<![CDATA[MalwareTips.com - All Forums]]> http://malwaretips.com/ Tue, 21 May 2013 00:56:41 +0000 MyBB <![CDATA[Help with FBI virus aftermath]]> http://malwaretips.com/Thread-Help-with-FBI-virus-aftermath Mon, 20 May 2013 18:45:13 -0600 http://malwaretips.com/Thread-Help-with-FBI-virus-aftermath
.txt  aswMBR.txt (Size: 1.57 KB / Downloads: 0)

.txt  OTL.Txt (Size: 149.58 KB / Downloads: 1) ]]>
.txt  aswMBR.txt (Size: 1.57 KB / Downloads: 0)

.txt  OTL.Txt (Size: 149.58 KB / Downloads: 1) ]]> <![CDATA[Trying to Remove PricePeep Ads]]> http://malwaretips.com/Thread-Trying-to-Remove-PricePeep-Ads Mon, 20 May 2013 17:36:16 -0600 http://malwaretips.com/Thread-Trying-to-Remove-PricePeep-Ads OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marrier\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\Syst​em.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra​wing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S​ystem.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\S​ystem.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.​Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\Sys​tem.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst​em.Windows.Forms.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420​b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634​d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a878​68659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServiceP​lugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateSer​vicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateService​Worker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateS​erviceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d481​6ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d​4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d481​6ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead​86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Int​uit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__​7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea​\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.​Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d481​6ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d​4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.​1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540​d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\​1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.​PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Up​dateService.PluginContract.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe File not found
SRV - (Sleepy) -- C:\Program Files\Sleepy\service.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (dump_wmimmc) -- C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys File not found
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130515.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130517.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys (Symantec Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (LADF_RenderOnly) -- C:\WINDOWS\system32\drivers\ladfGSRi386.sys (Logitech)
DRV - (LADF_CaptureOnly) -- C:\WINDOWS\system32\drivers\ladfGSCi386.sys (Logitech)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (ATI Technologies, Inc.)
DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...urceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTe...f8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{04DA659F-89F0-4FDE-B413-86118C8649B8}: "URL" = http://search.yahoo.com/search?fr=chr-gr...archTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...1I7GPCK_en
IE - HKCU\..\SearchScopes\{E6AF6939-8D25-4996-AA92-EA85F1BD3B43}: "URL" = http://www.google.com/search?q={searchTe...1I7GPCK_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://corner.bigblueinteractive.com/index.php"
FF - prefs.js..extensions.enabledAddons: plugin%40vfd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ [2013/05/20 18:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ [2013/03/04 16:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 15:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 15:49:22 | 000,000,000 | ---D | M]

[2012/02/15 21:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions
[2009/06/13 21:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/05/16 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions
[2012/05/23 16:47:40 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012/08/24 20:03:34 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\plugin@vfd.com
[2013/04/05 16:26:23 | 000,361,682 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\smarterwiki@wikiatic.c​om.xpi
[2012/08/01 17:50:19 | 001,675,213 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi
[2012/12/30 17:18:43 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/05/08 15:43:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/20 18:08:14 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\COFFPLGN
[2013/03/04 16:23:51 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPLGN
[2013/04/13 16:52:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/30 14:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012/08/29 18:22:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/04 15:47:57 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl​e:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://corner.bigblueinteractive.com/index.php
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.d​ll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Solitaire Games = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\
CHR - Extension: Bubble Shooter -HD = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.3.7.1_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

