Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
22find
Message
<blockquote data-quote="cleojhilred" data-source="post: 117947" data-attributes="member: 7703"><p>OTL logfile created on: 4/24/2013 10:58:06 PM - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Desktop</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>5.75 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 67.38% Memory free</p><p>11.49 Gb Paging File | 9.47 Gb Available in Paging File | 82.39% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 447.49 Gb Total Space | 402.87 Gb Free Space | 90.03% Space Free | Partition Type: NTFS</p><p>Drive D: | 17.97 Gb Total Space | 2.91 Gb Free Space | 16.20% Space Free | Partition Type: NTFS</p><p>Drive F: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32</p><p> </p><p>Computer Name: ANN-PC | User Name: ann | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\ann\Desktop\OTL (2).exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()</p><p>PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()</p><p>PRC - C:\Users\ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Sendori\SendoriUp.exe (Sendori, Inc.)</p><p>PRC - C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)</p><p>PRC - C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)</p><p>PRC - C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori)</p><p>PRC - C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori)</p><p>PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)</p><p>PRC - C:\Program Files (x86)\QType\QtypeSvc.exe (337 Technology Limited.)</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()</p><p>MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()</p><p>MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()</p><p>MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)</p><p>SRV:<strong>64bit:</strong> - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)</p><p>SRV:<strong>64bit:</strong> - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)</p><p>SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()</p><p>SRV - (Application Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)</p><p>SRV - (sndappv2) -- C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori)</p><p>SRV - (Service Sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (qtypesvc) -- C:\Program Files (x86)\QType\QtypeSvc.exe (337 Technology Limited.)</p><p>SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()</p><p>SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (IDT, Inc.)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found</p><p>DRV:<strong>64bit:</strong> - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)</p><p>DRV:<strong>64bit:</strong> - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV:<strong>64bit:</strong> - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )</p><p>DRV:<strong>64bit:</strong> - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)</p><p>DRV:<strong>64bit:</strong> - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)</p><p>DRV:<strong>64bit:</strong> - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)</p><p>DRV:<strong>64bit:</strong> - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)</p><p>DRV:<strong>64bit:</strong> - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)</p><p>DRV:<strong>64bit:</strong> - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)</p><p>DRV:<strong>64bit:</strong> - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)</p><p>DRV:<strong>64bit:</strong> - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)</p><p>DRV:<strong>64bit:</strong> - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)</p><p>DRV:<strong>64bit:</strong> - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)</p><p>DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com</p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKLM\..\URLSearchHook: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found</p><p>IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found</p><p>IE - HKLM\..\SearchScopes,DefaultScope = </p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = </p><p>IE - HKU\.DEFAULT\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = </p><p>IE - HKU\S-1-5-18\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}</p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </p><p> </p><p>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </p><p> </p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C9 BB 33 51 40 CE 01 [binary data]</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.useDBForOrder: true</p><p>FF - user.js - File not found</p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)</p><p>FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)</p><p> </p><p>64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/03/19 17:39:30 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013/03/07 23:37:35 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013/03/07 23:37:41 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/17 06:43:32 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/17 06:43:32 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/01 21:41:54 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</p><p> </p><p>[2013/03/08 11:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Extensions</p><p>[2013/04/23 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions</p><p>[2013/04/21 00:00:01 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\{0af29dea-0cd3-4784-9542-14199891c518}</p><p>[2013/03/21 19:58:05 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\kgcngo@xmmomglptujvwxntife.org</p><p>[2013/03/15 20:09:15 | 000,425,159 | ---- | M] () (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\toolbar_ASI-G@apn.ask.com.xpi</p><p>[2013/03/16 01:21:11 | 000,363,480 | ---- | M] () (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\toolbar_ASI-SAT@apn.ask.com.xpi</p><p>[2013/04/23 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions</p><p>[2013/03/23 08:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}</p><p>[2013/03/21 19:58:36 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com</p><p>[2013/03/21 19:58:03 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org</p><p>[2013/01/24 07:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com\content</p><p>[2013/01/24 07:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com\defaults</p><p>[2013/03/19 17:39:30 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{A3D0E35F-F1DA-4CCB-AE77-E9D27777E68D}</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\CROSSRIDERAPP21058@CROSSRIDER.COM</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PLAYBRYTE_EXT@PLAYBRYTE.COM</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PLUGIN@SELECTIONLINKS.COM</p><p>File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PRICEPEEP@GETPRICEPEEP.COM.XPI</p><p>[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll</p><p>[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml</p><p>[2013/04/21 00:19:13 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdlpdpdijakmamhddfchlohfnofahbb\4.3_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\crossrider</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.8_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\.svn\text-base\.svn-base</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdlpdpdijakmamhddfchlohfnofahbb\4.3_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\crossrider</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.8_1\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\.svn\text-base\.svn-base</p><p>CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2:<strong>64bit:</strong> - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\ann\AppData\Local\DownloadTerms\temp.dat File not found</p><p>O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)</p><p>O2 - BHO: (no name) - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found.</p><p>O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found</p><p>O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)</p><p>O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {67097627-FD8E-4F6B-AF4B-ECB65E50112E} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No CLSID value found.</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()</p><p>O4:<strong>64bit:</strong> - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)</p><p>O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)</p><p>O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)</p><p>O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)</p><p>O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)</p><p>O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()</p><p>O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)</p><p>O4 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000..\Run: [SkyDrive] C:\Users\ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)</p><p>O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found</p><p>O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found</p><p>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found</p><p>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O7 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8453CD18-8863-4E15-8852-9F1631F69F0D}: DhcpNameServer = 192.168.1.254</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8453CD18-8863-4E15-8852-9F1631F69F0D}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.254</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2013/03/12 23:19:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/04/24 22:56:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ann\Desktop\OTL (2).exe</p><p>[2013/04/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\HP Support Assistant</p><p>[2013/04/23 13:43:24 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\ann\Desktop\JRT.exe</p><p>[2013/04/23 13:42:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT</p><p>[2013/04/23 13:42:16 | 000,000,000 | ---D | C] -- C:\JRT</p><p>[2013/04/23 13:33:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\AVG Secure Search</p><p>[2013/04/22 20:28:20 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ann\Desktop\iexplore.exe.exe</p><p>[2013/04/21 23:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard</p><p>[2013/04/21 18:53:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Malwarebytes</p><p>[2013/04/21 18:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/04/21 18:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/04/21 18:53:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2013/04/21 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2013/04/21 18:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap</p><p>[2013/04/21 17:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive</p><p>[2013/04/21 17:30:21 | 000,000,000 | R--D | C] -- C:\Users\ann\SkyDrive</p><p>[2013/04/21 17:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive</p><p>[2013/04/21 16:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared</p><p>[2013/04/21 00:20:40 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013</p><p>[2013/04/21 00:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>[2013/04/21 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software</p><p>[2013/04/21 00:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar</p><p>[2013/04/21 00:16:57 | 000,000,000 | -H-D | C] -- C:\$AVG</p><p>[2013/04/21 00:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013</p><p>[2013/04/21 00:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG</p><p>[2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData</p><p>[2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</p><p>[2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013</p><p>[2013/04/20 17:49:18 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\ann\AppData\Local\log4cxx.dll</p><p>[2013/04/10 03:01:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll</p><p>[2013/04/10 03:01:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll</p><p>[2013/04/10 03:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll</p><p>[2013/04/10 03:01:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll</p><p>[2013/04/10 03:01:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe</p><p>[2013/04/10 03:01:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe</p><p>[2013/04/10 03:01:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll</p><p>[2013/04/10 03:01:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll</p><p>[2013/04/10 03:01:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll</p><p>[2013/04/10 03:01:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl</p><p>[2013/04/10 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl</p><p>[2013/04/10 03:01:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll</p><p>[2013/04/10 03:01:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll</p><p>[2013/04/10 03:01:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll</p><p>[2013/04/10 03:01:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll</p><p>[2013/04/10 02:42:39 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll</p><p>[2013/04/10 02:42:38 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll</p><p>[2013/04/10 02:42:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll</p><p>[2013/04/10 02:42:37 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll</p><p>[2013/04/10 02:42:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll</p><p>[2013/04/10 02:42:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll</p><p>[2013/04/10 02:37:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe</p><p>[2013/04/10 02:37:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe</p><p>[2013/04/10 02:37:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe</p><p>[2013/04/10 02:37:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe</p><p>[2013/04/10 02:37:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll</p><p>[2013/04/10 02:37:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll</p><p>[2013/04/01 18:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed</p><p>[2013/03/30 19:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/04/24 23:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/04/24 23:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/04/24 22:56:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Desktop\OTL (2).exe</p><p>[2013/04/24 22:52:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/04/24 22:52:28 | 332,550,143 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/04/24 22:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/04/23 13:43:24 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\ann\Desktop\JRT.exe</p><p>[2013/04/23 13:31:12 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForann.job</p><p>[2013/04/23 13:28:10 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat</p><p>[2013/04/23 13:27:39 | 000,001,162 | ---- | M] () -- C:\Users\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk</p><p>[2013/04/23 13:27:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>[2013/04/22 20:28:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ann\Desktop\iexplore.exe.exe</p><p>[2013/04/22 16:52:58 | 000,000,512 | ---- | M] () -- C:\Users\ann\Desktop\MBR.dat</p><p>[2013/04/22 12:31:37 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys</p><p>[2013/04/21 18:53:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/04/21 18:43:26 | 201,684,712 | ---- | M] () -- C:\Users\ann\Desktop\CL.5.0.2705.24349__YUC121219-05.exe</p><p>[2013/04/21 17:20:52 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI</p><p>[2013/04/21 17:20:52 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat</p><p>[2013/04/21 17:20:52 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat</p><p>[2013/04/21 00:19:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk</p><p>[2013/04/20 17:40:38 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog</p><p>[2013/04/20 17:36:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\29273d593f31_c</p><p>[2013/04/20 17:03:25 | 000,000,258 | RHS- | M] () -- C:\Users\ann\ntuser.pol</p><p>[2013/04/16 19:11:08 | 000,325,920 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll</p><p>[2013/04/10 03:25:43 | 000,274,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT</p><p>[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys</p><p>[2013/04/01 18:56:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe</p><p>[2013/04/01 18:56:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/04/23 13:27:26 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat</p><p>[2013/04/22 16:52:58 | 000,000,512 | ---- | C] () -- C:\Users\ann\Desktop\MBR.dat</p><p>[2013/04/22 14:10:27 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForann.job</p><p>[2013/04/21 18:53:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/04/21 18:40:48 | 201,684,712 | ---- | C] () -- C:\Users\ann\Desktop\CL.5.0.2705.24349__YUC121219-05.exe</p><p>[2013/04/21 17:30:21 | 000,002,148 | ---- | C] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk</p><p>[2013/04/21 00:19:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk</p><p>[2013/04/20 17:49:18 | 000,196,608 | ---- | C] () -- C:\Users\ann\AppData\Local\common_functions.dll</p><p>[2013/04/20 17:36:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\29273d593f31_c</p><p>[2013/04/01 18:56:39 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog</p><p>[2013/04/01 18:56:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/03/21 19:58:57 | 000,000,258 | RHS- | C] () -- C:\Users\ann\ntuser.pol</p><p>[2013/03/11 14:29:34 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI</p><p>[2013/03/07 22:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin</p><p>[2013/03/07 22:51:13 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini</p><p>[2013/03/07 22:51:13 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini</p><p>[2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Users\ann\AppData\Local\ie_runner_app.exe</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/04/21 00:20:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013</p><p>[2013/03/23 02:10:25 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\eDownload</p><p>[2013/03/13 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Exent Technologies</p><p>[2013/03/23 02:10:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\GoPlayer</p><p>[2013/04/21 00:19:15 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />346F792</p><p>@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="cleojhilred, post: 117947, member: 7703"] OTL logfile created on: 4/24/2013 10:58:06 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ann\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 3.87 Gb Available Physical Memory | 67.38% Memory free 11.49 Gb Paging File | 9.47 Gb Available in Paging File | 82.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.49 Gb Total Space | 402.87 Gb Free Space | 90.03% Space Free | Partition Type: NTFS Drive D: | 17.97 Gb Total Space | 2.91 Gb Free Space | 16.20% Space Free | Partition Type: NTFS Drive F: | 99.02 Mb Total Space | 92.43 Mb Free Space | 93.34% Space Free | Partition Type: FAT32 Computer Name: ANN-PC | User Name: ann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\ann\Desktop\OTL (2).exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () PRC - C:\Users\ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Sendori\SendoriUp.exe (Sendori, Inc.) PRC - C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.) PRC - C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.) PRC - C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori) PRC - C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\QType\QtypeSvc.exe (337 Technology Limited.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:[b]64bit:[/b] - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:[b]64bit:[/b] - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation) SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe () SRV - (Application Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.) SRV - (sndappv2) -- C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori) SRV - (Service Sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (qtypesvc) -- C:\Program Files (x86)\QType\QtypeSvc.exe (337 Technology Limited.) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:[b]64bit:[/b] - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:[b]64bit:[/b] - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:[b]64bit:[/b] - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:[b]64bit:[/b] - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:[b]64bit:[/b] - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:[b]64bit:[/b] - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:[b]64bit:[/b] - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:[b]64bit:[/b] - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:[b]64bit:[/b] - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\URLSearchHook: {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 C9 BB 33 51 40 CE 01 [binary data] IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/03/19 17:39:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2013/03/07 23:37:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013/03/07 23:37:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/17 06:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/17 06:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/01 21:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 11:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Extensions [2013/04/23 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions [2013/04/21 00:00:01 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\{0af29dea-0cd3-4784-9542-14199891c518} [2013/03/21 19:58:05 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\kgcngo@xmmomglptujvwxntife.org [2013/03/15 20:09:15 | 000,425,159 | ---- | M] () (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\toolbar_ASI-G@apn.ask.com.xpi [2013/03/16 01:21:11 | 000,363,480 | ---- | M] () (No name found) -- C:\Users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\6a32jyo3.default\extensions\toolbar_ASI-SAT@apn.ask.com.xpi [2013/04/23 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/03/23 08:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013/03/21 19:58:36 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com [2013/03/21 19:58:03 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2013/01/24 07:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com\content [2013/01/24 07:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\extension@FastFreeConverter.com\defaults [2013/03/19 17:39:30 | 000,000,000 | ---D | M] (Updater By SweetPacks) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{A3D0E35F-F1DA-4CCB-AE77-E9D27777E68D} File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\CROSSRIDERAPP21058@CROSSRIDER.COM File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PLAYBRYTE_EXT@PLAYBRYTE.COM File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PLUGIN@SELECTIONLINKS.COM File not found (No name found) -- C:\USERS\ANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6A32JYO3.DEFAULT\EXTENSIONS\PRICEPEEP@GETPRICEPEEP.COM.XPI [2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/04/21 00:19:13 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdlpdpdijakmamhddfchlohfnofahbb\4.3_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\crossrider CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.8_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\.svn\text-base\.svn-base CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdlpdpdijakmamhddfchlohfnofahbb\4.3_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\crossrider CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiekonljbeipfklhchhdjddejaennfnl\1.23.75_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.8_1\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\ CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaihlgfkkhnflpijnnbhkmkcpjhnpel\1.4_0\.svn\text-base\.svn-base CHR - Extension: No name found = C:\Users\ann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll () O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\ann\AppData\Local\DownloadTerms\temp.dat File not found O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (no name) - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No CLSID value found. O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL File not found O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {67097627-FD8E-4F6B-AF4B-ECB65E50112E} - No CLSID value found. O3 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\..\Toolbar\WebBrowser: (no name) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000..\Run: [SkyDrive] C:\Users\ann\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-47251086-2544900640-1172179381-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8453CD18-8863-4E15-8852-9F1631F69F0D}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8453CD18-8863-4E15-8852-9F1631F69F0D}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.254 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/03/12 23:19:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/24 22:56:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ann\Desktop\OTL (2).exe [2013/04/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\HP Support Assistant [2013/04/23 13:43:24 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\ann\Desktop\JRT.exe [2013/04/23 13:42:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/04/23 13:42:16 | 000,000,000 | ---D | C] -- C:\JRT [2013/04/23 13:33:23 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\AVG Secure Search [2013/04/22 20:28:20 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ann\Desktop\iexplore.exe.exe [2013/04/21 23:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013/04/21 18:53:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\Malwarebytes [2013/04/21 18:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/21 18:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/21 18:53:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/21 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/04/21 18:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013/04/21 17:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013/04/21 17:30:21 | 000,000,000 | R--D | C] -- C:\Users\ann\SkyDrive [2013/04/21 17:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013/04/21 16:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/04/21 00:20:40 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\AVG2013 [2013/04/21 00:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/04/21 00:19:15 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Roaming\TuneUp Software [2013/04/21 00:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar [2013/04/21 00:16:57 | 000,000,000 | -H-D | C] -- C:\$AVG [2013/04/21 00:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013/04/21 00:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\MFAData [2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/04/21 00:13:16 | 000,000,000 | ---D | C] -- C:\Users\ann\AppData\Local\Avg2013 [2013/04/20 17:49:18 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\ann\AppData\Local\log4cxx.dll [2013/04/10 03:01:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/10 03:01:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/10 03:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/10 03:01:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/10 03:01:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/10 03:01:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/10 03:01:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/10 03:01:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/10 03:01:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/10 03:01:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/10 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/10 03:01:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/10 03:01:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/10 03:01:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/10 03:01:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/04/10 02:42:39 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/10 02:42:38 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/10 02:42:37 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013/04/10 02:42:37 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013/04/10 02:42:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013/04/10 02:42:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013/04/10 02:37:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/04/10 02:37:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/04/10 02:37:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/04/10 02:37:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/04/10 02:37:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/04/10 02:37:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/04/01 18:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013/03/30 19:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/04/24 23:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/24 23:01:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/24 22:56:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ann\Desktop\OTL (2).exe [2013/04/24 22:52:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/24 22:52:28 | 332,550,143 | -HS- | M] () -- C:\hiberfil.sys [2013/04/24 22:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/23 13:43:24 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\ann\Desktop\JRT.exe [2013/04/23 13:31:12 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForann.job [2013/04/23 13:28:10 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/04/23 13:27:39 | 000,001,162 | ---- | M] () -- C:\Users\ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/23 13:27:39 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/04/22 20:28:25 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ann\Desktop\iexplore.exe.exe [2013/04/22 16:52:58 | 000,000,512 | ---- | M] () -- C:\Users\ann\Desktop\MBR.dat [2013/04/22 12:31:37 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/04/21 18:53:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/21 18:43:26 | 201,684,712 | ---- | M] () -- C:\Users\ann\Desktop\CL.5.0.2705.24349__YUC121219-05.exe [2013/04/21 17:20:52 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/21 17:20:52 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/21 17:20:52 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/21 00:19:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/04/20 17:40:38 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/04/20 17:36:45 | 000,000,000 | ---- | M] () -- C:\ProgramData\29273d593f31_c [2013/04/20 17:03:25 | 000,000,258 | RHS- | M] () -- C:\Users\ann\ntuser.pol [2013/04/16 19:11:08 | 000,325,920 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll [2013/04/10 03:25:43 | 000,274,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/01 18:56:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/01 18:56:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/04/23 13:27:26 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/04/22 16:52:58 | 000,000,512 | ---- | C] () -- C:\Users\ann\Desktop\MBR.dat [2013/04/22 14:10:27 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForann.job [2013/04/21 18:53:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/21 18:40:48 | 201,684,712 | ---- | C] () -- C:\Users\ann\Desktop\CL.5.0.2705.24349__YUC121219-05.exe [2013/04/21 17:30:21 | 000,002,148 | ---- | C] () -- C:\Users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013/04/21 00:19:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013/04/20 17:49:18 | 000,196,608 | ---- | C] () -- C:\Users\ann\AppData\Local\common_functions.dll [2013/04/20 17:36:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\29273d593f31_c [2013/04/01 18:56:39 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013/04/01 18:56:15 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/21 19:58:57 | 000,000,258 | RHS- | C] () -- C:\Users\ann\ntuser.pol [2013/03/11 14:29:34 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/03/07 22:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013/03/07 22:51:13 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2013/03/07 22:51:13 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Users\ann\AppData\Local\ie_runner_app.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/04/21 00:20:40 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\AVG2013 [2013/03/23 02:10:25 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\eDownload [2013/03/13 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\Exent Technologies [2013/03/23 02:10:20 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\GoPlayer [2013/04/21 00:19:15 | 000,000,000 | ---D | M] -- C:\Users\ann\AppData\Roaming\TuneUp Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D346F792 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
