1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Software Installed Itself -- Malware?

Discussion in 'Virus & Other Malware Removal' started by panamahat, Jan 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Hi:

    Not sure if this is the right forum so please redirect me if necessary.

    A program just popped on my system. Actually, it's been there since January 5; I just didn't see it until today.

    The name of the program is Easel and from what I could find on the web and judging by its name, it seems to be a graphics program.

    The fact that it stealth installed itself on my computer makes me want to get rid of it immediately but it's not listed in my programs. I'm reluctant to open it in case it is malware.

    Any suggestions?

    Thanks,
    Jane

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 3061 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
    Hard Drives: C: Total - 269748 MB, Free - 170904 MB; D: Total - 204551 MB, Free - 194247 MB;
    Motherboard: Dell Inc.,
    Antivirus: Panda Cloud Antivirus, Updated and Enabled
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,139
    Try using Revo Uninstaller, there is a free version.
     
  3. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Hi Lunarlander.

    I tried Revo and saw the list of programs it found. The list didn't include Easel. Unfortunately, there is also no more free version of Revo. I remember using it in the past.

    Jane
     
  4. captainron276

    captainron276

    Joined:
    Sep 11, 2010
    Messages:
    3,930
    First Name:
    Ron
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Is that all there is to the name of the program?

    You said it popped up? Exacty what happened for you to notice it?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Could it be Eazel?

    Please download DDS by sUBs to your desktop from the following location:

    http://download.bleepingcomputer.com/sUBs/dds.scr

    Double-click the dds.scr file to run the program.

    It will automatically run in silent mode and then you will see the following note:

    "Two logs shall be created n your Desktop".

    The logs will be named dds.txt and attach.txt.

    Wait until the logs appear and then copy and paste their contents in your post.
     
  7. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Hi again,

    When trying to install Revo, it defaults to a 30-day trial for the pro-version. After I've downlloaded it and can see the programs listed, a popup informs me I have to purchase the program. Not even any reference to the 30-day trial. Maybe I'm looking in the wrong place on the Revo site for the free version but darned if I can find it.

    As to what I was doing when I first saw Easel, I was trying to figure out what to do about my Eset Nod32, which has stopped working.

    The program's complete name is Easel3.2.1.

    Here are the 2 files.

