 13:21:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 13:21:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/07/29 21:32:58 | 000,284,016 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
PRC - [2010/03/15 10:41:30 | 000,442,368 | ---- | M] (Tinnes Software) -- C:\Program Files\Desktop Calendar\Desktop Calendar.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/25 13:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
PRC - [2008/08/01 13:31:12 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (SafeList) ==========

MOD - [2010/11/21 19:56:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft User\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/19 20:55:40 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/11/19 14:34:18 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/09 21:21:50 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010/10/23 16:39:55 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/10/16 08:54:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/01 13:31:12 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 13:31:02 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/11/19 20:55:39 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/11/19 14:34:42 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/05 10:32:06 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/10/15 22:56:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/30 06:58:26 | 000,187,392 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.bombolinis.com:2095/w...=1290122505614
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 94 28 ED 76 87 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://webmail.bombolinis.com:2095/horde/login.php"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedot com: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010/11/16 19:42:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 13:21:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 19:43:17 | 000,000,000 | ---D | M]

[2010/10/15 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Extensions
[2010/11/21 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions
[2010/10/21 23:15:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ 37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/10/15 21:11:14 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ ab91efd4-6975-4081-8552-1b3922ed79e2}
[2010/11/06 17:27:09 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2010/10/15 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\f astdial@telega.phpnet.us
[2010/11/21 00:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/19 21:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/19 20:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/10/19 18:08:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/19 10:20:54 | 000,425,937 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14671 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cdloader] C:\Users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe (Tinnes Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 19:35:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/21 19:35:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/21 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/21 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\BUSSINES CARDS 2010
[2010/11/19 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/11/19 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010/11/19 20:18:12 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/11/19 20:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/11/19 20:13:09 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevEin20.ocx
[2010/11/19 20:13:09 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2010/11/19 20:13:09 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevXPCtl.ocx
[2010/11/19 20:13:09 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010/11/19 20:13:09 | 000,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\threed32.ocx
[2010/11/19 20:13:09 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevImLib.dll
[2010/11/19 20:13:09 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.OCX
[2010/11/19 20:13:09 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/11/19 20:13:09 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevCmd3.ocx
[2010/11/19 20:13:09 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2010/11/19 20:13:09 | 000,115,712 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevClb20.ocx
[2010/11/19 20:13:09 | 000,094,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GRID32.OCX
[2010/11/19 20:13:09 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\System32\SPIN32.OCX
[2010/11/19 20:13:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FLXGDDE.DLL
[2010/11/19 20:13:09 | 000,026,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CTL3D.dll
[2010/11/19 20:13:09 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTDE.DLL
[2010/11/19 20:13:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETDE.DLL
[2010/11/19 20:13:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMDE.DLL
[2010/11/19 20:13:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STDFTDE.DLL
[2010/11/19 20:13:08 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMCTLDE.DLL
[2010/11/19 20:13:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGDE.DLL
[2010/11/19 20:13:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMCT2DE.DLL
[2010/11/19 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\aerosoft
[2010/11/19 15:57:27 | 000,000,000 | ---D | C] -- C:\col3927
[2010/11/19 14:34:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/19 14:25:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/19 13:57:09 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\JOBS APPLIED AND AVAILBLE JOB LIST
[2010/11/18 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Norton Utilities 14
[2010/11/18 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/18 13:07:46 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\SmartFTP
[2010/11/18 02:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
[2010/11/18 01:00:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\GlobalSCAPE
[2010/11/16 19:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/14 20:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Daniusoft
[2010/11/14 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\ImTOO
[2010/11/14 20:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ImTOO
[2010/11/14 20:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
[2010/11/14 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\Daniusoft Video Converter Ultimate
[2010/11/10 10:20:22 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\FinalMediaPlayer
[2010/11/10 10:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
[2010/11/09 15:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/09 10:08:49 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\NEW MALL LINKS TO ADD
[2010/11/08 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\APPLIED AT AFTER AG 2010
[2010/11/08 18:30:22 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\POP UP SHOP LINK
[2010/11/08 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\tjnet
[2010/11/08 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\magicJack
[2010/11/07 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\mjusbsp
[2010/11/06 19:44:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/06 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
[2010/11/06 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner
[2010/11/06 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Little Registry Cleaner
[2010/11/05 18:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonSystemWorks
[2010/11/05 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton SystemWorks Premier Edition
[2010/11/05 18:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/11/05 17:13:35 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Symantec
[2010/11/05 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\DriverGenius
[2010/11/05 15:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/11/05 15:21:05 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
[2010/11/05 15:20:33 | 000,187,392 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys
[2010/11/05 15:15:31 | 002,941,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010/11/05 15:15:30 | 000,061,952 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll
[2010/11/05 15:15:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/11/05 15:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/11/05 15:10:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010/11/05 10:32:06 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/04 23:40:33 | 000,000,000 | ---D | C] -- C:\Intel
[2010/11/04 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\CrashDumps
[2010/11/04 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/04 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
[2010/11/04 00:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/11/03 21:27:46 | 001,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx
[2010/11/03 21:27:46 | 000,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2010/11/03 21:27:45 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010/11/03 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\DriverCure
[2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2010/10/30 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2010/10/30 19:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/30 19:29:46 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DL1
[2010/10/30 19:29:46 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP71.DL1
[2010/10/30 19:29:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCR71.DL1
[2010/10/30 14:53:04 | 000,000,000 | ---D | C] -- C:\LXKZ35
[2010/10/30 14:52:13 | 000,000,000 | ---D | C] -- C:\LEXMARK DRIVERS SETUP
[2010/10/29 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Hewlett-Packard
[2010/10/28 16:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/10/28 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2010/10/28 15:06:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/27 20:49:32 | 000,246,552 | ---- | C] (ForensiT Limited) -- C:\Windows\User Profile Migration Service.exe
[2010/10/27 09:35:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 09:35:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 09:35:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 09:35:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 09:35:13 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/26 23:40:29 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\CREDIT SCORES CJG OCT 2010
[2010/10/25 15:13:40 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/25 15:13:38 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/10/24 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\Wine-email_files
[2010/10/24 16:12:35 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\MACYS INTERVIEW APPOINTMENT Oct 25 10
[2010/10/23 19:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010/10/23 16:24:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/23 16:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/10/23 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/10/23 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/10/23 16:20:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/23 16:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/10/23 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2010/10/23 10:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/22 22:29:33 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2010/10/22 22:26:05 | 000,000,000 | -H-D | C] -- C:\_Backup
[2010/10/22 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Avanquest
[2010/10/22 22:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2010/10/22 22:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/10/22 22:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
[2010/10/22 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\Xenocode
[2010/10/22 21:16:51 | 000,000,000 | --SD | C] -- C:\Users\Microsoft User\Documents\My Webs
[2010/10/20 17:33:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.sys
[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/21 19:53:30 | 000,655,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/21 19:53:30 | 000,120,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/21 19:52:32 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 19:52:32 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 19:48:40 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\Tjtkd.job
[2010/11/21 19:47:31 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2010/11/21 19:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/21 19:47:20 | 1602,985,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 19:35:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/21 18:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/11/21 11:38:54 | 000,040,448 | ---- | M] () -- C:\Users\Microsoft User\Documents\Carlos-J-Gutierrez_Resume_NOV-2010A.doc
[2010/11/21 10:37:04 | 000,013,338 | ---- | M] () -- C:\Users\Microsoft User\Documents\THANK YOU FROM MYSTERY SHOP COMPANIES.docx
[2010/11/21 10:06:42 | 000,000,000 | ---- | M] () -- C:\Users\Microsoft User\AppData\Roaming\wklnhst.dat
[2010/11/19 23:02:41 | 000,000,162 | -H-- | M] () -- C:\Users\Microsoft User\Desktop\~$eshfromgardenRobert Artist 1995 to 2005.docx
[2010/11/19 22:36:04 | 000,013,521 | ---- | M] () -- C:\Users\Microsoft User\Desktop\FreshfromgardenRobert Artist 1995 to 2005.docx
[2010/11/19 20:55:39 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010/11/19 20:55:38 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/19 20:55:38 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/19 20:43:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/19 15:59:48 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2010/11/19 15:59:48 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
[2010/11/19 14:25:53 | 000,001,124 | ---- | M] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/19 14:25:53 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/19 10:58:39 | 000,000,037 | ---- | M] () -- C:\Windows\WinInit.ini
[2010/11/19 10:20:54 | 000,425,937 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/18 23:13:51 | 000,001,903 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Mozilla Firefox.lnk
[2010/11/18 20:14:39 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2010/11/18 17:50:22 | 000,425,937 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101119-102054.backup
[2010/11/18 15:05:14 | 000,000,006 | ---- | M] () -- C:\Users\Microsoft User\AppData\Roaming\completescan
[2010/11/18 14:28:15 | 000,105,984 | RHS- | M] () -- C:\Windows\System32\grpconvd.dll
[2010/11/17 22:01:24 | 000,000,162 | -H-- | M] () -- C:\Users\Microsoft User\Desktop\~$te FTP Pro 8 key.docx
[2010/11/16 20:27:07 | 000,422,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/16 16:47:14 | 000,012,838 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Cute FTP Pro 8 key.docx
[2010/11/15 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
[2010/11/14 21:56:43 | 000,024,576 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Something stupid.doc
[2010/11/13 22:21:12 | 000,101,354 | ---- | M] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg
[2010/11/13 22:20:40 | 000,107,075 | ---- | M] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg
[2010/11/13 13:41:29 | 000,013,747 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Offer of Transport domain letter.docx
[2010/11/13 13:41:08 | 000,014,672 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Offer Transporter Domain to do.docx
[2010/11/12 18:35:42 | 000,425,491 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101118-175022.backup
[2010/11/10 10:20:21 | 000,001,085 | ---- | M] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/11/06 20:33:52 | 000,424,779 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101112-183542.backup
[2010/11/05 17:52:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/11/05 17:52:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/11/05 15:19:57 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010/11/05 10:32:06 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/04 09:29:19 | 000,122,982 | ---- | M] () -- C:\Users\Microsoft User\Documents\FOR RESTAURANT SAMPLE FOR REPORT.pdf
[2010/11/03 21:21:50 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/11/03 21:13:14 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/11/02 18:12:28 | 000,436,421 | ---- | M] () -- C:\Users\Microsoft User\Desktop\MIRIAM-SOPHY-AUDRY-SERGIO.jpg
[2010/10/30 21:15:25 | 000,013,331 | ---- | M] () -- C:\Users\Microsoft User\Documents\You tube malltube1515 videos.docx
[2010/10/30 19:10:06 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2010/10/30 17:11:20 | 000,424,285 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101106-213352.backup
[2010/10/27 23:27:35 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/10/27 20:49:32 | 000,246,552 | ---- | M] (ForensiT Limited) -- C:\Windows\User Profile Migration Service.exe
[2010/10/27 00:35:53 | 007,077,888 | -HS- | M] () -- C:\Users\Microsoft User\NTUSER.BAK
[2010/10/26 15:10:57 | 000,013,071 | ---- | M] () -- C:\Users\Microsoft User\Documents\wioll be a cash purcahse of a alease..docx
[2010/10/25 15:13:40 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/10/25 15:13:38 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/10/23 16:39:55 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/21 19:35:42 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/21 11:38:54 | 000,040,448 | ---- | C] () -- C:\Users\Microsoft User\Documents\Carlos-J-Gutierrez_Resume_NOV-2010A.doc
[2010/11/21 10:06:42 | 000,000,000 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\wklnhst.dat
[2010/11/20 16:48:00 | 000,013,338 | ---- | C] () -- C:\Users\Microsoft User\Documents\THANK YOU FROM MYSTERY SHOP COMPANIES.docx
[2010/11/19 23:02:41 | 000,000,162 | -H-- | C] () -- C:\Users\Microsoft User\Desktop\~$eshfromgardenRobert Artist 1995 to 2005.docx
[2010/11/19 22:36:02 | 000,013,521 | ---- | C] () -- C:\Users\Microsoft User\Desktop\FreshfromgardenRobert Artist 1995 to 2005.docx
[2010/11/19 20:19:04 | 000,115,465 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/11/19 20:19:03 | 000,097,545 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/11/19 20:13:09 | 000,093,696 | ---- | C] () -- C:\Windows\System32\sevCmd3.oca
[2010/11/19 20:13:09 | 000,000,552 | ---- | C] () -- C:\Windows\System32\sevClb20.dep
[2010/11/19 20:13:09 | 000,000,549 | ---- | C] () -- C:\Windows\System32\sevCmd3.dep
[2010/11/19 20:13:09 | 000,000,282 | ---- | C] () -- C:\Windows\System32\sevXPCtl.dep
[2010/11/19 20:13:09 | 000,000,282 | ---- | C] () -- C:\Windows\System32\sevEin20.dep
[2010/11/19 15:59:48 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2010/11/19 15:59:48 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
[2010/11/19 15:19:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/19 14:25:53 | 000,001,124 | ---- | C] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/19 14:25:53 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/18 23:13:51 | 000,001,903 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Mozilla Firefox.lnk
[2010/11/18 20:10:38 | 000,003,072 | ---- | C] () -- C:\Windows\System32\Cache.db
[2010/11/18 15:05:14 | 000,000,006 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\completescan
[2010/11/18 14:28:15 | 000,105,984 | RHS- | C] () -- C:\Windows\System32\grpconvd.dll
[2010/11/18 14:28:15 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\Tjtkd.job
[2010/11/17 22:01:24 | 000,000,162 | -H-- | C] () -- C:\Users\Microsoft User\Desktop\~$te FTP Pro 8 key.docx
[2010/11/17 20:33:35 | 000,000,000 | -HS- | C] () -- C:\Users\Microsoft User\S-1-5-21-4084551734-838963058-3687606045-500.rrr.LOG2
[2010/11/17 20:33:35 | 000,000,000 | -HS- | C] () -- C:\Users\Microsoft User\S-1-5-21-4084551734-838963058-3687606045-500.rrr.LOG1
[2010/11/16 16:47:13 | 000,012,838 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Cute FTP Pro 8 key.docx
[2010/11/14 21:56:41 | 000,024,576 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Something stupid.doc
[2010/11/14 20:33:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\WS_ATLMovie.dll
[2010/11/14 19:41:40 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WSContextMenu.dll
[2010/11/13 13:41:28 | 000,013,747 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Offer of Transport domain letter.docx
[2010/11/13 13:41:08 | 000,014,672 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Offer Transporter Domain to do.docx
[2010/11/10 10:20:24 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2010/11/10 10:20:21 | 000,001,085 | ---- | C] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2010/11/05 18:02:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
[2010/11/05 17:52:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/11/05 17:52:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/11/05 15:21:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/11/05 15:19:57 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/11/05 15:19:57 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/11/05 15:19:57 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010/11/04 09:29:19 | 000,122,982 | ---- | C] () -- C:\Users\Microsoft User\Documents\FOR RESTAURANT SAMPLE FOR REPORT.pdf
[2010/11/03 20:45:31 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/11/03 20:44:45 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2010/11/03 20:44:42 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/11/02 18:12:26 | 000,436,421 | ---- | C] () -- C:\Users\Microsoft User\Desktop\MIRIAM-SOPHY-AUDRY-SERGIO.jpg
[2010/10/30 20:38:24 | 000,013,331 | ---- | C] () -- C:\Users\Microsoft User\Documents\You tube malltube1515 videos.docx
[2010/10/30 19:50:01 | 000,002,432 | ---- | C] () -- C:\Windows\wds.dat
[2010/10/30 19:50:01 | 000,001,680 | ---- | C] () -- C:\Windows\rmt.dat
[2010/10/30 19:49:36 | 000,000,037 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/10/30 19:10:06 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2010/10/27 00:35:35 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DFG.LOG2
[2010/10/27 00:35:35 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DFG.LOG1
[2010/10/26 15:10:55 | 000,013,071 | ---- | C] () -- C:\Users\Microsoft User\Documents\wioll be a cash purcahse of a alease..docx
[2010/10/23 17:08:02 | 000,101,354 | ---- | C] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg
[2010/10/23 17:06:17 | 000,107,075 | ---- | C] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg
[2010/10/23 10:59:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/10/22 22:28:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/22 22:28:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/20 17:33:10 | 000,000,034 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.log
[2010/10/20 17:33:09 | 000,081,920 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\ezpinst.exe
[2010/10/20 17:33:09 | 000,007,176 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.cat
[2010/10/20 17:33:09 | 000,001,144 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.inf
[2010/10/15 19:57:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/15 18:59:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/21 19:47:20 | 1602,985,984 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/20 22:25:53 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2010/11/20 22:25:52 | 000,005,120 | -HS- | M] () -- C:\ntuser.dat.LOG1
[2010/11/18 19:14:19 | 000,000,000 | -HS- | M] () -- C:\ntuser.dat.LOG2
[2010/11/18 19:56:13 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TM.blf
[2010/11/18 19:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TMContainer00000000000000000001.regtrans-ms
[2010/11/18 19:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TMContainer00000000000000000002.regtrans-ms
[2010/11/17 20:34:32 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TM.blf
[2010/11/17 20:34:32 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TMContainer00000000000000000001.regtrans-ms
[2010/11/17 20:34:32 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TMContainer00000000000000000002.regtrans-ms
[2010/11/21 19:47:20 | 2137,317,376 | -HS- | M] () -- C:\pagefile.sys
[2010/11/17 20:33:35 | 000,000,000 | -HS- | M] () -- C:\S-1-5-21-4084551734-838963058-3687606045-1000.rrr.LOG1
[2010/11/17 20:33:35 | 000,000,000 | -HS- | M] () -- C:\S-1-5-21-4084551734-838963058-3687606045-1000.rrr.LOG2

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/11/18 20:14:39 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[16 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/10/16 04:35:57 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/16 17:02:26 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2010-11-18 14:14:39

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg:Updt_SummaryInformation
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP

1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP

287FACF

< End of report >

OTL Extras>
OTL Extras logfile created on: 11/21/2010 7:57:16 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Microsoft User\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 423.09 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

Computer Name: MICROSOFTUSER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks Premier Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"CCleaner" = CCleaner
"Daniusoft Media Converter Ultimate_is1" = Daniusoft Media Converter Ultimate(Build 2.6.1.0)
"Desktop Calendar_is1" = Desktop Calendar
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FinalMediaPlayer_is1" = Final Media Player 2010
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Little Registry Cleaner" = Little Registry Cleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Revo Uninstaller" = Revo Uninstaller 1.90
"SymSetup.{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks (Symantec Corporation)
"Trellian WebPage_is1" = Trellian WebPage
"TVWiz" = Intel(R) TV Wizard
"uTorrent" = µTorrent
"WebDesigner" = Microsoft Expression Web
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2010 3:01:21 PM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
Description =

Error - 11/19/2010 3:56:03 PM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/19/2010 9:14:15 PM | Computer Name = MicrosoftUser | Source = Application Error | ID = 1000
Description = Faulting application name: FSCDbManager.exe, version: 9.0.0.0, time
stamp: 0x4cbf2b90 Faulting module name: comctl32.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c6f635d Exception code: 0xc0000005 Fault offset: 0x72da3ccd Faulting
process id: 0x634 Faulting application start time: 0x01cb88502a36a986 Faulting application
path: C:\Program Files\aerosoft\FSC9\FSCDbManager.exe Faulting module path: comctl32.dll
Report
Id: 7d66ad7c-f443-11df-a876-00252241ef6f

Error - 11/20/2010 1:16:40 AM | Computer Name = MicrosoftUser | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word failed to start correctly
last time. Starting Word in safe mode will help you correct or isolate a startup
problem in order to successfully start the program. Some functionality may be
disabled in this mode. Do you want to start Word in safe mode?.

Error - 11/20/2010 1:27:02 AM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
Description =

Error - 11/20/2010 2:56:16 AM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
Description =

Error - 11/20/2010 4:11:40 AM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/21/2010 2:56:48 AM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/21/2010 3:24:57 PM | Computer Name = MicrosoftUser | Source = Application Error | ID = 1000
Description = Faulting application name: FSCDbManager.exe, version: 9.0.0.0, time
stamp: 0x4cbf2b90 Faulting module name: comctl32.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4c6f635d Exception code: 0xc0000005 Fault offset: 0x6e953ccd Faulting
process id: 0x964 Faulting application start time: 0x01cb89b1a4d52c84 Faulting application
path: C:\Program Files\Aerosoft\FSC9\FSCDbManager.exe Faulting module path: comctl32.dll
Report
Id: 06213b18-f5a5-11df-ad35-00252241ef6f

Error - 11/21/2010 8:40:30 PM | Computer Name = MicrosoftUser | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 11/21/2010 4:21:50 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 11/21/2010 4:21:50 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 11/21/2010 6:24:08 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 11/21/2010 6:24:23 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 11/21/2010 6:24:23 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 11/21/2010 8:30:16 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 11/21/2010 8:30:27 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%2

Error - 11/21/2010 8:30:27 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 11/21/2010 8:47:18 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 11/21/2010 8:47:29 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

< End of report >

There it is, again thanks for your time

bombolinis · 21-Nov-2010, 08:12 PM #4

Actually I have been a members but have not bother you for a long time. I could not find my log in info and just now I just found my old sign in, it is ID "bombo1"
Just FYI
Thank you

emeraldnzl · 21-Nov-2010, 09:02 PM #5

Hello bombolinis,

Quote:

Actually I have been a members but have not bother you for a long time. I could not find my log in info and just now I just found my old sign in, it is ID "bombo1"

I think I like the new name best.

Now

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

bombolinis · 22-Nov-2010, 10:06 AM #6

Hello and thank you for the follow up. Here is the Log requested>
By the way my old log in ID is not active, I could not log in with that name so Bombolinis it is.
--------------------------------------------------

ComboFix 10-11-21.02 - Administrator 11/22/2010 9:49.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1157 [GMT -5:00]
Running from: c:\users\Microsoft User\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Microsoft User\AppData\Roaming\completescan

.
((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-22 14:53 . 2010-11-22 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-22 14:53 . 2010-11-22 14:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-11-22 01:34 . 2010-11-22 01:34 -------- d-----w- c:\program files\SpywareBlaster
2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2010-11-20 01:19 . 2010-11-20 01:55 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-20 01:19 . 2010-11-20 01:55 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-20 01:18 . 2010-11-22 14:11 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\programdata\NortonSystemWorks
2010-11-05 23:02 . 2010-11-20 02:51 -------- d-----w- c:\program files\Norton SystemWorks Premier Edition
2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\program files\Symantec
2010-11-05 22:13 . 2010-11-06 23:23 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Symantec
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2010-10-24 00:01 . 2010-10-24 00:01 -------- d-----w- c:\program files\Smith Micro
2010-10-23 21:21 . 2010-10-23 21:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-23 21:20 . 2010-10-23 21:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-23 21:20 . 2010-10-23 21:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-23 21:19 . 2010-10-23 21:19 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-23 20:17 . 2010-11-15 00:56 -------- d-----w- c:\programdata\xml_param
2010-10-23 15:59 . 2010-10-23 21:39 8192 ----a-w- c:\windows\system32\srvany.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
"cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
"NswUiTray"="c:\program files\Norton SystemWorks Premier Edition\NswUiTray.exe" [2008-09-25 85360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-19 15264]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
S0 AFS;AFS; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_D eviceS(1).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_D eviceS(2).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_D eviceS(3).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_D eviceS(4).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_D eviceS(5).sys [2010-09-14 25704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

2010-11-22 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

2010-11-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Premier Edition\OBC.exe [2008-09-25 18:52]

2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,ed,0d,68,5b,3f,57,4b,a3,9b,ec, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,ed,0d,68,5b,3f,57,4b,a3,9b,ec, \

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-11-22 09:55:48
ComboFix-quarantined-files.txt 2010-11-22 14:55

Pre-Run: 454,111,711,232 bytes free
Post-Run: 453,997,780,992 bytes free

- - End Of File - - 706D29DED60BC07916FB1D7772981B5A

emeraldnzl · 22-Nov-2010, 01:51 PM #7

Hello bombolinis,

Question: Have you put user restrictions on your Firefox browser?

Tell me when you return.

Meantime

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:

KillAll::

REGLOCK:: 
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

bombolinis · 23-Nov-2010, 01:58 AM #8

Hello emeraldnzl

I do not have a password set in Firefox if that is what you mean.
I am the only one that uses my computer.

My PC is running much better, I now want to make sure it is as clean as I can get it or if there is anything else lurking in here!

Do you know what this Dfmatzeb.dll runs? I keep getting a notification from Kasperky AV that there is a process trying to run into another process?

Anyway, with the current issue>

Here is the follow up log with the text file addaed to the CF EXE program>

ComboFix 10-11-22.05 - Administrator 11/23/2010 1:27.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1086 [GMT -5:00]
Running from: c:\users\Microsoft User\Downloads\Programs to fix virus per forum\COMBO FIX PROG AND COMMAND\ComboFix.exe
Command switches used :: c:\users\Microsoft User\Downloads\Programs to fix virus per forum\COMBO FIX PROG AND COMMAND\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-11-22 18:29 . 2010-11-22 18:29 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\CheckPoint
2010-11-22 18:27 . 2010-11-22 18:27 -------- d-----w- c:\program files\Conduit
2010-11-22 18:27 . 2010-11-22 18:28 -------- d-----w- c:\program files\ZoneAlarm_Security
2010-11-22 18:26 . 2010-11-22 18:26 -------- d-----w- c:\program files\CheckPoint
2010-11-22 18:26 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-11-22 18:26 . 2010-09-02 14:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-11-22 18:26 . 2010-09-02 14:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-11-22 18:26 . 2010-09-02 14:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-11-22 18:25 . 2010-11-22 18:29 -------- d-----w- c:\windows\system32\ZoneLabs
2010-11-22 18:25 . 2010-05-15 21:30 461400 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\program files\Zone Labs
2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\programdata\CheckPoint
2010-11-22 18:25 . 2010-11-23 06:34 -------- d-----w- c:\windows\Internet Logs
2010-11-22 01:34 . 2010-11-22 16:18 -------- d-----w- c:\program files\SpywareBlaster
2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2010-11-20 01:19 . 2010-11-20 01:55 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-20 01:19 . 2010-11-20 01:55 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-20 01:18 . 2010-11-23 05:52 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\programdata\NortonSystemWorks
2010-11-05 23:02 . 2010-11-22 16:55 -------- d-----w- c:\program files\Norton SystemWorks Premier Edition
2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\program files\Symantec
2010-11-05 22:13 . 2010-11-06 23:23 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Symantec
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 21:39 . 2010-10-23 15:59 8192 ----a-w- c:\windows\system32\srvany.exe
2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2010-06-14 00:10 2734688 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
"cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
"NswUiTray"="c:\program files\Norton SystemWorks Premier Edition\NswUiTray.exe" [2008-09-25 85360]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
S0 AFS;AFS; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-02 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-02 493048]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_D eviceS(1).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_D eviceS(2).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_D eviceS(3).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_D eviceS(4).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_D eviceS(5).sys [2010-09-14 25704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

2010-11-23 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

2010-11-22 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Premier Edition\OBC.exe [2008-09-25 18:52]

2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPl ugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ 91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
FF - component: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ 91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{04b5c000-df2e-42be-8682-2a9f39c8daa5}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{163968a9-0a82-4a6c-b369-a452477f26a5}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\ControlMDTPrivate]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\Version]
@DACL=(02 0000)
@="8.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\AuxUserType]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\MiscStatus]
@DACL=(02 0000)
@="131072"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{ac929c9f-903b-4904-84e3-eefe47439d49}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Control]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Insertable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\MiscStatus]
@DACL=(02 0000)
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Version]
@DACL=(02 0000)
@="8.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\TypeLib]
@DACL=(02 0000)
@="{8d7902be-835f-42b9-aff4-222660d45ea4}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e05a0ac9-7fb7-481e-b5bb-08e1e35b211d}\Programmable]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\AuxUserType]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DefaultIcon]
@DACL=(02 0000)
@="progman.exe,2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\MiscStatus]
@DACL=(02 0000)
@="131072"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\Verb]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\Automation]
@DACL=(02 0000)
"Basic-Specific"="IVBTextEditSpcific"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msvb7ui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\Automation]
@DACL=(02 0000)
"VBProjects"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\AutomationEvents]
@DACL=(02 0000)
"VBProjectsEvents"="Returns the VBProjectsEvents Object"
"VBProjectItemsEvents"="Returns the VBProjectItemsEvents Object"
"VBReferencesEvents"="Returns the VBReferencesEvents Object"
"VBImportsEvents"="Returns the VBImportsEvents Object"
"VBBuildManagerEvents"="Returns the VBBuildManagerEvents Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{1D76B2E0-F11B-11d2-AFC3-00105A9991EF}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{21af45b0-ffa5-11d0-b63f-00a0c922e851}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{220A4C17-7E7C-4663-BBCC-5E607C6543CD}\Automation]
@DACL=(02 0000)
"DataService"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\ExData]
@DACL=(02 0000)
"{64AC2454-BD18-11d1-87B5-00A0C91E2A46}"="{43B36B80-BE04-11d1-B546-00A0C90F26F7}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\SatelliteDll]
@DACL=(02 0000)
"DllName"=""
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{2DC9DAA9-7F2D-11d2-9BFC-00C04F9901D1}\SatelliteDll]
@DACL=(02 0000)
"DllName"="VsLogUI.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{44E07B02-29A5-11D3-B882-00C04F79F802}\SatelliteDll]
@DACL=(02 0000)
"DllName"="cmddefui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\Automation]
@DACL=(02 0000)
"Help"=""
"Help2"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A9B7E50-AA16-11d0-A8C5-00A0C921A4D2}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{53544C4D-E3F8-4AA0-8195-8A8D16019423}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{588205e0-66e0-11d3-8600-00c04f6123b3}\SatelliteDll]
@DACL=(02 0000)
"DllName"="compsvcspkgui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{777E353A-9971-4506-9D4C-3100F763787D}\SatelliteDll]
@DACL=(02 0000)
"DllName"="vstamui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{87569308-4813-40a0-9cd0-d7a30838ca3f}\Automation]
@DACL=(02 0000)
"XmlProjects"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\IgnorableFiles]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\SatelliteDll]
@DACL=(02 0000)
"DllName"="webdirprjui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\Automation]
@DACL=(02 0000)
"Debugger"="Visual Studio Debugger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\AutomationEvents]
@DACL=(02 0000)
"DebuggerEvents"="Visual Studio Debugger Events"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\SatelliteDll]
@DACL=(02 0000)
"DllName"="VSDebugUI.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\Toolbox]
@DACL=(02 0000)
"Formats"="InPlaceMenuEditorMenu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DE353D20-56EB-11D2-BF19-00C04F79EFBC}\SatelliteDll]
@DACL=(02 0000)
"DllName"="dirprjui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{e8b06f41-6d01-11d2-aa7d-00c04f990343}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{ED8979BC-B02F-4da9-A667-D3256C36220A}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Automation]
@DACL=(02 0000)
"TextEditor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\SatelliteDll]
@DACL=(02 0000)
"DllName"="msenvui.dll"
"Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Toolbox]
@DACL=(02 0000)
"Formats"="1,13,16,HTML Format,MSDEVColumnSelect,MSDEVLineSelect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\Automation]
@DACL=(02 0000)
"CSharpProjects"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\AutomationEvents]
@DACL=(02 0000)
"CSharpProjectsEvents"="Returns the CSharpProjectsEvents Object"
"CSharpProjectItemsEvents"="Returns the CSharpProjectItemsEvents Object"
"CSharpReferencesEvents"="Returns the CSharpReferencesEvents Object"
"CSharpBuildManagerEvents"="Returns the CSharpBuildManagerEvents Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\CommonPropertyPages]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\FileExtensions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\Filters]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\CommonPropertyPages]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\FileExtensions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\Filters]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\MUI]
@DACL=(02 0000)
"0901"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Cleanup\LastRun]
@DACL=(02 0000)
"Time"=hex:00,00,00,00,00,00,00,00
"HRESULT Status"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\22.0]
@DACL=(02 0000)
"SKU"="10066977"

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\Onramp]
@DACL=(02 0000)
"Version"="22.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\PatchInst\NSW]
@DACL=(02 0000)
"ImagePath"="c:\\Program Files\\Norton SystemWorks Premier Edition\\PtchInst.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
@DACL=(02 0000)
"InactiveWait"=dword:00003840
"ActiveWait"=dword:00000005
"MaxNumDailyLogs"=dword:0000000e
"State"=dword:00000000
"RunMode"=dword:000003ec
"TimeStamp"=dword:7fffffff

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SystemWorks\Disable Intro Dialogs]
@DACL=(02 0000)
"Web Cleanup Viewer"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Waves Audio\MaxxAudio]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(556)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(4852)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-11-23 01:39:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 06:39
ComboFix2.txt 2010-11-22 14:55

Pre-Run: 452,540,280,832 bytes free
Post-Run: 452,422,148,096 bytes free

- - End Of File - - E32ABB849834468ED8E8B3F94B3C4CF2

-------------------------------------------------------------------
Thanks for your assistance in this, you guys are phenomenal and Angels!

Wishing you a great Thanksgiving with your family this week and always..

Bombolini's

emeraldnzl · 23-Nov-2010, 02:47 AM #9

Quote:

Do you know what this Dfmatzeb.dll runs?

No but my guess would be either malware or, part of one or your anti-malware programs, possibly Spybot Search & Destroy or ZoneAlarm which is showing up in your ComboFix log. We will check it out.

I think ZoneAlarm must be a left over from and earlier installation. There are also some residues of Symantec there.

Now

You have had Norton Antivirus on your computer at some stage. It has not been properly removed.

Firstly please go to Start > Control Panel > Add or remove Programs (Programs in Vista) and remove all items with Symantec or Norton in the name if any are there.

Then

Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Step 2

Download and use the ZoneAlarm Removal tool

If it can't find anything tell me.

Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:

KillAll::

Folder::
c:\program files\Zone Labs\ZoneAlarm
c:\program files\CheckPoint

REGLOCK:: 
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\User Choice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserCh oice]
[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\User Choice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{04b5c000-df2e-42be-8682-2a9f39c8daa5}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{163968a9-0a82-4a6c-b369-a452477f26a5}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\ControlMDTPrivate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\AuxUserType]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{ac929c9f-903b-4904-84e3-eefe47439d49}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Control]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Insertable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e05a0ac9-7fb7-481e-b5bb-08e1e35b211d}\Programmable]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\AuxUserType]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\Verb]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\AutomationEvents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{1D76B2E0-F11B-11d2-AFC3-00105A9991EF}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{21af45b0-ffa5-11d0-b63f-00a0c922e851}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{220A4C17-7E7C-4663-BBCC-5E607C6543CD}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\ExData]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{2DC9DAA9-7F2D-11d2-9BFC-00C04F9901D1}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{44E07B02-29A5-11D3-B882-00C04F79F802}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A9B7E50-AA16-11d0-A8C5-00A0C921A4D2}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{53544C4D-E3F8-4AA0-8195-8A8D16019423}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{588205e0-66e0-11d3-8600-00c04f6123b3}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{777E353A-9971-4506-9D4C-3100F763787D}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{87569308-4813-40a0-9cd0-d7a30838ca3f}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\IgnorableFiles]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\AutomationEvents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\Toolbox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DE353D20-56EB-11D2-BF19-00C04F79EFBC}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{e8b06f41-6d01-11d2-aa7d-00c04f990343}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{ED8979BC-B02F-4da9-A667-D3256C36220A}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\SatelliteDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Toolbox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\Automation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\AutomationEvents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\CommonPropertyPages]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\FileExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\Filters]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\CommonPropertyPages]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\FileExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\Filters]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\MUI]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Cleanup\LastRun]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\22.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\Onramp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\PatchInst\NSW]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SystemWorks\Disable Intro Dialogs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Waves Audio\MaxxAudio]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Finally in this post

