1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC malfunctioning from malware

Discussion in 'Virus & Other Malware Removal' started by bombolinis, Nov 20, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    [FONT=&quot]Hello everyone I am new to the forum and I hope you can assist me in resolving this issues. [/FONT]

    [FONT=&quot]A Spybot S&D found this > "Microsoft.WindowsSecurityCenter_disabled and I or it cannot fix it.[/FONT]

    [FONT=&quot]2- B- Kaspersky tell me with a pop up that does not go away no matter what I select that a process is trying to inject into another process.[/FONT]

    [FONT=&quot]3- [/FONT][FONT=&quot]C- cannot access in run > services.msc tells me ActiveX control cannot be displayed and won’t open to access files.[/FONT]

    [FONT=&quot]4- D- And other things that are probably related to the issue.[/FONT]

    [FONT=&quot]I am including with this post a files from HJD results at the bottom of this post. HJD report on Nov. 20-2010 12:51 AM for your review.[/FONT] The [FONT=&quot]HJD report [/FONT]file is also attached for your convenience.

    [FONT=&quot]Thank you in advance and wish you all Happy Holidays ahead. [/FONT]
    [FONT=&quot]Bombo[/FONT]


    -------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:11:07 AM, on 11/20/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16671)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\Desktop Calendar\Desktop Calendar.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Users\Microsoft User\Downloads\HijackThis.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
    O4 - HKLM\..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
    O4 - HKCU\..\Run: [cdloader] "C:\Users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIFE82~1\Office12\REFIEBAR.DLL
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll,,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    --
    End of file - 9350 bytes
     

    Attached Files:

  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello bombolinis

    Welcome to TSG.

    You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

    If you do not have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next
    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      Code:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
      %PROGRAMFILES%\PC-Doctor\Downloads\*.*
      %PROGRAMFILES%\Internet Explorer\*.tmp
      %PROGRAMFILES%\Internet Explorer\*.dat
      %USERPROFILE%\My Documents\*.exe
      %USERPROFILE%\*.exe
      %systemroot%\ADDINS\*.*
      %systemroot%\assembly\*.bak2
      %systemroot%\Config\*.*
      %systemroot%\REPAIR\*.bak2
      %systemroot%\SECURITY\Database\*.sdb /x
      %systemroot%\SYSTEM\*.bak2
      %systemroot%\Web\*.bak2
      %systemroot%\Driver Cache\*.*
      %PROGRAMFILES%\Mozilla Firefox\0*.exe
      %ProgramFiles%\Microsoft Common\*.*
      %ProgramFiles%\TinyProxy.
      %USERPROFILE%\Favorites\*.url /x
      %systemroot%\system32\*.bk
      %systemroot%\*.te
      %systemroot%\system32\system32\*.*
      %ALLUSERSPROFILE%\*.dat /x
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

      • o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
    So when you return please post
    • MBAM log
    • the two OTL logs - OTL.txt and Extras.txt


    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  3. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Thank you so much for your speedy assistance to me.
    Reports are as follows>

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5166

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/21/2010 7:45:57 PM
    mbam-log-2010-11-21 (19-45-57).txt

    Scan type: Quick scan
    Objects scanned: 164761
    Time elapsed: 4 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_application (Hijacker.Application) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    END OF Malwarebytes
    --------------------------------------------
    OTL>
    OTL logfile created on: 11/21/2010 7:57:16 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Microsoft User\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.66 Gb Total Space | 423.09 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

    Computer Name: MICROSOFTUSER | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/21 19:56:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft User\Downloads\OTL.exe
    PRC - [2010/11/19 20:55:40 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    PRC - [2010/10/28 13:21:49 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/28 13:21:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2010/07/29 21:32:58 | 000,284,016 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    PRC - [2010/03/15 10:41:30 | 000,442,368 | ---- | M] (Tinnes Software) -- C:\Program Files\Desktop Calendar\Desktop Calendar.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2008/09/25 13:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
    PRC - [2008/08/01 13:31:12 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/21 19:56:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft User\Downloads\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/19 20:55:40 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
    SRV - [2010/11/19 14:34:18 | 001,375,992 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/09 21:21:50 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
    SRV - [2010/10/23 16:39:55 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
    SRV - [2010/10/16 08:54:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/08/01 13:31:12 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2008/08/01 13:31:02 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/11/19 20:55:39 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2010/11/19 14:34:42 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/11/05 10:32:06 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2010/10/15 22:56:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS)
    DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
    DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
    DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
    DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
    DRV - [2010/09/14 13:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
    DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
    DRV - [2009/07/30 06:58:26 | 000,187,392 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 94 28 ED 76 87 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://webmail.bombolinis.com:2095/horde/login.php"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:2.23b2
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
    FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
    FF - prefs.js..extensions.enabledItems: [email protected]otcom:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736

    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010/11/16 19:42:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 13:21:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 19:43:17 | 000,000,000 | ---D | M]