    Many thanks
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/5/2012 1:52:25 PM
    System Uptime: 1/13/2013 5:05:24 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 263 GiB total, 166.749 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 189.695 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.22beta
    Acronis True Image WD*Edition
    Ad-Aware Browsing Protection
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe PhotoDeluxe 2.0
    Adobe Reader X (10.1.5)
    Adobe Type Manager 4.0
    Amazon Kindle
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian Director
    Banshee Screamer Alarm 2.55
    Bonjour
    Bridge From Special K
    Broadcom 440x 10/100 Integrated Controller
    Brother MFL-Pro Suite MFC-295CN
    CamStudio OSS Desktop Recorder
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Dell Resource CD
    ESET NOD32 Antivirus
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet 6500 E710n-z Basic Device Software
    HPDiagnosticCoreDll
    iLivid
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Kindle Previewer
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Media Content
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MozBackup 1.5.1
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 17.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NOOK for PC
    Panda Cloud Antivirus
    Panda Security Toolbar
    PaperPort Image Printer
    PS3 Media Server
    QuickTime
    Replay AV 8
    Replay Converter 4
    Replay Player
    Revo Uninstaller Pro 2.5.9
    ScanSoft PaperPort 11
    SCRABBLE (remove only)
    SCRABBLE PLUS
    Scrabble v2.0
    Scrivener Update
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.0
    Spybot - Search & Destroy
    TouchFreeze
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WinPcap 4.0.2
    YouSendIt Express
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by Jane at 17:22:04 on 2013-01-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1609 [GMT -5:00]
    .
    AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TouchFreeze\TouchFreeze.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\mcbuilder.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dogpile.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
    mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 200.75.200.3 200.75.200.2
    TCP: Interfaces\{8161EA18-F663-45E0-A936-58138F5B1098} : DHCPNameServer = 200.75.200.3 200.75.200.2
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\
    FF - prefs.js: browser.search.selectedEngine - Dogpile
    FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
    FF - prefs.js: keyword.URL - hxxp://www.dogpile.com/search?q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2012-11-21 23:42; [email protected]; c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\extensions\[email protected]
    FF - ExtSQL: 2012-12-08 00:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-01-13 12:23; {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}; c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-11-7 125472]
    R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-12-5 83392]
    R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2012-4-6 4064]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-15 36000]
    R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
    R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-11-9 119208]
    R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-11-9 139176]
    R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-11-9 163112]
    R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-11-9 133544]
    R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-11-9 125480]
    R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-11-9 370216]
    R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-11-9 191528]
    R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-11-9 128040]
    R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-11-9 276520]
    R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-11-9 133928]
    R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2012-11-9 174632]
    R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 221784]
    R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 78936]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2012-4-9 73728]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-15 83392]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-9 21504]
    R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-11-12 140064]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-11-9 149544]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-11-9 104488]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-11-9 114216]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-11-9 123944]
    R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-11-14 36640]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-6 1153368]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
    R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-7-7 10064]
    S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-10-22 29224]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-15 86224]
    S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-15 110032]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-1-13 27192]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 NNSPIHSW;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2012-11-9 74792]
    .
    =============== Created Last 30 ================
    .
    2013-01-13 22:07:16 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
    2013-01-13 19:49:54 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2013-01-13 19:49:51 -------- d-----w- c:\program files\VS Revo Group
    2013-01-13 17:23:47 -------- d-----w- c:\programdata\blekko toolbars
    2013-01-13 17:23:42 -------- d-----w- c:\users\jane\appdata\local\panda4_0dn
    2013-01-13 17:23:37 -------- d-----w- c:\programdata\Panda Security URL Filtering
    2013-01-13 17:23:31 -------- d-----w- c:\program files\Toolbar Cleaner
    2013-01-13 17:23:24 -------- d-----w- c:\users\jane\appdata\roaming\Panda Security
    2013-01-13 17:22:33 -------- d-----w- c:\program files\pandasecuritytb
    2013-01-13 17:20:34 -------- d-----w- c:\programdata\Panda Security
    2013-01-13 17:20:34 -------- d-----w- c:\program files\Panda Security
    2013-01-11 15:46:09 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fc3bdf40-f2d7-408d-a353-e6d8884452d3}\mpengine.dll
    2013-01-10 17:56:21 -------- d-----w- c:\program files\ESET
    2013-01-08 20:49:03 -------- d-----w- c:\users\jane\appdata\local\iLivid
    2013-01-08 20:01:33 2048000 ----a-w- c:\windows\system32\win32k.sys
    2013-01-08 20:00:33 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-08 20:00:30 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-07 23:09:18 -------- d-----w- c:\program files\SigmaTel
    2013-01-07 16:58:17 -------- d-----w- c:\program files\Creative Live! Cam
    2013-01-07 16:56:36 -------- d-----w- c:\program files\Creative
    2012-12-28 02:41:52 580712 ------w- c:\windows\system32\HPDiscoPM5412.dll
    2012-12-28 02:36:50 -------- d-----w- c:\program files\HP
    2012-12-28 02:13:15 -------- d-----w- c:\users\jane\appdata\local\HP
    2012-12-22 16:43:27 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-22 16:43:27 293376 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2012-12-17 15:55:31 -------- d-----w- c:\program files\iPod
    2012-12-17 15:55:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-12-17 15:55:27 -------- d-----w- c:\program files\iTunes
    2012-12-17 01:33:20 -------- d-----w- c:\program files\wp-e-commerce
    .
    ==================== Find3M ====================
    .
    2013-01-09 00:17:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 00:17:47 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-05 17:34:58 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-12-05 17:34:40 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
    2012-12-05 17:34:34 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-11-25 19:24:43 19447048 ----a-w- c:\program files\PDFXVwer.exe
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-10 00:00:49 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys
    2012-11-10 00:00:10 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
    2012-11-10 00:00:10 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
    2012-11-10 00:00:10 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
    2012-11-10 00:00:09 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
    2012-11-09 16:23:58 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
    2012-11-09 16:23:58 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
    2012-11-09 16:23:57 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
    2012-11-09 16:23:57 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
    2012-11-09 16:23:57 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
    2012-11-09 16:23:56 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
    2012-11-09 16:23:56 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
    2012-11-09 16:23:55 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
    2012-11-09 16:23:55 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
    2012-11-09 16:23:55 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
    2012-11-09 16:23:54 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
    2012-11-07 21:33:42 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
    2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
    2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-10-22 17:08:35 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
    2012-04-10 21:55:18 2071600 ----a-w- c:\program files\TDSSKiller.exe
    .
    ============= FINISH: 17:23:30.92 ===============
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished it will ask to reboot so please allow this.

