Help for removal of stubborn System Protection 2012

HerNameWas_Lola · Nov 8, 2011

Tried the step by step guide on how to remove System Security 2012. It's not presenting the same issues as it was before I did the removal steps but it's still here and I don't know what else to do.

Provided a hijackthis log, not sure if thats helpful.

Help or advice would be appreciated! I'm trying to do all I can before running to a guy help me. I dont want to be that girl and I dont want to be that helpless!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:45 PM, on 11/8/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin

\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\Asc.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://msi.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 212.124.122.156 google.com
O1 - Hosts: 212.124.122.156 yahoo.com
O1 - Hosts: 212.124.122.156 bing.com
O1 - Hosts: 212.124.122.156 facebook.com
O1 - Hosts: 212.124.122.156 yahoo.com
O1 - Hosts: 212.124.122.156 bing.com
O1 - Hosts: 212.124.122.156 facebook.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:

\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_printenhancer.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program

Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6}

- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:

\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:

\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid

Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager

\MGSysCtrl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common

Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe

\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common

Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files

\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin

\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start

http://www.avg.com/ww.special-uninstallation-feedback-app?

lic=QUFLUlItR1BFSkstUjdRTkctQUdNSTYtQVJGNlItWQ"&"inst=NzYtOTUwNzk5Mzg3LVNUMTJP

SSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=5f00c644

2cd847d1811b9128c052448c-ad1491be2ce6c122f6b66faa90e70c2decf7d34c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks

\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit

\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [GoogleBackupBackup] rundll32.exe "C:\ProgramData

\GoogleBackupBackup.dll",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe

(User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files

(x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-

8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:

\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program

Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program

Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit

- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI

Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:

\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

(x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files

\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files

\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files

\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour

\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner -

C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner -

C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:

\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:

\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher

\FNPLicensingService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel

Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology

\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin

\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files

(x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:

\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows

\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:

\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown

owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner

- C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner

- C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files

(x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA

Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated -

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\windows

\system32\Wacom_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown

owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:

\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -

C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

\wmpnetwk.exe (file missing)

--
End of file - 12418 bytes

Jack · Nov 8, 2011

Hello,
Please try to run a scan with Otl.

Scan with OTL:

Please download OTL and save it to your Desktop.
Right-click on OTL.exe and select Run as Administrator to start OTL.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back :
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

jamescv7 · Nov 8, 2011

Seems a leftover that may still be active . Also its very like your host or proxy are causing the redirection when you type aff "google.com" and that message appear that your infected.

Since Jack is here, he can try and help to figure your problem.

HerNameWas_Lola · Nov 8, 2011

OTL logfile created on: 11/8/2011 3:31:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicole\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 38.56% Memory free
7.96 Gb Paging File | 5.30 Gb Available in Paging File | 66.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.60 Gb Total Space | 29.19 Gb Free Space | 10.63% Space Free | Partition Type: NTFS
Drive D: | 183.06 Gb Total Space | 182.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive E: | 172.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GULLWH0RE | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nicole\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASC.exe (IObit)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 4\Scan.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 4\sqlite3.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 4\NtfsData.dll ()
MOD - C:\Program Files (x86)\IObit\Advanced SystemCare 4\DiskMap.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Pidgin\exchndl.dll ()
MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll ()
MOD - C:\Program Files (x86)\Pidgin\libjabber.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files (x86)\Pidgin\liboscar.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libqq.dll ()
MOD - C:\Program Files (x86)\Pidgin\libymsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron )
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (enecirhid) -- C:\Windows\SysNative\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (enecirhidma) -- C:\Windows\SysNative\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (Gun) -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 C1 CF 02 74 6F 30 45 96 E1 80 E6 09 67 5D 13 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 C1 CF 02 74 6F 30 45 96 E1 80 E6 09 67 5D 13 [binary data]

IE - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
IE - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 C1 CF 02 74 6F 30 45 96 E1 80 E6 09 67 5D 13 [binary data]
IE - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {357e5873-7b27-4ef1-9f10-85f6bbab1b7e}:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4
FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18
FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.23
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.9
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p="
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 23:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox old\components [2011/09/03 14:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox old\plugins [2011/09/03 14:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 16:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/20 21:31:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/01 23:37:57 | 000,000,000 | ---D | M]