    [2010/10/15 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Extensions
    [2010/11/21 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions
    [2010/10/21 23:15:48 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/10/15 21:11:14 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2010/11/06 17:27:09 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
    [2010/10/15 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Microsoft User\AppData\Roaming\mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\[email protected]
    [2010/11/21 00:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/19 21:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/11/19 20:19:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2010/10/19 18:08:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/19 10:20:54 | 000,425,937 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14671 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe (Symantec Corporation)
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [cdloader] C:\Users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe (Tinnes Software)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
    O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
    O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sasnative32) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/21 19:35:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/21 19:35:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/21 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/11/21 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\BUSSINES CARDS 2010
    [2010/11/19 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2010/11/19 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2010/11/19 20:18:12 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010/11/19 20:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
    [2010/11/19 20:13:09 | 000,294,400 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevEin20.ocx
    [2010/11/19 20:13:09 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
    [2010/11/19 20:13:09 | 000,233,472 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevXPCtl.ocx
    [2010/11/19 20:13:09 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
    [2010/11/19 20:13:09 | 000,205,848 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\threed32.ocx
    [2010/11/19 20:13:09 | 000,190,464 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevImLib.dll
    [2010/11/19 20:13:09 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.OCX
    [2010/11/19 20:13:09 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
    [2010/11/19 20:13:09 | 000,141,824 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevCmd3.ocx
    [2010/11/19 20:13:09 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
    [2010/11/19 20:13:09 | 000,115,712 | ---- | C] (Tools & Components) -- C:\Windows\System32\sevClb20.ocx
    [2010/11/19 20:13:09 | 000,094,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GRID32.OCX
    [2010/11/19 20:13:09 | 000,057,880 | ---- | C] (Outrider Systems, Inc.) -- C:\Windows\System32\SPIN32.OCX
    [2010/11/19 20:13:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FLXGDDE.DLL
    [2010/11/19 20:13:09 | 000,026,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CTL3D.dll
    [2010/11/19 20:13:09 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTDE.DLL
    [2010/11/19 20:13:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETDE.DLL
    [2010/11/19 20:13:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMDE.DLL
    [2010/11/19 20:13:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STDFTDE.DLL
    [2010/11/19 20:13:08 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMCTLDE.DLL
    [2010/11/19 20:13:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGDE.DLL
    [2010/11/19 20:13:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMCT2DE.DLL
    [2010/11/19 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\aerosoft
    [2010/11/19 15:57:27 | 000,000,000 | ---D | C] -- C:\col3927
    [2010/11/19 14:34:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2010/11/19 14:25:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2010/11/19 13:57:09 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\JOBS APPLIED AND AVAILBLE JOB LIST
    [2010/11/18 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Norton Utilities 14
    [2010/11/18 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2010/11/18 13:07:46 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\SmartFTP
    [2010/11/18 02:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\GlobalSCAPE
    [2010/11/18 01:00:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\GlobalSCAPE
    [2010/11/16 19:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/11/14 20:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Daniusoft
    [2010/11/14 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\ImTOO
    [2010/11/14 20:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ImTOO
    [2010/11/14 20:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\ImTOO
    [2010/11/14 19:41:56 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\Daniusoft Video Converter Ultimate
    [2010/11/10 10:20:22 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\FinalMediaPlayer
    [2010/11/10 10:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
    [2010/11/09 15:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/09 10:08:49 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\NEW MALL LINKS TO ADD
    [2010/11/08 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\APPLIED AT AFTER AG 2010
    [2010/11/08 18:30:22 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\POP UP SHOP LINK
    [2010/11/08 16:52:17 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\tjnet
    [2010/11/08 12:06:28 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\magicJack
    [2010/11/07 13:58:45 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\mjusbsp
    [2010/11/06 19:44:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/11/06 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
    [2010/11/06 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Little Registry Cleaner
    [2010/11/06 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Little Registry Cleaner
    [2010/11/05 18:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonSystemWorks
    [2010/11/05 18:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton SystemWorks Premier Edition
    [2010/11/05 18:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2010/11/05 17:13:35 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Symantec
    [2010/11/05 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\DriverGenius
    [2010/11/05 15:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010/11/05 15:21:05 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll
    [2010/11/05 15:20:33 | 000,187,392 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys
    [2010/11/05 15:15:31 | 002,941,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
    [2010/11/05 15:15:30 | 000,061,952 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\MBWrp32.dll
    [2010/11/05 15:15:29 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
    [2010/11/05 15:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
    [2010/11/05 15:10:36 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
    [2010/11/05 10:32:06 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010/11/04 23:40:33 | 000,000,000 | ---D | C] -- C:\Intel
    [2010/11/04 11:38:49 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\CrashDumps
    [2010/11/04 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/11/04 10:32:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
    [2010/11/04 00:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2010/11/03 21:27:46 | 001,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx
    [2010/11/03 21:27:46 | 000,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
    [2010/11/03 21:27:45 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
    [2010/11/03 20:45:30 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\DriverCure
    [2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2010/11/03 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverCure
    [2010/10/30 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
    [2010/10/30 19:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2010/10/30 19:29:46 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.DL1
    [2010/10/30 19:29:46 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP71.DL1
    [2010/10/30 19:29:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCR71.DL1
    [2010/10/30 14:53:04 | 000,000,000 | ---D | C] -- C:\LXKZ35
    [2010/10/30 14:52:13 | 000,000,000 | ---D | C] -- C:\LEXMARK DRIVERS SETUP
    [2010/10/29 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Hewlett-Packard
    [2010/10/28 16:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
    [2010/10/28 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
    [2010/10/28 15:06:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2010/10/27 20:49:32 | 000,246,552 | ---- | C] (ForensiT Limited) -- C:\Windows\User Profile Migration Service.exe
    [2010/10/27 09:35:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
    [2010/10/27 09:35:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
    [2010/10/27 09:35:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
    [2010/10/27 09:35:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2010/10/27 09:35:13 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
    [2010/10/26 23:40:29 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\CREDIT SCORES CJG OCT 2010
    [2010/10/25 15:13:40 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
    [2010/10/25 15:13:38 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
    [2010/10/24 20:45:13 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Desktop\Wine-email_files
    [2010/10/24 16:12:35 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\Documents\MACYS INTERVIEW APPOINTMENT Oct 25 10
    [2010/10/23 19:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
    [2010/10/23 16:24:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/10/23 16:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2010/10/23 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
    [2010/10/23 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/10/23 16:20:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/10/23 16:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
    [2010/10/23 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
    [2010/10/23 10:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/10/22 22:29:33 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
    [2010/10/22 22:26:05 | 000,000,000 | -H-D | C] -- C:\_Backup
    [2010/10/22 22:26:04 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Roaming\Avanquest
    [2010/10/22 22:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
    [2010/10/22 22:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
    [2010/10/22 22:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AntiVirus
    [2010/10/22 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Microsoft User\AppData\Local\Xenocode
    [2010/10/22 21:16:51 | 000,000,000 | --SD | C] -- C:\Users\Microsoft User\Documents\My Webs
    [2010/10/20 17:33:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.sys
    [16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/21 19:53:30 | 000,655,838 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/21 19:53:30 | 000,120,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/21 19:52:32 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/21 19:52:32 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/21 19:48:40 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\Tjtkd.job
    [2010/11/21 19:47:31 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
    [2010/11/21 19:47:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/21 19:47:20 | 1602,985,984 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/21 19:35:42 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/21 18:00:00 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010/11/21 11:38:54 | 000,040,448 | ---- | M] () -- C:\Users\Microsoft User\Documents\Carlos-J-Gutierrez_Resume_NOV-2010A.doc
    [2010/11/21 10:37:04 | 000,013,338 | ---- | M] () -- C:\Users\Microsoft User\Documents\THANK YOU FROM MYSTERY SHOP COMPANIES.docx
    [2010/11/21 10:06:42 | 000,000,000 | ---- | M] () -- C:\Users\Microsoft User\AppData\Roaming\wklnhst.dat
    [2010/11/19 23:02:41 | 000,000,162 | -H-- | M] () -- C:\Users\Microsoft User\Desktop\~$eshfromgardenRobert Artist 1995 to 2005.docx
    [2010/11/19 22:36:04 | 000,013,521 | ---- | M] () -- C:\Users\Microsoft User\Desktop\FreshfromgardenRobert Artist 1995 to 2005.docx
    [2010/11/19 20:55:39 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
    [2010/11/19 20:55:38 | 000,115,465 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
    [2010/11/19 20:55:38 | 000,097,545 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
    [2010/11/19 20:43:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/11/19 15:59:48 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
    [2010/11/19 15:59:48 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
    [2010/11/19 14:25:53 | 000,001,124 | ---- | M] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/19 14:25:53 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010/11/19 10:58:39 | 000,000,037 | ---- | M] () -- C:\Windows\WinInit.ini
    [2010/11/19 10:20:54 | 000,425,937 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/11/18 23:13:51 | 000,001,903 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Mozilla Firefox.lnk
    [2010/11/18 20:14:39 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
    [2010/11/18 17:50:22 | 000,425,937 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101119-102054.backup
    [2010/11/18 15:05:14 | 000,000,006 | ---- | M] () -- C:\Users\Microsoft User\AppData\Roaming\completescan
    [2010/11/18 14:28:15 | 000,105,984 | RHS- | M] () -- C:\Windows\System32\grpconvd.dll
    [2010/11/17 22:01:24 | 000,000,162 | -H-- | M] () -- C:\Users\Microsoft User\Desktop\~$te FTP Pro 8 key.docx
    [2010/11/16 20:27:07 | 000,422,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/16 16:47:14 | 000,012,838 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Cute FTP Pro 8 key.docx
    [2010/11/15 12:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
    [2010/11/14 21:56:43 | 000,024,576 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Something stupid.doc
    [2010/11/13 22:21:12 | 000,101,354 | ---- | M] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg
    [2010/11/13 22:20:40 | 000,107,075 | ---- | M] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg
    [2010/11/13 13:41:29 | 000,013,747 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Offer of Transport domain letter.docx
    [2010/11/13 13:41:08 | 000,014,672 | ---- | M] () -- C:\Users\Microsoft User\Desktop\Offer Transporter Domain to do.docx
    [2010/11/12 18:35:42 | 000,425,491 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101118-175022.backup
    [2010/11/10 10:20:21 | 000,001,085 | ---- | M] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
    [2010/11/06 20:33:52 | 000,424,779 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101112-183542.backup
    [2010/11/05 17:52:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2010/11/05 17:52:58 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/11/05 15:19:57 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2010/11/05 10:32:06 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2010/11/04 09:29:19 | 000,122,982 | ---- | M] () -- C:\Users\Microsoft User\Documents\FOR RESTAURANT SAMPLE FOR REPORT.pdf
    [2010/11/03 21:21:50 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010/11/03 21:13:14 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
    [2010/11/02 18:12:28 | 000,436,421 | ---- | M] () -- C:\Users\Microsoft User\Desktop\MIRIAM-SOPHY-AUDRY-SERGIO.jpg
    [2010/10/30 21:15:25 | 000,013,331 | ---- | M] () -- C:\Users\Microsoft User\Documents\You tube malltube1515 videos.docx
    [2010/10/30 19:10:06 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
    [2010/10/30 17:11:20 | 000,424,285 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101106-213352.backup
    [2010/10/27 23:27:35 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2010/10/27 20:49:32 | 000,246,552 | ---- | M] (ForensiT Limited) -- C:\Windows\User Profile Migration Service.exe
    [2010/10/27 00:35:53 | 007,077,888 | -HS- | M] () -- C:\Users\Microsoft User\NTUSER.BAK
    [2010/10/26 15:10:57 | 000,013,071 | ---- | M] () -- C:\Users\Microsoft User\Documents\wioll be a cash purcahse of a alease..docx
    [2010/10/25 15:13:40 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
    [2010/10/25 15:13:38 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
    [2010/10/23 16:39:55 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [16 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/21 19:35:42 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/21 11:38:54 | 000,040,448 | ---- | C] () -- C:\Users\Microsoft User\Documents\Carlos-J-Gutierrez_Resume_NOV-2010A.doc
    [2010/11/21 10:06:42 | 000,000,000 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\wklnhst.dat
    [2010/11/20 16:48:00 | 000,013,338 | ---- | C] () -- C:\Users\Microsoft User\Documents\THANK YOU FROM MYSTERY SHOP COMPANIES.docx
    [2010/11/19 23:02:41 | 000,000,162 | -H-- | C] () -- C:\Users\Microsoft User\Desktop\~$eshfromgardenRobert Artist 1995 to 2005.docx
    [2010/11/19 22:36:02 | 000,013,521 | ---- | C] () -- C:\Users\Microsoft User\Desktop\FreshfromgardenRobert Artist 1995 to 2005.docx
    [2010/11/19 20:19:04 | 000,115,465 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
    [2010/11/19 20:19:03 | 000,097,545 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
    [2010/11/19 20:13:09 | 000,093,696 | ---- | C] () -- C:\Windows\System32\sevCmd3.oca
    [2010/11/19 20:13:09 | 000,000,552 | ---- | C] () -- C:\Windows\System32\sevClb20.dep
    [2010/11/19 20:13:09 | 000,000,549 | ---- | C] () -- C:\Windows\System32\sevCmd3.dep
    [2010/11/19 20:13:09 | 000,000,282 | ---- | C] () -- C:\Windows\System32\sevXPCtl.dep
    [2010/11/19 20:13:09 | 000,000,282 | ---- | C] () -- C:\Windows\System32\sevEin20.dep
    [2010/11/19 15:59:48 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
    [2010/11/19 15:59:48 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
    [2010/11/19 15:19:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
    [2010/11/19 14:25:53 | 000,001,124 | ---- | C] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2010/11/19 14:25:53 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2010/11/18 23:13:51 | 000,001,903 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Mozilla Firefox.lnk
    [2010/11/18 20:10:38 | 000,003,072 | ---- | C] () -- C:\Windows\System32\Cache.db
    [2010/11/18 15:05:14 | 000,000,006 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\completescan
    [2010/11/18 14:28:15 | 000,105,984 | RHS- | C] () -- C:\Windows\System32\grpconvd.dll
    [2010/11/18 14:28:15 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\Tjtkd.job
    [2010/11/17 22:01:24 | 000,000,162 | -H-- | C] () -- C:\Users\Microsoft User\Desktop\~$te FTP Pro 8 key.docx
    [2010/11/17 20:33:35 | 000,000,000 | -HS- | C] () -- C:\Users\Microsoft User\S-1-5-21-4084551734-838963058-3687606045-500.rrr.LOG2
    [2010/11/17 20:33:35 | 000,000,000 | -HS- | C] () -- C:\Users\Microsoft User\S-1-5-21-4084551734-838963058-3687606045-500.rrr.LOG1
    [2010/11/16 16:47:13 | 000,012,838 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Cute FTP Pro 8 key.docx
    [2010/11/14 21:56:41 | 000,024,576 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Something stupid.doc
    [2010/11/14 20:33:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\WS_ATLMovie.dll
    [2010/11/14 19:41:40 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WSContextMenu.dll
    [2010/11/13 13:41:28 | 000,013,747 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Offer of Transport domain letter.docx
    [2010/11/13 13:41:08 | 000,014,672 | ---- | C] () -- C:\Users\Microsoft User\Desktop\Offer Transporter Domain to do.docx
    [2010/11/10 10:20:24 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job
    [2010/11/10 10:20:21 | 000,001,085 | ---- | C] () -- C:\Users\Microsoft User\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
    [2010/11/05 18:02:26 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\Norton SystemWorks One Button Checkup.job
    [2010/11/05 17:52:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2010/11/05 17:52:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/11/05 15:21:04 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/11/05 15:19:57 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2010/11/05 15:19:57 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2010/11/05 15:19:57 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
    [2010/11/04 09:29:19 | 000,122,982 | ---- | C] () -- C:\Users\Microsoft User\Documents\FOR RESTAURANT SAMPLE FOR REPORT.pdf
    [2010/11/03 20:45:31 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2010/11/03 20:44:45 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
    [2010/11/03 20:44:42 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
    [2010/11/02 18:12:26 | 000,436,421 | ---- | C] () -- C:\Users\Microsoft User\Desktop\MIRIAM-SOPHY-AUDRY-SERGIO.jpg
    [2010/10/30 20:38:24 | 000,013,331 | ---- | C] () -- C:\Users\Microsoft User\Documents\You tube malltube1515 videos.docx
    [2010/10/30 19:50:01 | 000,002,432 | ---- | C] () -- C:\Windows\wds.dat
    [2010/10/30 19:50:01 | 000,001,680 | ---- | C] () -- C:\Windows\rmt.dat
    [2010/10/30 19:49:36 | 000,000,037 | ---- | C] () -- C:\Windows\WinInit.ini
    [2010/10/30 19:10:06 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
    [2010/10/27 00:35:35 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DFG.LOG2
    [2010/10/27 00:35:35 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DFG.LOG1
    [2010/10/26 15:10:55 | 000,013,071 | ---- | C] () -- C:\Users\Microsoft User\Documents\wioll be a cash purcahse of a alease..docx
    [2010/10/23 17:08:02 | 000,101,354 | ---- | C] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg
    [2010/10/23 17:06:17 | 000,107,075 | ---- | C] () -- C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg
    [2010/10/23 10:59:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/10/20 17:33:10 | 000,000,034 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.log
    [2010/10/20 17:33:09 | 000,081,920 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\ezpinst.exe
    [2010/10/20 17:33:09 | 000,007,176 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.cat
    [2010/10/20 17:33:09 | 000,001,144 | ---- | C] () -- C:\Users\Microsoft User\AppData\Roaming\pcouffin.inf
    [2010/10/15 19:57:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/10/15 18:59:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/11/21 19:47:20 | 1602,985,984 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/10/22 22:28:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/11/20 22:25:53 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2010/11/20 22:25:52 | 000,005,120 | -HS- | M] () -- C:\ntuser.dat.LOG1
    [2010/11/18 19:14:19 | 000,000,000 | -HS- | M] () -- C:\ntuser.dat.LOG2
    [2010/11/18 19:56:13 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TM.blf
    [2010/11/18 19:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TMContainer00000000000000000001.regtrans-ms
    [2010/11/18 19:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{7cbdb230-f371-11df-a846-00252241ef6f}.TMContainer00000000000000000002.regtrans-ms
    [2010/11/17 20:34:32 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TM.blf
    [2010/11/17 20:34:32 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TMContainer00000000000000000001.regtrans-ms
    [2010/11/17 20:34:32 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e15a73b9-f296-11df-a870-00252241ef6f}.TMContainer00000000000000000002.regtrans-ms
    [2010/11/21 19:47:20 | 2137,317,376 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/17 20:33:35 | 000,000,000 | -HS- | M] () -- C:\S-1-5-21-4084551734-838963058-3687606045-1000.rrr.LOG1
    [2010/11/17 20:33:35 | 000,000,000 | -HS- | M] () -- C:\S-1-5-21-4084551734-838963058-3687606045-1000.rrr.LOG2

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2010/11/18 20:14:39 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
    [16 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/16 04:35:57 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/16 17:02:26 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-18 14:14:39

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 304 bytes -> C:\Users\Microsoft User\Desktop\BucamentBay-Incone-resort-Investmmnets.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 304 bytes -> C:\Users\Microsoft User\Desktop\BucamentBay-Bar_Restaurants.jpg:Updt_SummaryInformation
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:D287FACF

    < End of report >

    OTL Extras>
    OTL Extras logfile created on: 11/21/2010 7:57:16 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Microsoft User\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.66 Gb Total Space | 423.09 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

    Computer Name: MICROSOFTUSER | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" %*
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Key error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1
    "" =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
    "{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
    "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
    "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks Premier Edition
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface
    "CCleaner" = CCleaner
    "Daniusoft Media Converter Ultimate_is1" = Daniusoft Media Converter Ultimate(Build 2.6.1.0)
    "Desktop Calendar_is1" = Desktop Calendar
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "FinalMediaPlayer_is1" = Final Media Player 2010
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
    "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
    "Little Registry Cleaner" = Little Registry Cleaner
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SymSetup.{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks (Symantec Corporation)
    "Trellian WebPage_is1" = Trellian WebPage
    "TVWiz" = Intel(R) TV Wizard
    "uTorrent" = µTorrent
    "WebDesigner" = Microsoft Expression Web
    "Works2004Setup" = Microsoft Works 2004 Setup Launcher

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/19/2010 3:01:21 PM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
    Description =

    Error - 11/19/2010 3:56:03 PM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 11/19/2010 9:14:15 PM | Computer Name = MicrosoftUser | Source = Application Error | ID = 1000
    Description = Faulting application name: FSCDbManager.exe, version: 9.0.0.0, time
    stamp: 0x4cbf2b90 Faulting module name: comctl32.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c6f635d Exception code: 0xc0000005 Fault offset: 0x72da3ccd Faulting
    process id: 0x634 Faulting application start time: 0x01cb88502a36a986 Faulting application
    path: C:\Program Files\aerosoft\FSC9\FSCDbManager.exe Faulting module path: comctl32.dll
    Report
    Id: 7d66ad7c-f443-11df-a876-00252241ef6f

    Error - 11/20/2010 1:16:40 AM | Computer Name = MicrosoftUser | Source = Microsoft Office 14 | ID = 2000
    Description = Microsoft Word: Accepted Safe Mode action : Word failed to start correctly
    last time. Starting Word in safe mode will help you correct or isolate a startup
    problem in order to successfully start the program. Some functionality may be
    disabled in this mode. Do you want to start Word in safe mode?.

    Error - 11/20/2010 1:27:02 AM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
    Description =

    Error - 11/20/2010 2:56:16 AM | Computer Name = MicrosoftUser | Source = VSS | ID = 8194
    Description =

    Error - 11/20/2010 4:11:40 AM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 11/21/2010 2:56:48 AM | Computer Name = MicrosoftUser | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 11/21/2010 3:24:57 PM | Computer Name = MicrosoftUser | Source = Application Error | ID = 1000
    Description = Faulting application name: FSCDbManager.exe, version: 9.0.0.0, time
    stamp: 0x4cbf2b90 Faulting module name: comctl32.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4c6f635d Exception code: 0xc0000005 Fault offset: 0x6e953ccd Faulting
    process id: 0x964 Faulting application start time: 0x01cb89b1a4d52c84 Faulting application
    path: C:\Program Files\Aerosoft\FSC9\FSCDbManager.exe Faulting module path: comctl32.dll
    Report
    Id: 06213b18-f5a5-11df-ad35-00252241ef6f

    Error - 11/21/2010 8:40:30 PM | Computer Name = MicrosoftUser | Source = Windows Backup | ID = 4103
    Description =

    [ System Events ]
    Error - 11/21/2010 4:21:50 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%2

    Error - 11/21/2010 4:21:50 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058

    Error - 11/21/2010 6:24:08 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 11/21/2010 6:24:23 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%2

    Error - 11/21/2010 6:24:23 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058

    Error - 11/21/2010 8:30:16 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 11/21/2010 8:30:27 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7000
    Description = The MBAMService service failed to start due to the following error:
    %%2

    Error - 11/21/2010 8:30:27 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058

    Error - 11/21/2010 8:47:18 PM | Computer Name = MicrosoftUser | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Some processor performance power management features have been disabled
    due to a known firmware problem. Check with the computer manufacturer for updated
    firmware.

    Error - 11/21/2010 8:47:29 PM | Computer Name = MicrosoftUser | Source = Service Control Manager | ID = 7001
    Description = The SBSD Security Center Service service depends on the Security Center
    service which failed to start because of the following error: %%1058


    < End of report >

    There it is, again thanks for your time
     
  4. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Actually I have been a members but have not bother you for a long time. I could not find my log in info and just now I just found my old sign in, it is ID "bombo1"
    Just FYI
    Thank you
     
  5. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello bombolinis,

    I think I like the new name best. :D

    Now

    Please download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  6. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Hello and thank you for the follow up. Here is the Log requested>
    By the way my old log in ID is not active, I could not log in with that name so Bombolinis it is.
    --------------------------------------------------

    ComboFix 10-11-21.02 - Administrator 11/22/2010 9:49.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1157 [GMT -5:00]
    Running from: c:\users\Microsoft User\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Microsoft User\AppData\Roaming\completescan

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
    .

    2010-11-22 14:53 . 2010-11-22 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-22 14:53 . 2010-11-22 14:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-11-22 01:34 . 2010-11-22 01:34 -------- d-----w- c:\program files\SpywareBlaster
    2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    2010-11-20 01:19 . 2010-11-20 01:55 115465 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-11-20 01:19 . 2010-11-20 01:55 97545 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-11-20 01:18 . 2010-11-22 14:11 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
    2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
    2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
    2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
    2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
    2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
    2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
    2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
    2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
    2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
    2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
    2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
    2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
    2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
    2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
    2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
    2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
    2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
    2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
    2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
    2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
    2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
    2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\programdata\NortonSystemWorks
    2010-11-05 23:02 . 2010-11-20 02:51 -------- d-----w- c:\program files\Norton SystemWorks Premier Edition
    2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\program files\Symantec
    2010-11-05 22:13 . 2010-11-06 23:23 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Symantec
    2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
    2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
    2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
    2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
    2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
    2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
    2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
    2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
    2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
    2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
    2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
    2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
    2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
    2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
    2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
    2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
    2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
    2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
    2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
    2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
    2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
    2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
    2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
    2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
    2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
    2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
    2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
    2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
    2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
    2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
    2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
    2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
    2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
    2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
    2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
    2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
    2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
    2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2010-10-24 00:01 . 2010-10-24 00:01 -------- d-----w- c:\program files\Smith Micro
    2010-10-23 21:21 . 2010-10-23 21:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-10-23 21:20 . 2010-10-23 21:20 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-10-23 21:20 . 2010-10-23 21:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-10-23 21:19 . 2010-10-23 21:19 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-10-23 20:17 . 2010-11-15 00:56 -------- d-----w- c:\programdata\xml_param
    2010-10-23 15:59 . 2010-10-23 21:39 8192 ----a-w- c:\windows\system32\srvany.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
    2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
    2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
    2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
    "cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
    "NswUiTray"="c:\program files\Norton SystemWorks Premier Edition\NswUiTray.exe" [2008-09-25 85360]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-19 15264]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
    S0 AFS;AFS; [x]
    S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

    2010-11-22 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

    2010-11-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
    - c:\program files\Norton SystemWorks Premier Edition\OBC.exe [2008-09-25 18:52]

    2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
    FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,ed,0d,68,5b,3f,57,4b,a3,9b,ec,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,ed,0d,68,5b,3f,57,4b,a3,9b,ec,\

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-11-22 09:55:48
    ComboFix-quarantined-files.txt 2010-11-22 14:55

    Pre-Run: 454,111,711,232 bytes free
    Post-Run: 453,997,780,992 bytes free

    - - End Of File - - 706D29DED60BC07916FB1D7772981B5A
     
  7. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello bombolinis,

    Question: Have you put user restrictions on your Firefox browser?

    Tell me when you return.

    Meantime

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    KillAll::
    
    REGLOCK:: 
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]
    
    Registry::
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-
    
    Reboot::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
     
  8. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Hello emeraldnzl

    I do not have a password set in Firefox if that is what you mean.
    I am the only one that uses my computer.

    My PC is running much better, I now want to make sure it is as clean as I can get it or if there is anything else lurking in here!

    Do you know what this Dfmatzeb.dll runs? I keep getting a notification from Kasperky AV that there is a process trying to run into another process? :confused:

    Anyway, with the current issue>

    Here is the follow up log with the text file addaed to the CF EXE program>

    ComboFix 10-11-22.05 - Administrator 11/23/2010 1:27.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1086 [GMT -5:00]
    Running from: c:\users\Microsoft User\Downloads\Programs to fix virus per forum\COMBO FIX PROG AND COMMAND\ComboFix.exe
    Command switches used :: c:\users\Microsoft User\Downloads\Programs to fix virus per forum\COMBO FIX PROG AND COMMAND\CFScript.txt
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
    .

    2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-23 06:33 . 2010-11-23 06:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-11-22 18:29 . 2010-11-22 18:29 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\CheckPoint
    2010-11-22 18:27 . 2010-11-22 18:27 -------- d-----w- c:\program files\Conduit
    2010-11-22 18:27 . 2010-11-22 18:28 -------- d-----w- c:\program files\ZoneAlarm_Security
    2010-11-22 18:26 . 2010-11-22 18:26 -------- d-----w- c:\program files\CheckPoint
    2010-11-22 18:26 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2010-11-22 18:26 . 2010-09-02 14:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
    2010-11-22 18:26 . 2010-09-02 14:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
    2010-11-22 18:26 . 2010-09-02 14:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
    2010-11-22 18:25 . 2010-11-22 18:29 -------- d-----w- c:\windows\system32\ZoneLabs
    2010-11-22 18:25 . 2010-05-15 21:30 461400 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\program files\Zone Labs
    2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\programdata\CheckPoint
    2010-11-22 18:25 . 2010-11-23 06:34 -------- d-----w- c:\windows\Internet Logs
    2010-11-22 01:34 . 2010-11-22 16:18 -------- d-----w- c:\program files\SpywareBlaster
    2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    2010-11-20 01:19 . 2010-11-20 01:55 115465 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-11-20 01:19 . 2010-11-20 01:55 97545 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-11-20 01:18 . 2010-11-23 05:52 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
    2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
    2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
    2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
    2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
    2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
    2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
    2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
    2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
    2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
    2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
    2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
    2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
    2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
    2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
    2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
    2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
    2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
    2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
    2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
    2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
    2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
    2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\programdata\NortonSystemWorks
    2010-11-05 23:02 . 2010-11-22 16:55 -------- d-----w- c:\program files\Norton SystemWorks Premier Edition
    2010-11-05 23:02 . 2010-11-05 23:02 -------- d-----w- c:\program files\Symantec
    2010-11-05 22:13 . 2010-11-06 23:23 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Symantec
    2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
    2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
    2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
    2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
    2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
    2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
    2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
    2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
    2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
    2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
    2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
    2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
    2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
    2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
    2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
    2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
    2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
    2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
    2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
    2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
    2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
    2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
    2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
    2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
    2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
    2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
    2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
    2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
    2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
    2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
    2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
    2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
    2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
    2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
    2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
    2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
    2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
    2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-23 21:39 . 2010-10-23 15:59 8192 ----a-w- c:\windows\system32\srvany.exe
    2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
    2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
    2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
    2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 2734688]

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
    2010-06-14 00:10 2734688 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-06-14 2734688]

    [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
    "cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
    "NswUiTray"="c:\program files\Norton SystemWorks Premier Edition\NswUiTray.exe" [2008-09-25 85360]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
    S0 AFS;AFS; [x]
    S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-09-02 26872]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-09-02 493048]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

    2010-11-23 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

    2010-11-22 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
    - c:\program files\Norton SystemWorks Premier Edition\OBC.exe [2008-09-25 18:52]

    2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
    FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
    FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - component: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
    FF - component: c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{04b5c000-df2e-42be-8682-2a9f39c8daa5}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{163968a9-0a82-4a6c-b369-a452477f26a5}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\ControlMDTPrivate]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\MiscStatus]
    @DACL=(02 0000)
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\Version]
    @DACL=(02 0000)
    @="8.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\AuxUserType]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\MiscStatus]
    @DACL=(02 0000)
    @="131072"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{ac929c9f-903b-4904-84e3-eefe47439d49}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Control]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Insertable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\MiscStatus]
    @DACL=(02 0000)
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Version]
    @DACL=(02 0000)
    @="8.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\TypeLib]
    @DACL=(02 0000)
    @="{8d7902be-835f-42b9-aff4-222660d45ea4}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e05a0ac9-7fb7-481e-b5bb-08e1e35b211d}\Programmable]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\AuxUserType]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DefaultIcon]
    @DACL=(02 0000)
    @="progman.exe,2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\MiscStatus]
    @DACL=(02 0000)
    @="131072"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\Verb]
    @DACL=(02 0000)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\Automation]
    @DACL=(02 0000)
    "Basic-Specific"="IVBTextEditSpcific"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msvb7ui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\Automation]
    @DACL=(02 0000)
    "VBProjects"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\AutomationEvents]
    @DACL=(02 0000)
    "VBProjectsEvents"="Returns the VBProjectsEvents Object"
    "VBProjectItemsEvents"="Returns the VBProjectItemsEvents Object"
    "VBReferencesEvents"="Returns the VBReferencesEvents Object"
    "VBImportsEvents"="Returns the VBImportsEvents Object"
    "VBBuildManagerEvents"="Returns the VBBuildManagerEvents Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{1D76B2E0-F11B-11d2-AFC3-00105A9991EF}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{21af45b0-ffa5-11d0-b63f-00a0c922e851}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{220A4C17-7E7C-4663-BBCC-5E607C6543CD}\Automation]
    @DACL=(02 0000)
    "DataService"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\ExData]
    @DACL=(02 0000)
    "{64AC2454-BD18-11d1-87B5-00A0C91E2A46}"="{43B36B80-BE04-11d1-B546-00A0C90F26F7}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"=""
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{2DC9DAA9-7F2D-11d2-9BFC-00C04F9901D1}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="VsLogUI.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{44E07B02-29A5-11D3-B882-00C04F79F802}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="cmddefui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\Automation]
    @DACL=(02 0000)
    "Help"=""
    "Help2"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A9B7E50-AA16-11d0-A8C5-00A0C921A4D2}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{53544C4D-E3F8-4AA0-8195-8A8D16019423}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{588205e0-66e0-11d3-8600-00c04f6123b3}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="compsvcspkgui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{777E353A-9971-4506-9D4C-3100F763787D}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="vstamui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{87569308-4813-40a0-9cd0-d7a30838ca3f}\Automation]
    @DACL=(02 0000)
    "XmlProjects"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\IgnorableFiles]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="webdirprjui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\Automation]
    @DACL=(02 0000)
    "Debugger"="Visual Studio Debugger"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\AutomationEvents]
    @DACL=(02 0000)
    "DebuggerEvents"="Visual Studio Debugger Events"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="VSDebugUI.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\Toolbox]
    @DACL=(02 0000)
    "Formats"="InPlaceMenuEditorMenu"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DE353D20-56EB-11D2-BF19-00C04F79EFBC}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="dirprjui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\Packages\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{e8b06f41-6d01-11d2-aa7d-00c04f990343}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{ED8979BC-B02F-4da9-A667-D3256C36220A}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Automation]
    @DACL=(02 0000)
    "TextEditor"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\SatelliteDll]
    @DACL=(02 0000)
    "DllName"="msenvui.dll"
    "Path"="c:\\Program Files\\Microsoft Visual Studio 8\\Common7\\IDE\\"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Toolbox]
    @DACL=(02 0000)
    "Formats"="1,13,16,HTML Format,MSDEVColumnSelect,MSDEVLineSelect"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\Automation]
    @DACL=(02 0000)
    "CSharpProjects"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\AutomationEvents]
    @DACL=(02 0000)
    "CSharpProjectsEvents"="Returns the CSharpProjectsEvents Object"
    "CSharpProjectItemsEvents"="Returns the CSharpProjectItemsEvents Object"
    "CSharpReferencesEvents"="Returns the CSharpReferencesEvents Object"
    "CSharpBuildManagerEvents"="Returns the CSharpBuildManagerEvents Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\CommonPropertyPages]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\FileExtensions]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\Filters]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\CommonPropertyPages]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\FileExtensions]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\Filters]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\MUI]
    @DACL=(02 0000)
    "0901"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Cleanup\LastRun]
    @DACL=(02 0000)
    "Time"=hex:00,00,00,00,00,00,00,00
    "HRESULT Status"=hex:00,00,00,00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\22.0]
    @DACL=(02 0000)
    "SKU"="10066977"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\Onramp]
    @DACL=(02 0000)
    "Version"="22.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\PatchInst\NSW]
    @DACL=(02 0000)
    "ImagePath"="c:\\Program Files\\Norton SystemWorks Premier Edition\\PtchInst.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
    @DACL=(02 0000)
    "InactiveWait"=dword:00003840
    "ActiveWait"=dword:00000005
    "MaxNumDailyLogs"=dword:0000000e
    "State"=dword:00000000
    "RunMode"=dword:000003ec
    "TimeStamp"=dword:7fffffff

    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SystemWorks\Disable Intro Dialogs]
    @DACL=(02 0000)
    "Web Cleanup Viewer"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Waves Audio\MaxxAudio]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(556)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'Explorer.exe'(4852)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
    c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-23 01:39:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-23 06:39
    ComboFix2.txt 2010-11-22 14:55

    Pre-Run: 452,540,280,832 bytes free
    Post-Run: 452,422,148,096 bytes free

    - - End Of File - - E32ABB849834468ED8E8B3F94B3C4CF2

    -------------------------------------------------------------------
    Thanks for your assistance in this, you guys are phenomenal and Angels!:rolleyes:
    Wishing you a great Thanksgiving with your family this week and always..

    Bombolini's
     
  9. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    No but my guess would be either malware or, part of one or your anti-malware programs, possibly Spybot Search & Destroy or ZoneAlarm which is showing up in your ComboFix log. We will check it out.

    I think ZoneAlarm must be a left over from and earlier installation. There are also some residues of Symantec there.

    Now

    You have had Norton Antivirus on your computer at some stage. It has not been properly removed.

    Firstly please go to Start > Control Panel > Add or remove Programs (Programs in Vista) and remove all items with Symantec or Norton in the name if any are there.

    Then

    Go here Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

    Step 2

    Download and use the ZoneAlarm Removal tool

    If it can't find anything tell me.

    Next

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    KillAll::
    
    Folder::
    c:\program files\Zone Labs\ZoneAlarm
    c:\program files\CheckPoint
    
    REGLOCK:: 
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\User Choice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserCh oice]
    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\User Choice]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{04b5c000-df2e-42be-8682-2a9f39c8daa5}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{15d5e750-72dc-466c-a1b9-222fbb0c58c0}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{163968a9-0a82-4a6c-b369-a452477f26a5}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{1a5c7e00-a12e-4cb3-9cd2-30597f5f1d8e}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\ControlMDTPrivate]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{3e94c4f7-3bcb-4810-8f3d-ba993731443b}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{4921502a-feb9-4960-8f27-9833942b3de7}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{5a303e2f-b50c-4f84-a3e1-dbeafdabd6a9}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{6eaad443-3795-4f98-a983-e83a573b4e12}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\AuxUserType]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{9e1a60ac-2c3b-45cc-9466-82ceb2bd3518}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{ac929c9f-903b-4904-84e3-eefe47439d49}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{c080bc37-eb1c-466c-8ae0-42756f9e6e92}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Control]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Insertable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{d5474961-c90b-4d5d-a433-45768b3d0444}\Version]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{df4b6a92-088f-4963-b2a4-3da796218782}\TypeLib]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e05a0ac9-7fb7-481e-b5bb-08e1e35b211d}\Programmable]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\AuxUserType]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DefaultIcon]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\MiscStatus]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\Verb]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{019971D6-4685-11D2-B48A-0000F87572EB}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{164B10B9-B200-11D0-8C61-00A0C91E29D5}\AutomationEvents]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{1D76B2E0-F11B-11d2-AFC3-00105A9991EF}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{21af45b0-ffa5-11d0-b63f-00a0c922e851}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{220A4C17-7E7C-4663-BBCC-5E607C6543CD}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\ExData]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{282BD676-8B5B-11D0-8A34-00A0C91E2ACD}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{2DC9DAA9-7F2D-11d2-9BFC-00C04F9901D1}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{44E07B02-29A5-11D3-B882-00C04F79F802}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A791146-19E4-11D3-B86B-00C04F79F802}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{4A9B7E50-AA16-11d0-A8C5-00A0C921A4D2}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{53544C4D-E3F8-4AA0-8195-8A8D16019423}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{588205e0-66e0-11d3-8600-00c04f6123b3}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{777E353A-9971-4506-9D4C-3100F763787D}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{87569308-4813-40a0-9cd0-d7a30838ca3f}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\IgnorableFiles]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{8FF02D1A-C177-4ac8-A62F-88FC6EA65F57}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\AutomationEvents]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{C9DD4A57-47FB-11D2-83E7-00C04F9902C1}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DA9FB551-C724-11d0-AE1F-00A0C90FFFC3}\Toolbox]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{DE353D20-56EB-11D2-BF19-00C04F79EFBC}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{e8b06f41-6d01-11d2-aa7d-00c04f990343}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{ED8979BC-B02F-4da9-A667-D3256C36220A}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\SatelliteDll]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{F5E7E720-1401-11d1-883B-0000F87579D2}\Toolbox]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\Automation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Packages\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}\AutomationEvents]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\CommonPropertyPages]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\FileExtensions]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\Filters]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\CommonPropertyPages]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\FileExtensions]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\Filters]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\MUI]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Cleanup\LastRun]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\22.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton Utilities\Onramp]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\PatchInst\NSW]
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Shared Technology\AutoLiveUpdate]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SystemWorks\Disable Intro Dialogs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Waves Audio\MaxxAudio]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    
    Reboot::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

    Finally in this post

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      Dfmatzeb.dll
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt

    So when you return please post
    • ComboFix.txt
    • SystemLook.txt

     
  10. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Hi, Here is the Logs for Zone alarm of Combo Fix>

    ComboFix 10-11-22.05 - Administrator 11/23/2010 13:42:14.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1208 [GMT -5:00]
    Running from: c:\users\Microsoft User\Downloads\HIGJACK THIS LOG\MALWARE RESSOLUTION FIXES AND TOOL\Script to clean Zone alarm Nov 23\ComboFix.exe
    Command switches used :: c:\users\Microsoft User\Downloads\HIGJACK THIS LOG\MALWARE RESSOLUTION FIXES AND TOOL\Script to clean Zone alarm Nov 23\CFScript.txt
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
    .

    2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-11-23 18:47 . 2010-11-23 18:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2010-11-23 18:31 . 2010-11-23 18:31 97545 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-11-23 18:31 . 2010-11-23 18:31 115465 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-11-23 18:31 . 2010-11-23 18:31 -------- d-----w- c:\windows\Internet Logs
    2010-11-22 18:29 . 2010-11-22 18:29 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\CheckPoint
    2010-11-22 18:27 . 2010-11-22 18:27 -------- d-----w- c:\program files\Conduit
    2010-11-22 18:26 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
    2010-11-22 18:25 . 2010-11-22 18:25 -------- d-----w- c:\programdata\CheckPoint
    2010-11-22 01:34 . 2010-11-22 16:18 -------- d-----w- c:\program files\SpywareBlaster
    2010-11-22 00:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-22 00:35 . 2010-11-22 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-22 00:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-20 01:19 . 2009-10-21 01:34 162320 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    2010-11-20 01:18 . 2010-11-23 18:31 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-11-20 01:18 . 2010-11-20 01:18 -------- d-----w- c:\program files\Kaspersky Lab
    2010-11-20 01:17 . 2010-11-20 01:17 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-11-20 00:48 . 2010-11-20 01:12 -------- d-----w- c:\program files\aerosoft
    2010-11-19 20:57 . 2010-11-19 20:57 -------- d-----w- C:\col3927
    2010-11-19 19:34 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-11-19 19:25 . 2010-11-19 19:25 -------- dc-h--w- c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    2010-11-19 01:14 . 2010-11-19 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Norton Utilities 14
    2010-11-19 01:00 . 2010-11-19 19:08 -------- d-----w- c:\program files\Lavasoft
    2010-11-18 19:28 . 2010-11-18 19:28 105984 --sha-r- c:\windows\system32\grpconvd.dll
    2010-11-18 18:07 . 2010-11-18 18:07 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\SmartFTP
    2010-11-18 14:14 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E2BB72D-971E-4C79-96A4-7411C61ACCA2}\mpengine.dll
    2010-11-18 07:05 . 2010-11-18 07:05 -------- d-----w- c:\program files\GlobalSCAPE
    2010-11-18 06:00 . 2010-11-18 06:00 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\GlobalSCAPE
    2010-11-18 03:14 . 2002-07-25 21:07 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-11-17 00:45 . 2010-11-17 00:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-11-15 01:33 . 2010-04-01 23:55 153088 ----a-w- c:\windows\system32\WS_ATLMovie.dll
    2010-11-15 01:33 . 2010-11-15 01:33 -------- d-----w- c:\program files\Daniusoft
    2010-11-15 01:14 . 2010-11-15 01:14 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\programdata\ImTOO
    2010-11-15 01:13 . 2010-11-15 01:13 -------- d-----w- c:\program files\ImTOO
    2010-11-15 00:41 . 2010-09-14 19:34 153600 ----a-w- c:\windows\system32\WSContextMenu.dll
    2010-11-10 15:20 . 2010-11-10 17:32 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\FinalMediaPlayer
    2010-11-10 15:20 . 2010-11-10 15:20 -------- d-----w- c:\program files\FinalMediaPlayer
    2010-11-09 20:25 . 2010-11-09 20:25 -------- d-----w- c:\program files\CCleaner
    2010-11-08 21:52 . 2010-11-08 21:52 -------- d-----w- c:\users\Microsoft User\AppData\Local\tjnet
    2010-11-08 17:06 . 2010-11-08 17:06 -------- d-----w- c:\users\Microsoft User\AppData\Local\magicJack
    2010-11-07 18:58 . 2010-11-16 21:16 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\mjusbsp
    2010-11-07 00:40 . 2010-11-07 00:40 -------- d-----w- c:\users\Microsoft User\AppData\Local\Little_Apps_(http___www.l
    2010-11-07 00:26 . 2010-11-07 00:26 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
    2010-11-07 00:22 . 2010-11-07 00:22 -------- d-----w- c:\program files\Little Registry Cleaner
    2010-11-05 20:50 . 2010-11-05 20:50 -------- d-----w- c:\program files\Driver-Soft
    2010-11-05 20:21 . 2009-07-22 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-11-05 20:21 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
    2010-11-05 20:20 . 2009-07-30 11:58 187392 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2010-11-05 20:19 . 2008-12-04 15:57 146432 ----a-w- c:\windows\system32\APOMngr.DLL
    2010-11-05 20:19 . 2008-09-17 18:05 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
    2010-11-05 20:15 . 2009-08-18 11:15 2941472 ----a-w- c:\windows\system32\RtkAPO.dll
    2010-11-05 20:15 . 2009-05-14 07:59 61952 ----a-w- c:\windows\system32\MBWrp32.dll
    2010-11-05 20:15 . 2010-11-15 01:36 -------- d--h--w- c:\program files\Temp
    2010-11-05 20:15 . 2010-11-05 20:20 -------- d-----w- c:\program files\Realtek
    2010-11-05 20:10 . 2010-10-05 03:02 53248 ----a-w- c:\windows\system32\CSVer.dll
    2010-11-05 15:32 . 2010-11-05 15:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-11-05 04:40 . 2010-11-05 04:40 -------- d-----w- C:\Intel
    2010-11-04 16:38 . 2010-11-21 19:25 -------- d-----w- c:\users\Microsoft User\AppData\Local\CrashDumps
    2010-11-04 16:22 . 2010-11-04 16:38 -------- d-----w- c:\program files\AVG
    2010-11-04 05:18 . 2010-11-04 05:18 -------- d-----w- c:\programdata\PCSettings
    2010-11-04 02:27 . 2007-09-03 00:56 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
    2010-11-04 02:27 . 2004-06-14 18:56 427864 ----a-w- c:\windows\system32\XceedZip.dll
    2010-11-04 02:27 . 2004-03-09 20:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-11-04 01:45 . 2010-11-04 01:46 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\DriverCure
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\program files\Common Files\ParetoLogic
    2010-11-04 01:44 . 2010-11-04 02:32 -------- d-----w- c:\programdata\DriverCure
    2010-11-04 00:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDEC4E.tmp
    2010-11-03 20:59 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1903.tmp
    2010-11-03 13:50 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDED55.tmp
    2010-11-03 00:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDDF7C.tmp
    2010-11-02 20:58 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD60FE.tmp
    2010-11-02 13:57 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD1CB2.tmp
    2010-11-02 00:11 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD70DA.tmp
    2010-11-01 20:13 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD2C20.tmp
    2010-11-01 13:49 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD7283.tmp
    2010-11-01 02:18 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD3A5F.tmp
    2010-10-31 22:17 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD28C8.tmp
    2010-10-31 13:48 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDCB3C.tmp
    2010-10-31 02:28 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD119.tmp
    2010-10-31 02:22 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUDB36D.tmp
    2010-10-31 02:10 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD179F.tmp
    2010-10-31 00:52 . 2007-07-17 16:21 186256 ----a-w- c:\windows\system32\LUD8CCD.tmp
    2010-10-31 00:49 . 2008-04-17 17:12 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-10-31 00:49 . 2010-10-31 00:49 -------- d-----w- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2010-10-31 00:29 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 503808 ----a-w- c:\windows\system32\MSVCP71.DL1
    2010-10-31 00:29 . 2007-03-22 00:33 348160 ----a-w- c:\windows\system32\MSVCR71.DL1
    2010-10-30 19:53 . 2010-10-30 19:53 -------- d-----w- C:\LXKZ35
    2010-10-30 19:52 . 2010-10-30 19:52 -------- d-----w- C:\LEXMARK DRIVERS SETUP
    2010-10-29 23:37 . 2010-10-29 23:37 -------- d-----w- c:\users\Microsoft User\AppData\Roaming\Hewlett-Packard
    2010-10-28 21:56 . 2010-10-28 21:56 -------- d-----w- c:\program files\Nero
    2010-10-28 20:15 . 2010-10-28 20:18 -------- d-----w- c:\program files\Microsoft Expression
    2010-10-28 01:49 . 2010-10-28 01:49 246552 ----a-w- c:\windows\User Profile Migration Service.exe
    2010-10-27 14:35 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-27 14:35 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-10-27 14:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-27 14:35 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-27 14:35 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2010-10-25 20:13 . 2010-10-25 20:13 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-10-25 20:13 . 2010-10-25 20:13 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2010-10-25 20:13 . 2010-10-25 20:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-23 21:39 . 2010-10-23 15:59 8192 ----a-w- c:\windows\system32\srvany.exe
    2010-10-20 22:33 . 2010-10-20 22:33 81920 ----a-w- c:\users\Microsoft User\AppData\Roaming\ezpinst.exe
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-10-20 22:33 . 2010-10-20 22:33 47360 ----a-w- c:\users\Microsoft User\AppData\Roaming\pcouffin.sys
    2010-10-19 23:08 . 2010-10-19 23:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 15:41 . 2010-10-15 22:59 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-17 01:54 . 2010-10-17 01:54 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-10-16 03:56 . 2010-10-16 03:56 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
    2010-09-14 18:38 . 2010-10-20 22:54 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
    2010-09-14 18:38 . 2010-10-20 22:53 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
    2010-09-14 18:38 . 2010-10-20 22:53 892928 ----a-w- c:\windows\system32\iconv.dll
    2010-09-14 18:38 . 2010-10-20 22:53 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2010-09-14 18:38 . 2010-10-20 22:53 496640 ----a-w- c:\windows\system32\xvid.ax
    2010-09-08 04:30 . 2010-10-16 13:33 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28 . 2010-10-16 13:33 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22 . 2010-10-16 13:33 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48 . 2010-10-16 13:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-01 04:23 . 2010-10-16 13:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-01 02:34 . 2010-10-16 13:32 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 04:32 . 2010-10-16 13:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 04:32 . 2010-10-16 13:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-27 05:46 . 2010-10-16 13:32 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 03:31 . 2010-10-16 13:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-27 03:30 . 2010-10-16 13:32 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-27 03:30 . 2010-10-16 13:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-08-26 04:39 . 2010-10-16 13:33 109056 ----a-w- c:\windows\system32\t2embed.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Desktop Calendar"="c:\program files\Desktop Calendar\Desktop Calendar.exe" [2010-03-15 442368]
    "cdloader"="c:\users\Microsoft User\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
    "TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-30 284016]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-11-19 928496]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-11-20 340520]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-23 8192]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-11-19 15264]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-05 98392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
    S0 AFS;AFS; [x]
    S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-11-19 1375992]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 19472]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-30 187392]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-09-14 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-09-14 25704]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 19:34]

    2010-11-23 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-10 16:25]

    2010-11-21 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

    2010-11-04 c:\windows\Tasks\ParetoLogic Update Version2.job
    - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://webmail.bombolinis.com:2095/webmail/x3/?login=1&gotime=1290122505614
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\users\Microsoft User\AppData\Roaming\Mozilla\Firefox\Profiles\jr9bz2w2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.bombolinis.com:2095/horde/login.php
    FF - component: c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-4084551734-838963058-3687606045-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    @Denied: (2) (S-1-5-21-4084551734-838963058-3687606045-1000)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats\GetSet\0]
    @DACL=(02 0000)
    @="3,1,32,1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\CLSID\{e0d7b2ab-9988-4444-80b5-4a0900582d87}\DataFormats\GetSet\2]
    @DACL=(02 0000)
    @="Embed Source,1,8,3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{F184B08F-C81C-45F6-A57F-5ABD9991F28F}\AddItemTemplates\TemplateDirs\{164B10B9-B200-11D0-8C61-00A0C91E29D5}]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSTA\8.0\Projects\{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\AddItemTemplates\TemplateDirs\{FAE04EC1-301F-11D3-BF4B-00C04F79EFBC}]
    @DACL=(02 0000)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3988)
    c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-11-23 13:53:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-23 18:53
    ComboFix2.txt 2010-11-22 14:55

    Pre-Run: 451,109,638,144 bytes free
    Post-Run: 451,493,814,272 bytes free

    - - End Of File - - CA91344989A95836B5FB8FEFE438126F



    System look>

    SystemLook 04.09.10 by jpshortstuff
    Log created at 13:58 on 23/11/2010 by Administrator
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "Dfmatzeb.dll"
    No files found.

    -= EOF =-

    ----------------------------

    This Dfmatzeb.dll has stop the notification, I think it was a Potable Norton utilities disk that I used that registerd temp files in the Norton System Works folder and it just kept trying to use run withing the main programs' process files?

    I completely cleaned the Norton/Symantec Programs now.

    Please see if I am clear to go?
    Thank you again and many time for your attention and effort for me, friend!:)
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello bombolinis,

    Making good progress.:)

    Just a bit to clean up (left over from Symantec) and a couple of scans to make sure we haven't missed anything. Then, all going well, we will go to clearing away the tools we have been using in the next post.

    Please run OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Reg
      [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      
      :Commands
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot if it hasn't already done so when it is finished.
    Next

    You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

    If you no-longer have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Finally in this post

    Please run a free online scan with the ESET Online Scanner
    Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Click Start and if your security program asks you if you want to allow the program, click yes.
    • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
    • Make sure that the options Remove found threats and Scan archives are checked (do not worry about advanced settings)
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt (open Notepad > File > Open and navigate to the log.txt)
    • Copy and paste that log as a reply to this topic
    When you return please post
    • MBAM report
    • ESET on line scan report
     
  12. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Hello, Here at the bottom are the last two files you requested. I had to go into RegEdit to remove a lot of Symantec registry files because the program's uninstaller and the Norton Tool to remove would not start and telling me that I had too uninstall but there was no way I was able to uninstall because the remaining program files were not recognized. I finally figured out how to find these files and delete them by hand in order to run the Norton Removal tool. WOW!!
    OK here are the log file>

    ---------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5170

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/23/2010 4:04:57 PM
    mbam-log-2010-11-23 (16-04-57).txt

    Scan type: Quick scan
    Objects scanned: 169735
    Time elapsed: 5 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -------------------------------------------

    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=be171864e6aa954d8464e368fee35295
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-24 12:37:34
    # local_time=2010-11-23 07:37:34 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1029 16777214 0 1 0 0 0 0
    # compatibility_mode=1280 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 94 0 42100925 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=103710
    # found=0
    # cleaned=0
    # scan_time=2920
    ------------------------------------

    Are we there yet? :)

    I am lost with all things I have done with you here. You are a very smart person... I commend you.
     
  13. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again bombolinis,

    I think your machine is clean.

    We have a couple of last steps to perform and then you're all set.[​IMG]

    Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

      [​IMG]
    Step 2
    • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
    • Click on the CleanUp! button
    • Click Yes to begin the Cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

    MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep.

    -------------------------------------------------------------------------------------------------------------------

    A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

    -------------------------------------------------------------------------------------------------------------------

    Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

    ---------------------------------------------------------------------------------------------------------------------

    Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.
    • Download from here Java Runtime Environment (JDK) Update
    • Scroll to where it says "Windows XP/Vista/2000/2003/2008 online" and download and follow the instructions to install.

      Reboot your computer.
      You also need to uininstall older versions of Java.
    • Click Start > Control Panel > Programs
    • Remove all Java updates except the latest one you have just installed.
    --------------------------------------------------------------------------------------------------------------------

    Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week.

    For ease of use, you might consider the following free program:---------------------------------------------------------------------------------------------------------------------

    To reduce the amount of fragmentation in your machines file system occasionally run a defragmenter utility. You can use your built in program (Start > Programs > Accessories > System Tools > Disk Defragmentor) or alternatively here is a program you can download and use: Puran Disc Defragmenter

    ---------------------------------------------------------------------------------------------------------------------

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    * Consider using an alternate browser.

    Opera may be downloaded from here. It is one of the least targeted of all browers.

    Avant may be downloaded from here. Another one that is less well known.

    Firefox may be downloaded from Here. I use Firefox because I like it. Used to be one of the safest but now targeted probably as much as IE.

    Adblock Plus is a good Add-on for Firefox that helps prevent those annoying pop ups.

    -----------------------------------------------------------------------------------------------------------------------

    To help protect your computer in the future here are some free programs you can look at:



    • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

      * Click Start > Control Panel > System and Security > Windows Update
      * Under Windows Update click on Turn automatic updating on or off
      * Check items shown to ensure you receive updates automatically. Click OK.

      And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
    • Malwarebytes
    • SuperAntiSpyWare
    Be aware of what emails you open and websites you visit.

    Go here for some good advice about how to prevent infection.

    Have a safe and happy computing day!
     
  14. bombolinis

    bombolinis Thread Starter

    Joined:
    Nov 20, 2010
    Messages:
    22
    Thank you very much "emeraldnzl" for your valuable time my friend.:)

    May all your wishes come true and that others may and will assist you in your needs as you have done for me.
    Thank you for knowledge and guidance on this matter.(y)
    Bless you and may you and your families have a wonderful Holiday Season now and Always.

    Your Tech Forum Friend. Bombolini’s you may look me up by my name here.:cool:
     
  15. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    You are very welcome.:)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/963603