    After the reboot a log will be produced. Please copy and paste the log into your next reply.
     
  9. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Here it is. Thanks, Jane

    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 19:43:43
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Jane - JANE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jane\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
    File Found : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Found : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\MyStart Search.xml
    File Found : C:\Users\Jane\Desktop\iLivid.lnk
    File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
    Folder Found : C:\Program Files\Iminent
    Folder Found : C:\Program Files\Web Assistant
    Folder Found : C:\ProgramData\blekko toolbars
    Folder Found : C:\ProgramData\Iminent
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\Jane\AppData\Local\Ilivid
    Folder Found : C:\Users\Jane\AppData\LocalLow\Search Settings
    Folder Found : C:\Users\Jane\AppData\Roaming\Iminent

    ***** [Registry] *****

    Key Found : HKCU\Software\Headlight
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1708 octets] - [13/01/2013 19:43:43]

    ########## EOF - C:\AdwCleaner[R1].txt - [1768 octets] ##########
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please run it again but this time select the "delete" option and then post the new log.
     
  11. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Here it is:

    # AdwCleaner v2.105 - Logfile created 01/13/2013 at 20:49:29
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Jane - JANE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Jane\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
    File Deleted : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Deleted : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Jane\Desktop\iLivid.lnk
    File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
    Folder Deleted : C:\Program Files\Iminent
    Folder Deleted : C:\Program Files\Web Assistant
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\ProgramData\Iminent
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\Jane\AppData\Local\Ilivid
    Folder Deleted : C:\Users\Jane\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Jane\AppData\Roaming\Iminent

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1837 octets] - [13/01/2013 19:43:43]
    AdwCleaner[S1].txt - [1802 octets] - [13/01/2013 20:49:29]

    ########## EOF - C:\AdwCleaner[S1].txt - [1862 octets] ##########
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  13. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    And here's this one.

    OTL logfile created on: 1/13/2013 9:57:18 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jane\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.84% Memory free
    6.18 Gb Paging File | 5.01 Gb Available in Paging File | 81.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 263.43 Gb Total Space | 166.76 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
    Drive D: | 199.76 Gb Total Space | 189.70 Gb Free Space | 94.96% Space Free | Partition Type: NTFS