O1 HOSTS File: ([2013/05/06 14:38:38 | 000,445,361 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe (LexoSoft Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/14 15:05:45 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008...oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msg...b56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e...vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UN...E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsu...9106024718 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009...ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fla...rashim.cab (Reg Error: Value error.)
O16 - DPF: {994CF098-73ED-4C83-B227-B15F2A8D6177} https://www.d-life.com/D-Life//DLCUALibrary.cab (CTUADriverWrapperCtrl Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIn...b56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Mes...b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/fl...wflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://cincinnati.connectge.com/dana-ca...tupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com....3.1.0.cab (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://cincinnati.connectge.com/dana-ca...Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AABA5FE-995A-4EBB-9BAB-0AE8F49BE23D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 19:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/05/11 16:02:36 | 002,431,246 | ---- | M] () - C:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2011/11/05 13:52:32 | 000,049,648 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,649,864 | ---- | M] (Sysinternals - http://www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,567,944 | ---- | M] (Sysinternals - http://www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O32 - AutoRun File - [2003/11/19 06:16:26 | 000,000,056 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{20cebf6d-73c4-11dd-8229-0019d1987999}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O33 - MountPoints2\{4d87a803-faf1-11dd-833b-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bcc8dff9-1cd0-11de-836d-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bde3c206-f2d0-11df-8633-0019d1987999}\Shell\AutoRun\command - "" = F:\DPVSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 17:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/19 15:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/19 15:48:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/16 19:27:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marrier\Recent
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Start Menu\Programs\Revo Uninstaller
[2013/05/06 12:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/06 12:13:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/05/06 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/06 12:09:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/06 12:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 18:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/20 18:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 18:07:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 18:07:56 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/20 18:07:56 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/05/20 18:07:53 | 000,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/20 18:00:30 | 000,000,908 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/05/20 17:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004UA.job
[2013/05/20 17:00:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/05/20 13:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004Core.job
[2013/05/20 11:34:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/05/18 11:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/16 19:28:15 | 000,024,776 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/15 19:09:13 | 000,001,360 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/05/15 18:15:08 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 18:10:59 | 000,433,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 18:10:59 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 18:01:50 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/14 22:30:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 22:30:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/11 22:40:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/11 16:09:24 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2013/05/11 16:02:36 | 002,431,246 | ---- | M] () -- C:\AutoRuns.arn
[2013/05/11 10:44:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Microsoft Word.lnk
[2013/05/07 00:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/06 14:38:38 | 000,445,361 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2013/05/06 12:14:03 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/05/06 12:06:21 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Update Checker.lnk
[2013/05/06 12:04:22 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/05/06 12:03:36 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/05/04 11:39:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/20 18:07:53 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:00:30 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/05/16 19:28:13 | 000,024,776 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/11 22:40:45 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/06 12:14:02 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:53 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/06 12:13:52 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/02/15 21:32:24 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/14 18:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/01 19:35:56 | 000,076,360 | ---- | C] () -- C:\WINDOWS\System32\ladfGSRCoinst_i386.dll
[2011/01/04 17:28:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/18 19:26:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marrier\Ÿ9Ÿ9
[2008/12/23 20:00:13 | 000,735,889 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\pbsetup.zip
[2008/12/23 19:47:55 | 000,674,600 | ---- | C] () -- C:\Program Files\pbsvc.exe
[2008/12/23 18:22:16 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\PnkBstrK.sys
[2008/12/23 02:47:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Marrier\__Call Of Duty 4 - Modern Warfare Multiplayer

========== ZeroAccess Check ==========

[2008/12/22 23:14:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/09 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/08/19 00:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/03 00:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/05/28 11:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2008/08/22 11:00:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/08/18 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2013/05/20 18:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/08/12 21:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/11/27 12:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/12/25 22:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/06 19:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/02/14 13:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/11/16 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2011/04/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/12 21:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/10/12 12:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/02/01 20:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/12/19 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TelTel
[2009/03/17 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/30 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\utilinkl
[2009/03/18 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/03/18 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/09 20:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/19 00:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\acccore
[2009/08/27 17:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Amazon
[2010/12/03 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Ashampoo
[2010/12/03 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\BitTorrent
[2009/10/10 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Blitware
[2008/11/08 21:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/27 10:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\DeviceDoctorSoftware
[2011/09/22 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\FileZilla
[2009/06/08 18:41:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marrier\Application Data\ijjigame
[2011/09/21 08:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Juniper Networks
[2008/11/05 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Leadertech
[2009/07/23 20:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LimeWire
[2011/08/19 16:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LolClient
[2011/02/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Marine Aquarium 3
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\r2 Studios
[2009/11/23 17:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TeamViewer
[2009/12/19 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TelTel
[2010/03/15 19:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Tific
[2012/04/05 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TS3Client
[2010/02/03 23:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Uniblue
[2011/04/09 20:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\uTorrent
[2010/10/25 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\WeGame
[2008/11/08 21:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\zweitgeist