[2010/12/06 18:54:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Extensions
[2011/11/07 20:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions
[2011/11/07 06:51:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions\{357e5873-7b27-4ef1-9f10-85f6bbab1b7e}
[2011/07/20 01:26:57 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}
[2011/07/20 01:25:18 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/07/20 01:26:57 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}
[2011/10/04 15:25:08 | 000,000,000 | ---D | M] (Check4Change) -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8s2qpk3l.default\extensions\check4change-owner@mozdev.org
[2011/10/20 06:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/07 21:00:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/02/23 15:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/08 06:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\TidyPlates_5_15_2_Curse\TidyPlates_Grey\TidyPlates_GreyExtension
[2011/10/30 12:52:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/09/30 16:35:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/23 15:13:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2011/06/12 02:46:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/08 09:36:24 | 000,003,303 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 49 more lines...
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [GoogleBackupBackup] C:\ProgramData\GoogleBackupBackup.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DA7334-04BA-4388-A4B2-64E36BFB8B58}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7138B03-11BC-4F51-B20B-E218A83AA1D7}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3557926228-753220077-1808343243-1000 Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/11 19:21:22 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{209e1fa2-17c0-11e0-a480-406186b6ad7f}\Shell - "" = AutoRun
O33 - MountPoints2\{209e1fa2-17c0-11e0-a480-406186b6ad7f}\Shell\AutoRun\command - "" = F:\Autorun.bat
O33 - MountPoints2\{209e215c-17c0-11e0-a480-406186b6ad7f}\Shell - "" = AutoRun
O33 - MountPoints2\{209e215c-17c0-11e0-a480-406186b6ad7f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{5144f8a6-ba1e-11df-92f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5144f8a6-ba1e-11df-92f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2009/12/03 18:22:48 | 000,513,130 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 11:56:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2011/11/08 11:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/08 09:36:24 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\nXqjYCekIrOtAuS
[2011/11/08 09:36:24 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\cdWK7fRL9
[2011/11/08 09:30:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\vVltPu1b3Ga6Jf8
[2011/11/08 09:30:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\p1Do4HWd8
[2011/11/08 09:30:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hrtPc1DFms7EgqX
[2011/11/08 09:30:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\FhwVOx0c1Do4
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Zn6f9ZYwVOxu1b4
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TtPu1DoGH
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TtPu1b3Ga
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\lAu2Dp4HWfLgjwV
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\lAu2Dna6KEgqYwI
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\lA02Dna6KgYVN0S
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Gp4HWfLgjwVOPci
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\fi3GQ6KEgqwVltP
[2011/11/08 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\c4HWfLgjwVOPciD
[2011/11/08 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\n8fRL9hTXjCIrx0
[2011/11/08 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EdWK8fRL9TqCkBO
[2011/11/08 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EdK8fRL9jeIzyAu
[2011/11/08 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EdK8fRL9hXjCkBz
[2011/11/08 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AdW7R9gTXjCkVNA
[2011/11/08 09:30:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EE8RZ9hYXjVlB
[2011/11/08 09:30:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EE8R9hYXwUeIt
[2011/11/08 09:30:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EE8gRZ9hYwUeI
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\YRZqhYXwkVlBz0c
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\x8RZhwkUVlBz0c1
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\iXwkUVlOBz0ciDo
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\iXkUlBtzy1v2n4m
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\iwkUVlBtz0c1v2n
[2011/11/08 09:30:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hBtzP0ycAiDo
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\zrlONtxP0c1b3n4
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ucS1ibD3o
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\S1ibD3onGa
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\RnG4amH6sJfLgq
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\RnG4amH6sJfLgh
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\qkrlOBP0c1vo
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Q0uc1ibD3n4m6W7
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Q0u1ibD3oGaHsJf
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\p4amH6sWJfLgqCU
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\p4amH6sWJfLghwV
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\mamH6sWJ7E8ThwV
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\lbD3onGam6fL
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\KwrlONtxPu1b3n4
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ID3onG4am6W7
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hNtxP0uc1b3n4m6
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\djwVrlONtPu1b3n
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsWJ7fELghCUlB0
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsWJ7fEL8ThwVOt
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsWJ7fEL8ThCUlB
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsWJ7fEL8ThCkVl
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsWJ7fEL8ThCkrO
[2011/11/08 09:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AsfL8gThwrBPco4
[2011/11/08 09:30:09 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xLgqjCwkrOt
[2011/11/08 09:30:09 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SQ6sKfELgZjCkVl
[2011/11/08 09:30:09 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hkIrzONtx0ci3Ga
[2011/11/08 09:30:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\J2obpGQd8ZXC
[2011/11/08 09:30:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\auD2obpGQd
[2011/11/08 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Cp9AQq0HYcsUvd
[2011/11/08 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\zlOBPci3Fms7Lgh
[2011/11/08 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\trlOBPci3Fms7Lg
[2011/11/08 09:30:00 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\uf9ZYkrNPc13Gms
[2011/11/08 09:29:55 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\sLjO1aECOy1Dn4H
[2011/11/08 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Iv3Q7Tez0b4W9Yr
[2011/11/08 09:29:48 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SNAv4QdKhUerN
[2011/11/08 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hecF7hI1p
[2011/11/08 09:29:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ULTqCIyvGdLYVx2
[2011/11/08 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\tqCIltPc1Dna6
[2011/11/08 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\tqCIlt0Sb3Gms
[2011/11/08 09:29:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Ju2Fma6KRhqCIzy
[2011/11/08 09:29:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\oePuFsKhCz1bma
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\N1n6EhkVOtPSoHd
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\KP0ci3Fms7LRhwV
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\kK8ZYjeBPyA
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\go4HWd8ZYkeBPc1
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\g45Jd8ZYkeOzyAv
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\beBPc1DnpHJEghw
[2011/11/08 09:29:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\b0ci3Fms7gXeBPc
[2011/11/08 09:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\yJEgqYkVrBx0Svo
[2011/11/08 09:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\XGQs7LZYktc13Gm
[2011/11/08 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\X4Qs7LgTjwVNPc1
[2011/11/08 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\FiQfZwrNPci3
[2011/11/08 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\bSbp4Qs7LTj
[2011/11/08 09:29:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\bSbp4Qs7Lgj
[2011/11/08 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\mRhTXUkBOy0vbGQ
[2011/11/08 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\LeBOyx0uSn5
[2011/11/08 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ffRLTVNAc2Dna6W
[2011/11/08 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\yClIzNuSo3maJK
[2011/11/08 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\sob3maQJ6KR
[2011/11/08 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Fy1vSob3maJWfLh
[2011/11/08 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\dqCeIzyx0
[2011/11/08 09:29:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CIBrPNy1vo3maJW
[2011/11/08 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\XHfZkBSn5ZkOy
[2011/11/08 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Wo4HWd8ZhwVOzAv
[2011/11/08 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Qd8ZhwVOzAvop5
[2011/11/08 09:29:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\kZhwVOzAvop5Jd8
[2011/11/08 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\XHfZkBSn5ZkOz
[2011/11/08 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\sms7LThwVOxyio
[2011/11/08 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Qms7LThwVOxyio
[2011/11/08 09:29:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\G0FaKgYrAi
[2011/11/08 09:29:29 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\UF69lA3dhI0FaKg
[2011/11/08 09:29:29 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Gc2m6fXePuFaKhC
[2011/11/08 09:29:28 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\PdZecFsgUNoQZex
[2011/11/08 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\P7RwlyD4QKhVzAo
[2011/11/08 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\E58wzD5gUNosKhC
[2011/11/08 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AnJRVynJ9lAF
[2011/11/08 09:29:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hqtoJqrynJRVynJ
[2011/11/08 09:29:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aNx0S3Q7gex3KC0
[2011/11/08 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\JTqjeIrNxuin
[2011/11/08 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\E3GaQ6KEgq
[2011/11/08 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ChCrNx0S3Q7
[2011/11/08 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aIrNxuinHfgYkzt
[2011/11/08 09:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aIrNuFa7TeOu2n6
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xpms6KRZhwCBNAv
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xpGQdKRZhwCIP1v
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xms6KRZhwCBNAvo
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xK9lcbQRCySpJ9e
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\URXlNv3Q8Te
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\h9lcbQRCySpJ9ex
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\DUltNAv24Q8hCyS
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CXlAF6ZXlNv3Q8T
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CLTqjeIrNxu
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CLTjCkIrNuF
[2011/11/08 09:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Cf9TqjUkIrN
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\zhYXwkUVeO
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\xmH5Wd8ZYwUeOtP
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\W8ZhYXwkUeOtPci
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TXwkUVelOtPi
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\QUVelOBtz0i2n4
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\G4amH5sWd8ZhXkV
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\BP0y1DonFpHs7KR
[2011/11/08 09:29:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AH5Wd8ZYXkVlBz0
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ynas7fE8ZhCkVOx
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\yna6WfEL8ZYkVOx
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\WEL9TZjYwIltPci
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\WEL9gTZjYwIrNx0
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TkIVltxP0i3Gms7
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SS2ibDna6WfLTjw
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SS2ibDna6KfLTjw
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\sIVrNxP0SiDna6W
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\PL8ZYCkUVOx
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\oTZjYkIVrNx0ci3
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\o9TZjYwkIltPciD
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\kibDna6KfLTjkVN
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\kibD3GQ6KfLgZjw
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\IbDp4HWKfLgjwIl
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\cGms7f8ZYkVOxyS
[2011/11/08 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\cGms7E8ZYkVOxy1
[2011/11/08 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\x89XUkrNyv23GQ6
[2011/11/08 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TNtx0ucS2bn4HWf
[2011/11/08 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\pi3G5Q6dW
[2011/11/08 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ccS2ibDn4HWfLTj
[2011/11/08 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\A8LTjeIrzN256W7
[2011/11/08 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Ims7KRhYw
[2011/11/08 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\DcAuD2obms6KRh
[2011/11/08 09:28:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\oEgqCUlt0Sv
[2011/11/08 09:28:46 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\u2nWgYkrA2n6EZk
[2011/11/08 09:28:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\oU0osRVybJ9lumK
[2011/11/08 09:28:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\VRhwUltz0ci2Fms
[2011/11/08 09:28:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\jLRhwVOz0Ai2np5
[2011/11/08 09:28:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\GsWd8ZYkeBz0AvF
[2011/11/08 09:28:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\gDn4Hs7LTwVtSo
[2011/11/08 09:28:42 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\qCIz0bpa6KEgqCI
[2011/11/08 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Wy0Si3pnGa6Kf9T
[2011/11/08 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\VqCIzNA2n
[2011/11/08 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\wRwIySpQ8TezyAv
[2011/11/08 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\pYezNAvo4GQd
[2011/11/08 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\nIBtNAvo4sKhCz1
[2011/11/08 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\LhjeBPxu2Fm
[2011/11/08 09:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\e5s7KRhwVIzy1Db
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\z1vDo4HsQ7KRhUB
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Ovo45s7KRhwVIzy
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\NvDo4HsQ7KRhUBP
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\lsQ7KRhYU
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Is7KRhwVI
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\cLZwVBPAvo457KR
[2011/11/08 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\bci2FmsQ7KRhwV
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ZHW7ELTjwIOx0Sb
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Yt0Sbo4HWf8ZYkr
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\w9ZYwIlPiG
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\uHWf8ZYkrBPci34
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SHs7EgThYwVOxy1
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ho4HWf8ZYkrB
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\dVlt0ci3n4HW
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aKE9Tjwlt0Sbo4H
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aKE9TjwIlt0Sbo4
[2011/11/08 09:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\a4HWf8ZYkrBPc
[2011/11/08 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\W2DpnaHW7ETjwIO
[2011/11/08 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\R9XYkrNtAu2DpQ
[2011/11/08 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EUCekBrzOx0v2b3
[2011/11/08 09:28:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\drNt0SiDpa6WLwV
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\wUelBzy1v235J
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\UelIBzPxuSFp5Q
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\tBrzONxA0v
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\qrzONxA0uSiF
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\nPxuvS2Fp5Qd8Lq
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\mf9TjeBzOAuSi3n
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\jzONyAuvSiFp5
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\GekBrzONx0
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EzPNAuvS2Fm5Qd8
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\EBzPxuvS2F5Qd8L
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CNyAuvS2iFp5KL
[2011/11/08 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ABrzONxA0v2b
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ZZ9hXwjUC
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\zob4p5Jd8ZTwU
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\wUCelIBzPAuSo
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\TpGQJdE8fZhXjCl
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\RRZ9hXwjUeIzNAu
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\RRZ9hXwjUeIPxuS
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\phXwjUCel
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ObpG5JdE8ZTwU
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ffZ9hXwjUeIzN1v
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ffZ9hXwjUeIPy1v
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ffRZ9hXwjClBzN1
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ffRZ9hXwjClBPxu
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\cwjUCelIBPxu
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AjUCelIBzxuS
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aGQJdE8fR9XjClB
[2011/11/08 09:28:35 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\aG5JdE8fZTwUlBz
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\ugRZYVtNAv2b
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\SZYjVItNAuDop
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\soF4pm5JE8RYwUe
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\n0ycAvD2o4mJ
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\FyAvD2onFpHJ
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\DmH5Jd8gRYjVItP
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Dm5JE8gRYwUeBPc
[2011/11/08 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Ay1oHdgkBz01Do4
[2011/11/08 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\nt0S1iDFms7E
[2011/11/08 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\kYCwkVOxy1Dna5J
[2011/11/08 09:28:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\tpQ6Wf9ZYkrNPci
[2011/11/08 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\t2D3pnG4a6Wf9ZY
[2011/11/08 09:28:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\HXePuFaKhCz0iGd
[2011/11/08 09:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\wD4WLqUtS3mJgXl
[2011/11/08 09:28:26 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\fx2n6RqINc
[2011/11/08 09:28:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Rb3m5J6WKLXjeB
[2011/11/08 09:28:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\R2o4HQd8RhwUltN
[2011/11/08 09:28:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Xtz0ycA1i2Fms7K
[2011/11/08 09:28:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\uo4HWd8hYwVl
[2011/11/08 09:28:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\OPycS1Dn4Hs7EgZ
[2011/11/08 09:28:14 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\iycA1iv2o4HQd8Z
[2011/11/08 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\k7LThwVOxySvo4H
[2011/11/08 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\hP1bon4ms
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\tOyxAu2FnQ6Kf9X
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\IaQHs7LZY
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\gi3G4aQHs79ZYwr
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\g2Dp4QHs7LTjwVO
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Di3nQd7L9qCIzNA
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CrNAc2Dp4Qs
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\COAci3G4aHs
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\CIVrzONtxci
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\BQHs7LTjwV
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\bAci34aQHsf9ZY
[2011/11/08 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\bAc2Dp4QHs7LTj
[2011/11/08 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\yR9XUkBrNxu2Fna
[2011/11/08 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\vmGa6dK8f9XUeBO
[2011/11/08 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\iNyx1S2ob3ma6Kf
[2011/11/08 09:28:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\A9XUCekBO
[2011/11/08 09:28:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\X1ivD3onFaHW7LR
[2011/11/08 09:28:10 | 000,000,000 | --

Jack · Nov 8, 2011

You didn't copy/paste the entire log.......

STEP 1 : Run the OTL Fix

Start OTL again.

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DA7334-04BA-4388-A4B2-64E36BFB8B58}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7138B03-11BC-4F51-B20B-E218A83AA1D7}: DhcpNameServer = 209.18.47.61 209.18.47.62
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.

STEP 2 : Run a scan with Emsisoft Emergency Kit

Please download the latest official version of Emsisoft Emergency Kit
Open the EEK Folder on your Desktop and double click EmergencyKitScanner.bat
Click "Yes" to Update Emsisoft Emergency Kit
Put the mouse cursor over the "Menu" tab on the left and click-on "Scan PC".
Select "Smart Scan" and click-on the "Scan" button.
Save the scan log somewhere that you can find it.
Exit Emsisoft Emergency Kit.

STEP 3: Re-scan with OTL

Please download OTL and save it to your Desktop.
Right-click on OTL.exe and select Run as Administrator to start OTL.
Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Save the scan log somewhere that you can find it.

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

Emsisoft Emergency Kit log
latest OTL.txt
latest Extras.txt

HerNameWas_Lola · Nov 8, 2011

Attached two of the files, the OTL.txt log was too large to attach.

GabiCRX · Nov 9, 2011

You can try this:

http://download1us.softpedia.com/dl/5ce467840a1a0d14fc9439af45f4e0d4/4eba53c4/100127588/software/antivirus/Remove%20Fake%20Antivirus.exe

Jack · Nov 9, 2011

GabiCRX said:
You can try this:

Gave her remote support over TeamViewer ,there wasn't an active rogue because she did follow the guide and remove it , that strange behavior was the result of some residual damage.Everything should be fine now.

but I still have to see the OTL log (fixed the size limit for .txt files) ,now you can upload the file.

Dieselman · Nov 9, 2011

Removing infections is always the easy part. Put cleaning up the mess left behind is sometime more tedious.

AyeAyeCaptain · Nov 9, 2011

Rep + Jack.

Nice to know that you have gone one step further in order to help a fellow member! Credit where credit is due especially when you already provide the site/content/updates/guides for us all to peruse, discuss and enjoy.

Hope all is sorted now for you Lola and do hope you continue to make use of this wonderful community.

Search

Help for removal of stubborn System Protection 2012

HerNameWas_Lola

New Member

Jack

Administrator

jamescv7

Level 85

HerNameWas_Lola

New Member

Jack

Administrator

HerNameWas_Lola

New Member

Attachments

GabiCRX

Level 8

Jack

Administrator

Dieselman

Level 1

AyeAyeCaptain

Level 1

Similar threads