    Computer Name: JANE-PC | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/13 21:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jane\Downloads\OTL(1).exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
    PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
    PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    PRC - [2012/10/15 07:52:20 | 000,221,832 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
    PRC - [2011/12/08 17:37:18 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    PRC - [2011/12/08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/01/09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2007/05/08 16:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe
    MOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
    SRV - [2013/01/11 12:36:48 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/08 19:17:49 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
    SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/08 15:45:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/05/08 15:45:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/12/08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/12/08 17:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\stwrt.sys -- (STHDA)
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/12/05 12:34:58 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2012/12/05 12:34:40 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
    DRV - [2012/12/05 12:34:34 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2012/11/09 19:00:49 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
    DRV - [2012/11/09 19:00:10 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
    DRV - [2012/11/09 19:00:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
    DRV - [2012/11/09 19:00:10 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
    DRV - [2012/11/09 19:00:09 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
    DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
    DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
    DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
    DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
    DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
    DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
    DRV - [2012/11/09 11:23:56 | 000,074,792 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
    DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
    DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
    DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
    DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
    DRV - [2012/11/07 16:33:42 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
    DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
    DRV - [2012/10/22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
    DRV - [2012/05/08 15:45:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012/05/08 15:45:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012/03/14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2012/03/14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2011/07/07 15:46:56 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
    DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
    DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
    DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/29 01:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
    DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
    DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\Windows\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {02DCD0C3-F211-4C47-B1C2-15841125E563}
    IE - HKCU\..\SearchScopes\{02DCD0C3-F211-4C47-B1C2-15841125E563}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Dogpile"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
    FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
    FF - prefs.js..extensions.enabledAddons: splitpannel%40max.max:1.00
    FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
    FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
    FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6
    FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.4
    FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.1
    FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
    FF - prefs.js..keyword.URL: "http://www.dogpile.com/search?q="
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/13 12:23:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/14 19:18:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2012/04/05 16:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Extensions
    [2013/01/13 12:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions
    [2012/12/24 11:36:54 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2013/01/13 12:23:24 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
    [2012/12/06 09:55:58 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
    [2013/01/11 10:58:40 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
    [2012/11/21 23:42:50 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
    [2012/05/15 01:27:52 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
    [2012/07/27 18:09:36 | 000,051,397 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
    [2013/01/09 23:40:32 | 000,516,839 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2012/05/15 01:32:11 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
    [2012/12/05 10:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
    [2012/05/15 01:16:00 | 000,002,066 | ---- | M] () -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\dogpile.xml
    [2013/01/11 12:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/11 12:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/11 12:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/01/11 12:36:49 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/19 11:19:41 | 000,444,042 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 15254 more lines...
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
    O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice File not found
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
    O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.75.200.3 200.75.200.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8161EA18-F663-45E0-A936-58138F5B1098}: DhcpNameServer = 200.75.200.3 200.75.200.2
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{dd645fb1-7f4f-11e1-b609-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd645fb1-7f4f-11e1-b609-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/13 20:58:08 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
    [2013/01/13 14:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    [2013/01/13 14:49:54 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
    [2013/01/13 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2013/01/13 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\panda4_0dn
    [2013/01/13 12:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
    [2013/01/13 12:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
    [2013/01/13 12:23:24 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Roaming\Panda Security
    [2013/01/13 12:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\pandasecuritytb
    [2013/01/13 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
    [2013/01/13 12:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2013/01/13 12:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2013/01/11 12:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/10 12:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/01/09 16:50:58 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\My Kindle Content
    [2013/01/08 15:01:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/01/08 15:00:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/01/07 18:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