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
OTL Extras logfile created on: 5/20/2013 6:41:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:Pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:Pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Josh\SteamApps\common\alien swarm\srcds.exe" = H:\Josh\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHIN

.ppt  Screenshot.ppt (Size: 403 KB / Downloads: 2) ]]> OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marrier\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\Syst​em.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Dra​wing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\S​ystem.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\S​ystem.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.​Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\Sys​tem.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\Syst​em.Windows.Forms.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420​b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634​d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a878​68659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServiceP​lugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateSer​vicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateService​Worker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateS​erviceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d481​6ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d​4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d481​6ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead​86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Int​uit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__​7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea​\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.​Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d481​6ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d​4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.​1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540​d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\​1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll​ ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.​PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Up​dateService.PluginContract.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe File not found
SRV - (Sleepy) -- C:\Program Files\Sleepy\service.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (dump_wmimmc) -- C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys File not found
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130515.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130517.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys (Symantec Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (LADF_RenderOnly) -- C:\WINDOWS\system32\drivers\ladfGSRi386.sys (Logitech)
DRV - (LADF_CaptureOnly) -- C:\WINDOWS\system32\drivers\ladfGSCi386.sys (Logitech)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (ATI Technologies, Inc.)
DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...urceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTe...f8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{04DA659F-89F0-4FDE-B413-86118C8649B8}: "URL" = http://search.yahoo.com/search?fr=chr-gr...archTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerm...ORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...1I7GPCK_en
IE - HKCU\..\SearchScopes\{E6AF6939-8D25-4996-AA92-EA85F1BD3B43}: "URL" = http://www.google.com/search?q={searchTe...1I7GPCK_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://corner.bigblueinteractive.com/index.php"
FF - prefs.js..extensions.enabledAddons: plugin%40vfd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ [2013/05/20 18:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ [2013/03/04 16:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 15:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 15:49:22 | 000,000,000 | ---D | M]

[2012/02/15 21:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions
[2009/06/13 21:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/05/16 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions
[2012/05/23 16:47:40 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012/08/24 20:03:34 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\plugin@vfd.com
[2013/04/05 16:26:23 | 000,361,682 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\smarterwiki@wikiatic.c​om.xpi
[2012/08/01 17:50:19 | 001,675,213 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi
[2012/12/30 17:18:43 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/05/08 15:43:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/20 18:08:14 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\COFFPLGN
[2013/03/04 16:23:51 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPLGN
[2013/04/13 16:52:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/30 14:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012/08/29 18:22:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/04 15:47:57 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl​e:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://corner.bigblueinteractive.com/index.php
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.d​ll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Solitaire Games = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\
CHR - Extension: Bubble Shooter -HD = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.3.7.1_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

O1 HOSTS File: ([2013/05/06 14:38:38 | 000,445,361 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe (LexoSoft Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/14 15:05:45 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008...oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msg...b56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e...vc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UN...E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsu...9106024718 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009...ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fla...rashim.cab (Reg Error: Value error.)
O16 - DPF: {994CF098-73ED-4C83-B227-B15F2A8D6177} https://www.d-life.com/D-Life//DLCUALibrary.cab (CTUADriverWrapperCtrl Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIn...b56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Mes...b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstal...s-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/fl...wflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://cincinnati.connectge.com/dana-ca...tupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com....3.1.0.cab (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://cincinnati.connectge.com/dana-ca...Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AABA5FE-995A-4EBB-9BAB-0AE8F49BE23D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 19:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/05/11 16:02:36 | 002,431,246 | ---- | M] () - C:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2011/11/05 13:52:32 | 000,049,648 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,649,864 | ---- | M] (Sysinternals - http://www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,567,944 | ---- | M] (Sysinternals - http://www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O32 - AutoRun File - [2003/11/19 06:16:26 | 000,000,056 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{20cebf6d-73c4-11dd-8229-0019d1987999}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O33 - MountPoints2\{4d87a803-faf1-11dd-833b-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bcc8dff9-1cd0-11de-836d-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bde3c206-f2d0-11df-8633-0019d1987999}\Shell\AutoRun\command - "" = F:\DPVSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 17:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/19 15:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/19 15:48:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/16 19:27:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marrier\Recent
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Start Menu\Programs\Revo Uninstaller
[2013/05/06 12:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/06 12:13:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/05/06 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/06 12:09:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/06 12:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 18:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/20 18:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 18:07:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 18:07:56 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/20 18:07:56 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/05/20 18:07:53 | 000,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/20 18:00:30 | 000,000,908 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/05/20 17:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004UA.job
[2013/05/20 17:00:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/05/20 13:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004Core.job
[2013/05/20 11:34:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/05/18 11:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/16 19:28:15 | 000,024,776 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/15 19:09:13 | 000,001,360 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/05/15 18:15:08 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 18:10:59 | 000,433,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 18:10:59 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 18:01:50 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/14 22:30:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 22:30:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/11 22:40:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/11 16:09:24 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2013/05/11 16:02:36 | 002,431,246 | ---- | M] () -- C:\AutoRuns.arn
[2013/05/11 10:44:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Microsoft Word.lnk
[2013/05/07 00:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/06 14:38:38 | 000,445,361 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2013/05/06 12:14:03 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/05/06 12:06:21 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Update Checker.lnk
[2013/05/06 12:04:22 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/05/06 12:03:36 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/05/04 11:39:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/20 18:07:53 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:00:30 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/05/16 19:28:13 | 000,024,776 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/11 22:40:45 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/06 12:14:02 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:53 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/06 12:13:52 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/02/15 21:32:24 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/14 18:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/01 19:35:56 | 000,076,360 | ---- | C] () -- C:\WINDOWS\System32\ladfGSRCoinst_i386.dll
[2011/01/04 17:28:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/18 19:26:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marrier\Ÿ9Ÿ9
[2008/12/23 20:00:13 | 000,735,889 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\pbsetup.zip
[2008/12/23 19:47:55 | 000,674,600 | ---- | C] () -- C:\Program Files\pbsvc.exe
[2008/12/23 18:22:16 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\PnkBstrK.sys
[2008/12/23 02:47:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Marrier\__Call Of Duty 4 - Modern Warfare Multiplayer

========== ZeroAccess Check ==========

[2008/12/22 23:14:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/09 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/08/19 00:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/03 00:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/05/28 11:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2008/08/22 11:00:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/08/18 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2013/05/20 18:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/08/12 21:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/11/27 12:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/12/25 22:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/06 19:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/02/14 13:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/11/16 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2011/04/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/12 21:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/10/12 12:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/02/01 20:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/12/19 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TelTel
[2009/03/17 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/30 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\utilinkl
[2009/03/18 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/03/18 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/09 20:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/19 00:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\acccore
[2009/08/27 17:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Amazon
[2010/12/03 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Ashampoo
[2010/12/03 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\BitTorrent
[2009/10/10 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Blitware
[2008/11/08 21:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/27 10:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\DeviceDoctorSoftware
[2011/09/22 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\FileZilla
[2009/06/08 18:41:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marrier\Application Data\ijjigame
[2011/09/21 08:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Juniper Networks
[2008/11/05 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Leadertech
[2009/07/23 20:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LimeWire
[2011/08/19 16:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LolClient
[2011/02/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Marine Aquarium 3
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\r2 Studios
[2009/11/23 17:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TeamViewer
[2009/12/19 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TelTel
[2010/03/15 19:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Tific
[2012/04/05 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TS3Client
[2010/02/03 23:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Uniblue
[2011/04/09 20:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\uTorrent
[2010/10/25 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\WeGame
[2008/11/08 21:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\zweitgeist

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
OTL Extras logfile created on: 5/20/2013 6:41:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:Pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:Pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Josh\SteamApps\common\alien swarm\srcds.exe" = H:\Josh\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHIN

.ppt  Screenshot.ppt (Size: 403 KB / Downloads: 2) ]]> <![CDATA[Hello all]]> http://malwaretips.com/Thread-Hello-all--15977 Mon, 20 May 2013 17:22:52 -0600 http://malwaretips.com/Thread-Hello-all--15977 <![CDATA[New Config]]> http://malwaretips.com/Thread-New-Config Mon, 20 May 2013 16:55:16 -0600 http://malwaretips.com/Thread-New-Config
As my Avast subscription is up soon, I have been trying a few alternatives.

I have just paid for Comodo Internet Security after a short trial so I hope this performs well with no confliction or slow down.

Antilogger on trial too may may be overkill with the rest I have ?

Any comments invited.

Andy]]>
As my Avast subscription is up soon, I have been trying a few alternatives.

I have just paid for Comodo Internet Security after a short trial so I hope this performs well with no confliction or slow down.

Antilogger on trial too may may be overkill with the rest I have ?

Any comments invited.

Andy]]> <![CDATA[fbi moneypak virus]]> http://malwaretips.com/Thread-fbi-moneypak-virus--15972 Mon, 20 May 2013 14:16:44 -0600 http://malwaretips.com/Thread-fbi-moneypak-virus--15972 <![CDATA[Advanced SystemCare PRO 6 - 6 months free]]> http://malwaretips.com/Thread-Giveaway-Advanced-SystemCare-PRO-6-6-months-free Mon, 20 May 2013 14:04:53 -0600 http://malwaretips.com/Thread-Giveaway-Advanced-SystemCare-PRO-6-6-months-free
http://ld.iobit.com/2013/softonicgiveaway/es.php#]]>
http://ld.iobit.com/2013/softonicgiveaway/es.php#]]> <![CDATA[fbi money pak still uninstalled]]> http://malwaretips.com/Thread-fbi-money-pak-still-uninstalled Mon, 20 May 2013 13:57:30 -0600 http://malwaretips.com/Thread-fbi-money-pak-still-uninstalled <![CDATA[NEW Stunning Pictures Gallery]]> http://malwaretips.com/Thread-NEW-Stunning-Pictures-Gallery Mon, 20 May 2013 11:48:26 -0600 http://malwaretips.com/Thread-NEW-Stunning-Pictures-Gallery NEW Stunning Pictures Gallery here!

Show all pictures you especially like.Wink Amazing web photos, or images taken by ourselves .. share awesome pics here:


-----------------------------------------------------


Spanish twins holding hands at birth (Des jumeaux se tenant la main à la naissance): on YouTube: http://www.youtube.com/watch?v=jkSmOFtj7uA

'Pictures of Danel and Maria, fraternal twins born in San Sebastian, Spain, holding hands, unanimous on the Internet. This spontaneous gesture, immortalized by the maternity nurse, made the "a" of the media Gipuzkoa, "El Diario Vasco", Tuesday, May 14, 2013.

Since then, the euphoria. Video of two newborns has been viewed more than 260,000 times on YouTube in three days. In one day, 20,000 people on Facebook have clicked on "Like" to show their emotion.

The day Danel and Maria wish to review the pictures of their birth, they will certainly not hard to find them ...'

Spanish Twins holding hands at birth.jpg
[Image: ziXZQED.jpg]

--------------------

We took in a stray cat that had a nasty eye infection .. Being completely blind, one of our older cats decided to take care and help him around the house. I found them later asleep like this.png
[Image: 2pw3PL3.png]
IMGUR link for this image: http://imgur.com/gallery/8nBLnkF

-------------------

[Image: D0oErss.gif]
gifs-movimiento-gatos-07.gif]]> NEW Stunning Pictures Gallery here!

Show all pictures you especially like.Wink Amazing web photos, or images taken by ourselves .. share awesome pics here:


-----------------------------------------------------


Spanish twins holding hands at birth (Des jumeaux se tenant la main à la naissance): on YouTube: http://www.youtube.com/watch?v=jkSmOFtj7uA

'Pictures of Danel and Maria, fraternal twins born in San Sebastian, Spain, holding hands, unanimous on the Internet. This spontaneous gesture, immortalized by the maternity nurse, made the "a" of the media Gipuzkoa, "El Diario Vasco", Tuesday, May 14, 2013.

Since then, the euphoria. Video of two newborns has been viewed more than 260,000 times on YouTube in three days. In one day, 20,000 people on Facebook have clicked on "Like" to show their emotion.

The day Danel and Maria wish to review the pictures of their birth, they will certainly not hard to find them ...'

Spanish Twins holding hands at birth.jpg
[Image: ziXZQED.jpg]

--------------------

We took in a stray cat that had a nasty eye infection .. Being completely blind, one of our older cats decided to take care and help him around the house. I found them later asleep like this.png
[Image: 2pw3PL3.png]
IMGUR link for this image: http://imgur.com/gallery/8nBLnkF

-------------------

[Image: D0oErss.gif]
gifs-movimiento-gatos-07.gif]]> <![CDATA[FBI Virus - Strange Variant - Still Lingers]]> http://malwaretips.com/Thread-FBI-Virus-Strange-Variant-Still-Lingers Mon, 20 May 2013 09:44:43 -0600 http://malwaretips.com/Thread-FBI-Virus-Strange-Variant-Still-Lingers <![CDATA[FileMedic Anitivirus - Test (TestySecureLab)]]> http://malwaretips.com/Thread-FileMedic-Anitivirus-Test-TestySecureLab Mon, 20 May 2013 09:24:33 -0600 http://malwaretips.com/Thread-FileMedic-Anitivirus-Test-TestySecureLab

]]>

]]> <![CDATA[New to the forum]]> http://malwaretips.com/Thread-New-to-the-forum Mon, 20 May 2013 08:24:26 -0600 http://malwaretips.com/Thread-New-to-the-forum
Looking forward to being a part of this forum and all the wonderful information that there seems to be.

Thanks!!!

Bob]]>
Looking forward to being a part of this forum and all the wonderful information that there seems to be.

Thanks!!!

Bob]]> <![CDATA[Winrar 5.00 Beta 3 and 4 Details]]> http://malwaretips.com/Thread-Winrar-5-00-Beta-3-and-4-Details Mon, 20 May 2013 06:41:59 -0600 http://malwaretips.com/Thread-Winrar-5-00-Beta-3-and-4-Details Quote: Version 5.00 beta 3

1. Fixed XZ archive support, which did not work in beta 2.

2. "Convert" command did not allow to use compression dictionaries
exceeding 4 MB.

3. If both encryption password and archive comment were specified
when creating RAR archive, archive comment was not added.

4. "View as Unicode (UTF-8)" command in internal viewer did not work,
so UTF-8 files were displayed correctly only if their encoding
was detected by viewer automatically.

5. Maximum compression dictionary size when running in Windows XP x86
is reduced to 128 MB. WinRAR cannot allocate enough memory to
create archives with 256 MB dictionary in Windows XP x86.

6. Corrections in relative path processing, such as "..\arcname.rar" name
in archiving dialog or "WinRAR foldername" in the command line.
Quote: Version 5.00 beta 4

1. If archiving operation cannot allocate memory required for compression
dictionary, it automatically reduces the dictionary size.

2. Decompression algorithm can store the dictionary in several memory
blocks. It helps to unpack an archive on systems with high level
of memory heap fragmentation, when no single memory block
is large enough to fit the entire compression dictionary.

Source]]> Quote: Version 5.00 beta 3

1. Fixed XZ archive support, which did not work in beta 2.

2. "Convert" command did not allow to use compression dictionaries
exceeding 4 MB.

3. If both encryption password and archive comment were specified
when creating RAR archive, archive comment was not added.

4. "View as Unicode (UTF-8)" command in internal viewer did not work,
so UTF-8 files were displayed correctly only if their encoding
was detected by viewer automatically.

5. Maximum compression dictionary size when running in Windows XP x86
is reduced to 128 MB. WinRAR cannot allocate enough memory to
create archives with 256 MB dictionary in Windows XP x86.

6. Corrections in relative path processing, such as "..\arcname.rar" name
in archiving dialog or "WinRAR foldername" in the command line.
Quote: Version 5.00 beta 4

1. If archiving operation cannot allocate memory required for compression
dictionary, it automatically reduces the dictionary size.

2. Decompression algorithm can store the dictionary in several memory
blocks. It helps to unpack an archive on systems with high level
of memory heap fragmentation, when no single memory block
is large enough to fit the entire compression dictionary.

Source]]> <![CDATA[Avast! 8 Premier Test (SafeGroupVideo)]]> http://malwaretips.com/Thread-Avast-8-Premier-Test-SafeGroupVideo Sun, 19 May 2013 22:40:35 -0600 http://malwaretips.com/Thread-Avast-8-Premier-Test-SafeGroupVideo

]]>

]]> <![CDATA[Kaspersky Antivirus 2013 & Comodo Firewall Free Review (My IT Tech)]]> http://malwaretips.com/Thread-Kaspersky-Antivirus-2013-Comodo-Firewall-Free-Review-My-IT-Tech Sun, 19 May 2013 21:28:58 -0600 http://malwaretips.com/Thread-Kaspersky-Antivirus-2013-Comodo-Firewall-Free-Review-My-IT-Tech

]]>

]]> <![CDATA[Ashampoo Win Optimizer 9]]> http://malwaretips.com/Thread-Giveaway-Ashampoo-Win-Optimizer-9 Sun, 19 May 2013 19:57:24 -0600 http://malwaretips.com/Thread-Giveaway-Ashampoo-Win-Optimizer-9 http://www.ashampoo.com/frontend/registr...linktarget]]> http://www.ashampoo.com/frontend/registr...linktarget]]> <![CDATA[Nice forum]]> http://malwaretips.com/Thread-Nice-forum Sun, 19 May 2013 14:54:03 -0600 http://malwaretips.com/Thread-Nice-forum
Hello everyone Big Grin]]>
Hello everyone Big Grin]]> <![CDATA[Glary Utilities Professional Edition 3.3 Free Registration Code]]> http://malwaretips.com/Thread-Giveaway-Glary-Utilities-Professional-Edition-3-3-Free-Registration-Code Sun, 19 May 2013 14:20:35 -0600 http://malwaretips.com/Thread-Giveaway-Glary-Utilities-Professional-Edition-3-3-Free-Registration-Code
[Image: Glary+Utilities+Pro+3.1.0.96+Beta+Full+Serial.jpg]

you can download it using this direct link: gu3setup.exe [14.5 MB]
http://download.glarysoft.com/gu3setup.exe

- Install it. During installation, you do not need to enter any license. Just install it as freeware edition. After installation, run Glary Utilities 3. It will show you as free version.
- Click on the “Upgrade Now” button
- Registration window will open. The registration code is pre-filled, you only need to enter you name and press OK button.
- Your professional Edition of Glary Utilities 3.3 is now activated for lifetime (Expiration Date: Never).

Enjoy! Big Grin]]>
[Image: Glary+Utilities+Pro+3.1.0.96+Beta+Full+Serial.jpg]

you can download it using this direct link: gu3setup.exe [14.5 MB]
http://download.glarysoft.com/gu3setup.exe

- Install it. During installation, you do not need to enter any license. Just install it as freeware edition. After installation, run Glary Utilities 3. It will show you as free version.
- Click on the “Upgrade Now” button
- Registration window will open. The registration code is pre-filled, you only need to enter you name and press OK button.
- Your professional Edition of Glary Utilities 3.3 is now activated for lifetime (Expiration Date: Never).

Enjoy! Big Grin]]> <![CDATA[Inable to download anything. (Suspect ZeroAccess rootkit)]]> http://malwaretips.com/Thread-Inable-to-download-anything-Suspect-ZeroAccess-rootkit Sun, 19 May 2013 10:45:07 -0600 http://malwaretips.com/Thread-Inable-to-download-anything-Suspect-ZeroAccess-rootkit
I forgot to run the OTL Scan and the aswMBR scan, and will attatch them in a second post as soon as possible. Thank you for reading.]]>
I forgot to run the OTL Scan and the aswMBR scan, and will attatch them in a second post as soon as possible. Thank you for reading.]]> <![CDATA[Can't Install or Uninstall any programs]]> http://malwaretips.com/Thread-Can-t-Install-or-Uninstall-any-programs Sun, 19 May 2013 10:19:35 -0600 http://malwaretips.com/Thread-Can-t-Install-or-Uninstall-any-programs Here is the problem.
I have a laptop runing Windows XP. If I try to unistall programs, I get an error.
Internal Error 2203. C:\\WINDOWS\Installer\674d42.ipi,
-2147287035
And I also can't install any new programs.
Error
Setup was unable to create the directory "C:\DOCUME~1\*user name*"\LOCALS~1\Temp\is-OAKQB.tmp".
Error 5: Access is denied
Can someone please help me?]]> Here is the problem.
I have a laptop runing Windows XP. If I try to unistall programs, I get an error.
Internal Error 2203. C:\\WINDOWS\Installer\674d42.ipi,
-2147287035
And I also can't install any new programs.
Error
Setup was unable to create the directory "C:\DOCUME~1\*user name*"\LOCALS~1\Temp\is-OAKQB.tmp".
Error 5: Access is denied
Can someone please help me?]]> <![CDATA[Glad to be part of the community!]]> http://malwaretips.com/Thread-Glad-to-be-part-of-the-community Sun, 19 May 2013 09:59:54 -0600 http://malwaretips.com/Thread-Glad-to-be-part-of-the-community
I just registered here at MalwareTips.com. What encouraged me to register is because of the "Giveaways" forum, I want to be updated when a paid product will offer a extended trial or a free license, especially if it is an antivirus or system utility like defragger, system cleaner, etc. =D

Anyways, I have two questions....

1) How can I change me signature? I can't find it in 'edit profile' in the 'user control panel' tab

2) Is there anyway to permanently delete an account here at MalwareTips? I created an account with a misspelled username. I want to delete it since I'm not going to use it anyway. So is there anyway?]]>
I just registered here at MalwareTips.com. What encouraged me to register is because of the "Giveaways" forum, I want to be updated when a paid product will offer a extended trial or a free license, especially if it is an antivirus or system utility like defragger, system cleaner, etc. =D

Anyways, I have two questions....

1) How can I change me signature? I can't find it in 'edit profile' in the 'user control panel' tab

2) Is there anyway to permanently delete an account here at MalwareTips? I created an account with a misspelled username. I want to delete it since I'm not going to use it anyway. So is there anyway?]]>