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
```
:filefind
Dfmatzeb.dll
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

So when you return please post
ComboFix.txt

SystemLook.txt

bombolinis · 23-Nov-2010, 02:07 PM **#10**

Hi, Here is the Logs for Zone alarm of Combo Fix>

ComboFix 10-11-22.05 - Administrator 11/23/2010 13:42:14.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1208 [GMT -5:00]
Running from: c:\users\Microsoft User\Downloads\HIGJACK THIS LOG\MALWARE RESSOLUTION FIXES AND TOOL\Script to clean Zone alarm Nov 23\ComboFix.exe
Command switches used :: c:\users\Microsoft User\Downloads\HIGJACK THIS LOG\MALWARE RESSOLUTION FIXES AND TOOL\Script to clean Zone alarm Nov 23\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-11-23 18:31 . 2010-11-23 18:31 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2010-11-23 18:31 . 2010-11-23 18:31 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2010-11-23 18:31 . 2010-11-23 18:31 -------- d-----w- c:\windows\Internet Logs
2010-11-22 18:29 . 2010-11-22 18:29 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\CheckPoint
2010-11-22 18:27 . 2010-11-22 18:27 -------- d-----w- c:\program files\Conduit
2010-11-22 18:26 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\programdata\CheckPoint
2010-11-22 01:34 . 2010-11-22 16:18 -------- d-----w- c:\program files\SpywareBlaster
2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2010-11-20 01:18 . 2010-11-23 18:31 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 21:39 . 2010-10-23 15:59 8192 ----a-w- c:\windows\system32\srvany.exe
2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
"cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-19 15264]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
S0 AFS;AFS; [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_D eviceS(1).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_D eviceS(2).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_D eviceS(3).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_D eviceS(4).sys [2010-09-14 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_D eviceS(5).sys [2010-09-14 25704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

2010-11-23 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserCh oice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\User Choice]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats\GetSet\0]
@DACL=(02 0000)
@="3,1,32,1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats\GetSet\2]
@DACL=(02 0000)
@="Embed Source,1,8,3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates\TemplateDirs\{164B10B9-B200-11D0-8C61-00A0C91E29D5}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates\TemplateDirs\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3988)
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-11-23 13:53:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 18:53
ComboFix2.txt 2010-11-22 14:55

Pre-Run: 451,109,638,144 bytes free
Post-Run: 451,493,814,272 bytes free

- - End Of File - - CA91344989A95836B5FB8FEFE438126F

System look>

SystemLook 04.09.10 by jpshortstuff
Log created at 13:58 on 23/11/2010 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "Dfmatzeb.dll"
No files found.

-= EOF =-

----------------------------

This Dfmatzeb.dll has stop the notification, I think it was a Potable Norton utilities disk that I used that registerd temp files in the Norton System Works folder and it just kept trying to use run withing the main programs' process files?

I completely cleaned the Norton/Symantec Programs now.

Please see if I am clear to go?
Thank you again and many time for your attention and effort for me, friend!

emeraldnzl · 23-Nov-2010, 03:03 PM **#11**

Hello bombolinis,

Making good progress.

Just a bit to clean up (left over from Symantec) and a couple of scans to make sure we haven't missed anything. Then, all going well, we will go to clearing away the tools we have been using in the next post.

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot if it hasn't already done so when it is finished.

Next

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer

Click the green ESET Online Scanner box
Tick the box next to YES, I accept the Terms of Use
You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
Click Start and if your security program asks you if you want to allow the program, click yes.
If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
Copy and paste that log as a reply to this topic

When you return please post
MBAM report

ESET on line scan report

bombolinis · 23-Nov-2010, 07:56 PM **#12**

Hello, Here at the bottom are the last two files you requested. I had to go into RegEdit to remove a lot of Symantec registry files because the program's uninstaller and the Norton Tool to remove would not start and telling me that I had too uninstall but there was no way I was able to uninstall because the remaining program files were not recognized. I finally figured out how to find these files and delete them by hand in order to run the Norton Removal tool. WOW!!
OK here are the log file>

---------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5170

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/23/2010 4:04:57 PM
mbam-log-2010-11-23 (16-04-57).txt

Scan type: Quick scan
Objects scanned: 169735
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------

esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=be171864e6aa954d8464e368fee35295
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-24 12:37:34
# local_time=2010-11-23 07:37:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777214 0 1 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 42100925 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103710
# found=0
# cleaned=0
# scan_time=2920
------------------------------------

Are we there yet?

I am lost with all things I have done with you here. You are a very smart person... I commend you.

emeraldnzl · 23-Nov-2010, 08:12 PM **#13**

Hello again bombolinis,

I think your machine is clean.

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Step 2

Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

Download from here Java Runtime Environment (JDK) Update
Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

Reboot your computer.
You also need to uininstall older versions of Java.
Click Start > Control Panel > Programs
Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

For ease of use, you might consider the following free program:

TFC.exe

---------------------------------------------------------------------------------------------------------------------

To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* Consider using an alternate browser.

Opera may be downloaded from here. It is one of the least targeted of all browers.

Avant may be downloaded from here. Another one that is less well known.

Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
Malwarebytes
SuperAntiSpyWare

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

bombolinis · 24-Nov-2010, 11:15 AM **#14**

Thank you very much "emeraldnzl" for your valuable time my friend.

May all your wishes come true and that others may and will assist you in your needs as you have done for me.
Thank you for knowledge and guidance on this matter.

Bless you and may you and your families have a wonderful Holiday Season now and Always.

Your Tech Forum Friend. Bombolini’s you may look me up by my name here.

emeraldnzl · 24-Nov-2010, 01:34 PM **#15**

Quote:

Thank you very much

You are very welcome.

Similar Threads
Title	Thread Starter	Forum	Replies	Last Post
Can't remove PC Antispyware 2010 from my computer!	emily31	Virus & Other Malware Removal	0	22-Aug-2009 08:22 PM
Really Bad PC Lag, Possibly Malware/Virus	cockistan	Virus & Other Malware Removal	1	16-Jul-2009 07:03 PM
b.exe virus	c.elawa	Virus & Other Malware Removal	2	06-Jul-2009 07:28 PM
Please Help Me Recover my PC From the Depths....	erendo	Windows XP	0	15-Dec-2008 02:07 PM
Solved: Unable to remove Malware from PC - help! :-)	bazzart	Virus & Other Malware Removal	9	10-Aug-2008 06:04 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Solved: PC malfunctioning from malware

Find the solution to your computer problem!

Find the solution to your
computer problem!