    [2013/01/07 12:01:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
    [2013/01/07 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
    [2013/01/07 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
    [2013/01/05 21:58:36 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\easel.3.2.1
    [2013/01/05 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\pinboard.1.0.6
    [2012/12/31 19:39:06 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\ESTATE
    [2012/12/28 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\My Barnes & Noble eBooks
    [2012/12/27 21:41:52 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM5412.dll
    [2012/12/27 21:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/12/27 21:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/12/27 21:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/12/27 21:13:15 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\HP
    [2012/12/26 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\Address Book
    [2012/12/26 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\Parties
    [2012/12/22 11:43:27 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/22 11:43:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/21 18:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jane\Desktop\Newest files
    [2012/12/17 10:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/17 10:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/17 10:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/12/17 10:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/12/16 20:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\wp-e-commerce
    [2012/11/12 13:21:04 | 019,447,048 | ---- | C] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe
    [2012/04/10 16:55:18 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/13 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/13 21:03:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/13 21:03:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/13 20:57:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 20:57:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 20:57:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/13 17:06:02 | 000,411,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/13 14:49:56 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2013/01/13 12:08:20 | 000,001,954 | ---- | M] () -- C:\Users\Jane\Desktop\ESET NOD32 Antivirus.lnk
    [2013/01/10 13:53:13 | 000,006,144 | ---- | M] () -- C:\Users\Jane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/09 14:44:13 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/08 19:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/01/08 19:17:47 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/08 15:55:28 | 000,000,830 | ---- | M] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
    [2013/01/08 15:34:23 | 000,177,056 | ---- | M] () -- C:\Users\Jane\AppData\Local\Schedule8.dat
    [2012/12/27 21:55:57 | 000,065,196 | ---- | M] () -- C:\Users\Jane\Desktop\Troubleshoot HP Installation Failure - Network.hta
    [2012/12/27 21:41:50 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
    [2012/12/27 21:19:13 | 000,005,826 | ---- | M] () -- C:\Users\Jane\Desktop\HP Installation Failure 43.hta
    [2012/12/27 21:15:49 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2012/12/19 18:26:08 | 001,309,678 | -H-- | M] () -- C:\Users\Jane\Documents\PP11Thumbs.ptn
    [2012/12/19 18:26:08 | 000,000,814 | -H-- | M] () -- C:\Users\Jane\Documents\PP11Thumbs.ptn2
    [2012/12/19 18:26:07 | 000,005,943 | -H-- | M] () -- C:\Users\Jane\Documents\maxdesk.ini2
    [2012/12/19 18:24:22 | 000,367,452 | ---- | M] () -- C:\Users\Jane\Documents\Document (6).pdf
    [2012/12/17 10:56:32 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/13 14:49:56 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
    [2013/01/09 14:44:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/08 15:55:28 | 000,000,830 | ---- | C] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
    [2013/01/07 17:10:29 | 000,001,954 | ---- | C] () -- C:\Users\Jane\Desktop\ESET NOD32 Antivirus.lnk
    [2012/12/27 21:55:57 | 000,065,196 | ---- | C] () -- C:\Users\Jane\Desktop\Troubleshoot HP Installation Failure - Network.hta
    [2012/12/27 21:41:50 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
    [2012/12/27 21:19:13 | 000,005,826 | ---- | C] () -- C:\Users\Jane\Desktop\HP Installation Failure 43.hta
    [2012/12/27 21:15:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/12/19 18:24:19 | 000,367,452 | ---- | C] () -- C:\Users\Jane\Documents\Document (6).pdf
    [2012/12/17 10:56:32 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/11/23 17:37:27 | 000,126,060 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2012/10/03 16:41:18 | 000,000,023 | ---- | C] () -- C:\Windows\ANS2000.INI
    [2012/10/03 16:41:18 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
    [2012/10/03 16:41:18 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
    [2012/10/03 16:36:03 | 000,000,085 | ---- | C] () -- C:\Windows\aebconfig.ini
    [2012/08/17 15:39:06 | 000,000,365 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2012/05/23 15:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/04/14 21:25:16 | 000,017,408 | ---- | C] () -- C:\Users\Jane\AppData\Local\WebpageIcons.db
    [2012/04/09 15:03:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/04/09 15:02:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/04/09 15:02:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2012/04/06 19:49:24 | 000,177,056 | ---- | C] () -- C:\Users\Jane\AppData\Local\Schedule8.dat
    [2012/04/06 19:12:17 | 000,006,144 | ---- | C] () -- C:\Users\Jane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/06 17:28:12 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2012/04/06 17:28:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2012/04/06 17:27:06 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
    [2012/04/06 17:27:04 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2012/04/06 17:14:01 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2012/04/06 12:19:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
    [2012/04/06 12:19:19 | 000,000,114 | ---- | C] () -- C:\Windows\kpcms.ini
    [2012/04/06 11:37:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/04/05 12:06:59 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2012/04/05 12:06:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2012/04/05 12:06:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
    [2012/04/05 12:04:27 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2012/04/05 11:59:16 | 000,000,680 | ---- | C] () -- C:\Users\Jane\AppData\Local\d3d9caps.dat
    [2011/12/14 11:32:58 | 000,026,759 | ---- | C] () -- C:\Program Files\PDFXVW1.xml
    [2011/02/09 20:54:58 | 003,973,120 | ---- | C] () -- C:\Windows\System32\ffmpeg2.exe
    [2010/05/12 13:57:50 | 000,380,074 | ---- | C] () -- C:\Program Files\Claim_your_free_PDF_converter.pdf

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 881 bytes -> C:\Users\Jane\Documents\tv-streams.eml:OECustomProperty
    @Alternate Data Stream - 1273 bytes -> C:\Users\Jane\Documents\The World as Some See It.eml:OECustomProperty
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 1239 bytes -> C:\Users\Jane\Desktop\BOWKER LOG IN.eml:OECustomProperty
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    I'm signing off for the night so I'll review that log tomorrow and post further instructions.
     
  15. panamahat

    panamahat Thread Starter

    Joined:
    Apr 30, 2005
    Messages:
    344
    Thanks for all your help.
    Jane
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085030

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice