Please help me! I'm using an HP Mini with Windows 7 Starter and I need to be able to use it again because I need to finish work and school items. Anything you can do to help me would be greatly appreciated!!!
FBI/Moneypak Virus Help
- Thread starter mooseboy
- Start date
- Status
- Oct 5, 2012
- 2,697
Hi and welcome to the malwaretips.com forums!
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.
For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.
For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Click on Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account and click Next.
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your flash drive letter and close the notepad.
- In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive. - The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.
Hi! Thanks for your help! Sorry I've been at work, couldn't respond! Here is the log from the scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 24 days old)
Ran by SYSTEM at 06-04-2013 00:17:34
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [] [x]
HKU\john\...\Winlogon: [Shell] explorer.exe,C:\Users\john\AppData\Roaming\skype.dat [90112 2011-11-16] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a4e68e8294a0c01a2bae5bbd162b8937\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) ===================
3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-04-12] (DeviceVM, Inc.)
3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [238328 2010-01-04] (WildTangent, Inc.)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-04-05] (SurfRight B.V.)
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [121344 2010-03-24] (Hewlett-Packard)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [103992 2010-04-05] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
2 xpssvc; "C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe" [699720 2010-04-12] (Skyhook Wireless)
2 HitmanPro37CrusaderBoot; "C:\HitmanPro.exe" /crusader:boot [x]
==================== Drivers (Whitelisted) ====================
1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [30616 2013-04-05] ()
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-03-02] (Skyhook Wireless)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-06 00:17 - 2013-04-06 00:17 - 00000000 ____D C:\FRST
2013-04-05 12:21 - 2013-04-05 12:42 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-05 12:19 - 2013-04-05 12:19 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 11:14 - 2013-04-05 12:15 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-05 11:08 - 2013-04-05 12:19 - 00000576 ____A C:\Windows\System32\.crusader
2013-04-05 11:00 - 2013-04-05 11:14 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-05 10:59 - 2013-04-05 11:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-05 10:05 - 2013-04-05 11:41 - 00000000 ____D C:\Windows\pss
2013-04-05 09:49 - 2013-04-05 09:49 - 00002066 ____A C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk
2013-04-05 09:43 - 2013-04-05 21:10 - 00000004 ____A C:\Users\john\AppData\Roaming\skype.ini
2013-04-05 09:41 - 2013-04-05 09:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-05 09:39 - 2013-04-05 09:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-05 09:39 - 2013-04-05 09:39 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-05 09:39 - 2013-04-05 09:39 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-05 09:38 - 2013-04-05 09:49 - 00000000 __SHD C:\Users\john\AppData\Roaming\s8bNAaLOnQA
2013-04-05 09:38 - 2013-04-05 09:38 - 00000000 ____D C:\ProgramData\IBank
2013-04-05 09:37 - 2013-04-05 09:59 - 00006542 ____A C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx
2013-04-05 09:37 - 2013-04-05 09:49 - 00000000 ____D C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0
2013-04-05 09:37 - 2013-04-05 09:37 - 00745472 ____A (Time Technology Ltd.) C:\Users\john\AppData\Roaming\apcapi.dll
2013-04-05 09:37 - 2013-04-05 09:37 - 00487424 ____A (INC.) C:\Users\john\AppData\Roaming\neudv.dll
2013-04-05 09:36 - 2013-04-05 09:36 - 00186368 ____A (BIGDOG) C:\Users\john\AppData\Roaming\udnet.dll
2013-03-26 20:02 - 2013-04-02 09:05 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstallLogin_john.job
2013-03-26 20:02 - 2013-04-02 09:05 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstall_john.job
2013-03-17 16:12 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-12 20:09 - 2013-02-28 05:37 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 06032384 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 02078208 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-12 20:08 - 2013-02-28 03:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-10 16:06 - 2013-03-10 22:42 - 00000000 ____D C:\Users\john\Desktop\moviess
==================== One Month Modified Files and Folders ========
2013-04-06 00:17 - 2013-04-06 00:17 - 00000000 ____D C:\FRST
2013-04-05 21:10 - 2013-04-05 09:43 - 00000004 ____A C:\Users\john\AppData\Roaming\skype.ini
2013-04-05 21:10 - 2010-06-12 23:32 - 01250452 ____A C:\Windows\WindowsUpdate.log
2013-04-05 12:48 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-05 12:48 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-05 12:42 - 2013-04-05 12:21 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-05 12:40 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 12:40 - 2009-07-13 20:39 - 00053271 ____A C:\Windows\setupact.log
2013-04-05 12:19 - 2013-04-05 12:19 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 12:19 - 2013-04-05 11:08 - 00000576 ____A C:\Windows\System32\.crusader
2013-04-05 12:15 - 2013-04-05 11:14 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-05 11:41 - 2013-04-05 10:05 - 00000000 ____D C:\Windows\pss
2013-04-05 11:14 - 2013-04-05 11:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-05 11:08 - 2013-04-05 10:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-05 11:06 - 2009-09-06 15:02 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 10:00 - 2011-03-20 20:38 - 00000000 ____D C:\Users\john\Tracing
2013-04-05 10:00 - 2010-08-01 16:15 - 00000000 ____D C:\Users\john\AppData\Roaming\ZumoDrive
2013-04-05 09:59 - 2013-04-05 09:37 - 00006542 ____A C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx
2013-04-05 09:49 - 2013-04-05 09:49 - 00002066 ____A C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk
2013-04-05 09:49 - 2013-04-05 09:38 - 00000000 __SHD C:\Users\john\AppData\Roaming\s8bNAaLOnQA
2013-04-05 09:49 - 2013-04-05 09:37 - 00000000 ____D C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0
2013-04-05 09:48 - 2013-04-05 09:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-05 09:41 - 2013-04-05 09:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-05 09:39 - 2013-04-05 09:39 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-05 09:39 - 2013-04-05 09:39 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-05 09:38 - 2013-04-05 09:38 - 00000000 ____D C:\ProgramData\IBank
2013-04-05 09:37 - 2013-04-05 09:37 - 00745472 ____A (Time Technology Ltd.) C:\Users\john\AppData\Roaming\apcapi.dll
2013-04-05 09:37 - 2013-04-05 09:37 - 00487424 ____A (INC.) C:\Users\john\AppData\Roaming\neudv.dll
2013-04-05 09:36 - 2013-04-05 09:36 - 00186368 ____A (BIGDOG) C:\Users\john\AppData\Roaming\udnet.dll
2013-04-04 12:04 - 2011-08-16 20:15 - 00000000 ____D C:\ProgramData\Recovery
2013-04-02 13:34 - 2010-08-03 18:49 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-02 09:05 - 2013-03-26 20:02 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstallLogin_john.job
2013-04-02 09:05 - 2013-03-26 20:02 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstall_john.job
2013-03-18 00:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-03-17 18:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-03-17 16:00 - 2010-05-05 20:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-15 08:30 - 2010-08-03 18:32 - 00000000 ____D C:\Users\john\AppData\Local\Google
2013-03-13 00:04 - 2010-08-03 03:50 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 00:04 - 2010-05-05 18:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-11 22:54 - 2010-08-03 18:32 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-11 19:54 - 2010-08-03 18:32 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-10 22:42 - 2013-03-10 16:06 - 00000000 ____D C:\Users\john\Desktop\moviess
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 1011.9 MB
Available physical RAM: 534.19 MB
Total Pagefile: 1011.9 MB
Available Pagefile: 538.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:133.54 GB) (Free:75.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.22 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (DAVID HANNA) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7663 MB 0 B
Partitions of Disk 0:
===============
Disk ID: ED436F61
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 133 GB 200 MB
Partition 3 Primary 15 GB 133 GB
Partition 4 Primary 102 MB 148 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 133 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 15 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP_TOOLS FAT32 Partition 102 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: 39AAC1FD
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7663 MB 31 KB
=========================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G DAVID HANNA FAT32 Removable 7663 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: ED436F61
Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB
Partition 2:
=========
Hex: 007E261907FEFFFF004006000020B110
Active: NO
Type: 07 (NTFS)
Size: 134 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0060B7100000E701
Active: NO
Type: 07 (NTFS)
Size: 15 GB
Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF00609E12B0360300
Active: NO
Type: 0C
Size: 103 MB
==============================
Partitions of Disk 1:
===============
Disk ID: 39AAC1FD
Partition 1:
=========
Hex: 800101000BFEFFD03F000000917EEF00
Active: YES
Type: 0B
Size: 7 GB
Last Boot: 2010-09-03 17:20
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 24 days old)
Ran by SYSTEM at 06-04-2013 00:17:34
Running from G:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet002
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [] [x]
HKU\john\...\Winlogon: [Shell] explorer.exe,C:\Users\john\AppData\Roaming\skype.dat [90112 2011-11-16] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a4e68e8294a0c01a2bae5bbd162b8937\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
==================== Services (Whitelisted) ===================
3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
2 DvmMDES; "C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe" [338168 2010-04-12] (DeviceVM, Inc.)
3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [238328 2010-01-04] (WildTangent, Inc.)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-04-05] (SurfRight B.V.)
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [121344 2010-03-24] (Hewlett-Packard)
2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [103992 2010-04-05] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26168 2010-04-09] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
2 xpssvc; "C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe" [699720 2010-04-12] (Skyhook Wireless)
2 HitmanPro37CrusaderBoot; "C:\HitmanPro.exe" /crusader:boot [x]
==================== Drivers (Whitelisted) ====================
1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [30616 2013-04-05] ()
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [228896 2010-04-20] (Realtek Semiconductor Corp.)
3 XPSVCOM; C:\Windows\System32\DRIVERS\XPSVCOM.sys [12416 2010-03-02] (Skyhook Wireless)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-04-06 00:17 - 2013-04-06 00:17 - 00000000 ____D C:\FRST
2013-04-05 12:21 - 2013-04-05 12:42 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-05 12:19 - 2013-04-05 12:19 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 11:14 - 2013-04-05 12:15 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-05 11:08 - 2013-04-05 12:19 - 00000576 ____A C:\Windows\System32\.crusader
2013-04-05 11:00 - 2013-04-05 11:14 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-05 10:59 - 2013-04-05 11:08 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-05 10:05 - 2013-04-05 11:41 - 00000000 ____D C:\Windows\pss
2013-04-05 09:49 - 2013-04-05 09:49 - 00002066 ____A C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk
2013-04-05 09:43 - 2013-04-05 21:10 - 00000004 ____A C:\Users\john\AppData\Roaming\skype.ini
2013-04-05 09:41 - 2013-04-05 09:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-05 09:39 - 2013-04-05 09:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-05 09:39 - 2013-04-05 09:39 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-05 09:39 - 2013-04-05 09:39 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-05 09:38 - 2013-04-05 09:49 - 00000000 __SHD C:\Users\john\AppData\Roaming\s8bNAaLOnQA
2013-04-05 09:38 - 2013-04-05 09:38 - 00000000 ____D C:\ProgramData\IBank
2013-04-05 09:37 - 2013-04-05 09:59 - 00006542 ____A C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx
2013-04-05 09:37 - 2013-04-05 09:49 - 00000000 ____D C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0
2013-04-05 09:37 - 2013-04-05 09:37 - 00745472 ____A (Time Technology Ltd.) C:\Users\john\AppData\Roaming\apcapi.dll
2013-04-05 09:37 - 2013-04-05 09:37 - 00487424 ____A (INC.) C:\Users\john\AppData\Roaming\neudv.dll
2013-04-05 09:36 - 2013-04-05 09:36 - 00186368 ____A (BIGDOG) C:\Users\john\AppData\Roaming\udnet.dll
2013-03-26 20:02 - 2013-04-02 09:05 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstallLogin_john.job
2013-03-26 20:02 - 2013-04-02 09:05 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstall_john.job
2013-03-17 16:12 - 2013-02-11 19:32 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-12 20:09 - 2013-02-28 05:37 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 06032384 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 02078208 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-12 20:09 - 2013-02-28 05:37 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-12 20:08 - 2013-02-28 05:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-12 20:08 - 2013-02-28 03:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-10 16:06 - 2013-03-10 22:42 - 00000000 ____D C:\Users\john\Desktop\moviess
==================== One Month Modified Files and Folders ========
2013-04-06 00:17 - 2013-04-06 00:17 - 00000000 ____D C:\FRST
2013-04-05 21:10 - 2013-04-05 09:43 - 00000004 ____A C:\Users\john\AppData\Roaming\skype.ini
2013-04-05 21:10 - 2010-06-12 23:32 - 01250452 ____A C:\Windows\WindowsUpdate.log
2013-04-05 12:48 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-05 12:48 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-05 12:42 - 2013-04-05 12:21 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-04-05 12:40 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 12:40 - 2009-07-13 20:39 - 00053271 ____A C:\Windows\setupact.log
2013-04-05 12:19 - 2013-04-05 12:19 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 12:19 - 2013-04-05 11:08 - 00000576 ____A C:\Windows\System32\.crusader
2013-04-05 12:15 - 2013-04-05 11:14 - 00001821 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-05 11:41 - 2013-04-05 10:05 - 00000000 ____D C:\Windows\pss
2013-04-05 11:14 - 2013-04-05 11:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-05 11:08 - 2013-04-05 10:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-04-05 11:06 - 2009-09-06 15:02 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 10:00 - 2011-03-20 20:38 - 00000000 ____D C:\Users\john\Tracing
2013-04-05 10:00 - 2010-08-01 16:15 - 00000000 ____D C:\Users\john\AppData\Roaming\ZumoDrive
2013-04-05 09:59 - 2013-04-05 09:37 - 00006542 ____A C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx
2013-04-05 09:49 - 2013-04-05 09:49 - 00002066 ____A C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk
2013-04-05 09:49 - 2013-04-05 09:38 - 00000000 __SHD C:\Users\john\AppData\Roaming\s8bNAaLOnQA
2013-04-05 09:49 - 2013-04-05 09:37 - 00000000 ____D C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0
2013-04-05 09:48 - 2013-04-05 09:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-05 09:41 - 2013-04-05 09:41 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-05 09:39 - 2013-04-05 09:39 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-05 09:39 - 2013-04-05 09:39 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-05 09:38 - 2013-04-05 09:38 - 00000000 ____D C:\ProgramData\IBank
2013-04-05 09:37 - 2013-04-05 09:37 - 00745472 ____A (Time Technology Ltd.) C:\Users\john\AppData\Roaming\apcapi.dll
2013-04-05 09:37 - 2013-04-05 09:37 - 00487424 ____A (INC.) C:\Users\john\AppData\Roaming\neudv.dll
2013-04-05 09:36 - 2013-04-05 09:36 - 00186368 ____A (BIGDOG) C:\Users\john\AppData\Roaming\udnet.dll
2013-04-04 12:04 - 2011-08-16 20:15 - 00000000 ____D C:\ProgramData\Recovery
2013-04-02 13:34 - 2010-08-03 18:49 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-02 09:05 - 2013-03-26 20:02 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstallLogin_john.job
2013-04-02 09:05 - 2013-03-26 20:02 - 00000370 ____A C:\Windows\Tasks\ReclaimerResumeInstall_john.job
2013-03-18 00:16 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-03-17 18:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2013-03-17 16:00 - 2010-05-05 20:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-15 08:30 - 2010-08-03 18:32 - 00000000 ____D C:\Users\john\AppData\Local\Google
2013-03-13 00:04 - 2010-08-03 03:50 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 00:04 - 2010-05-05 18:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-11 22:54 - 2010-08-03 18:32 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-11 19:54 - 2010-08-03 18:32 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-10 22:42 - 2013-03-10 16:06 - 00000000 ____D C:\Users\john\Desktop\moviess
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 1011.9 MB
Available physical RAM: 534.19 MB
Total Pagefile: 1011.9 MB
Available Pagefile: 538.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:133.54 GB) (Free:75.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.22 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (DAVID HANNA) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 7663 MB 0 B
Partitions of Disk 0:
===============
Disk ID: ED436F61
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 133 GB 200 MB
Partition 3 Primary 15 GB 133 GB
Partition 4 Primary 102 MB 148 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM NTFS Partition 199 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 133 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 15 GB Healthy
=========================================================
Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP_TOOLS FAT32 Partition 102 MB Healthy
=========================================================
Partitions of Disk 1:
===============
Disk ID: 39AAC1FD
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7663 MB 31 KB
=========================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G DAVID HANNA FAT32 Removable 7663 MB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: ED436F61
Partition 1:
=========
Hex: 80202100077E25190008000000380600
Active: YES
Type: 07 (NTFS)
Size: 199 MB
Partition 2:
=========
Hex: 007E261907FEFFFF004006000020B110
Active: NO
Type: 07 (NTFS)
Size: 134 GB
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0060B7100000E701
Active: NO
Type: 07 (NTFS)
Size: 15 GB
Partition 4:
=========
Hex: 00FEFFFF0CFEFFFF00609E12B0360300
Active: NO
Type: 0C
Size: 103 MB
==============================
Partitions of Disk 1:
===============
Disk ID: 39AAC1FD
Partition 1:
=========
Hex: 800101000BFEFFD03F000000917EEF00
Active: YES
Type: 0B
Size: 7 GB
Last Boot: 2010-09-03 17:20
==================== End Of Log ============================
Okay, here is the new log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013
Ran by SYSTEM at 2013-04-06 11:23:15 Run:1
Running from G:\
==============================================
HKEY_USERS\john\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk moved successfully.
C:\Users\john\AppData\Roaming\skype.ini moved successfully.
C:\Users\john\AppData\Roaming\s8bNAaLOnQA moved successfully.
C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx moved successfully.
C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0 moved successfully.
C:\Users\john\AppData\Roaming\apcapi.dll moved successfully.
C:\Users\john\AppData\Roaming\neudv.dll moved successfully.
C:\Users\john\AppData\Roaming\udnet.dll moved successfully.
C:\Users\john\AppData\Roaming\skype.ini not found.
C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx not found.
C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk not found.
C:\Users\john\AppData\Roaming\s8bNAaLOnQA not found.
C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0 not found.
C:\Users\john\AppData\Roaming\apcapi.dll not found.
C:\Users\john\AppData\Roaming\neudv.dll not found.
C:\Users\john\AppData\Roaming\udnet.dll not found.
==== End of Fixlog ====
I booted Windows normally and it actually loaded this time!! Thanks so much! I'm wondering now if I should do a Malwarebytes Anti-Malware scan?
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013
Ran by SYSTEM at 2013-04-06 11:23:15 Run:1
Running from G:\
==============================================
HKEY_USERS\john\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk moved successfully.
C:\Users\john\AppData\Roaming\skype.ini moved successfully.
C:\Users\john\AppData\Roaming\s8bNAaLOnQA moved successfully.
C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx moved successfully.
C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0 moved successfully.
C:\Users\john\AppData\Roaming\apcapi.dll moved successfully.
C:\Users\john\AppData\Roaming\neudv.dll moved successfully.
C:\Users\john\AppData\Roaming\udnet.dll moved successfully.
C:\Users\john\AppData\Roaming\skype.ini not found.
C:\Users\john\AppData\Local\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx not found.
C:\Users\john\Desktop\AVASoft Professional Antivirus.lnk not found.
C:\Users\john\AppData\Roaming\s8bNAaLOnQA not found.
C:\ProgramData\BC0DE7F82B8EB5E60000BC0D2BEEB9A0 not found.
C:\Users\john\AppData\Roaming\apcapi.dll not found.
C:\Users\john\AppData\Roaming\neudv.dll not found.
C:\Users\john\AppData\Roaming\udnet.dll not found.
==== End of Fixlog ====
I booted Windows normally and it actually loaded this time!! Thanks so much! I'm wondering now if I should do a Malwarebytes Anti-Malware scan?
- Oct 5, 2012
- 2,697
Nice to hear that it started normally now... 
Lets complete the rest of the steps also.......
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
You should be able to run both scans while in Normal mode...
STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode
<ol>
<li>Download <>Malwarebytes Chameleon from <a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">here</a> </>and extract it to a folder in a convenient location</li>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>
<hr />
STEP 3: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 4: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
Lets complete the rest of the steps also.......
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
You should be able to run both scans while in Normal mode...
STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode
<ol>
<li>Download <>Malwarebytes Chameleon from <a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">here</a> </>and extract it to a folder in a convenient location</li>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>
<hr />
STEP 3: Run a scan with AdwCleaner
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 4: Run a scan with Junkware Removal Tool
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Last edited by a moderator:
Okay, I did all those tests. Here are the logs:
Hitman:
MBAM (1):
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
john :: JOHN [administrator]
4/6/2013 6:13:08 PM
MBAM-log-2013-04-06 (18-25-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209760
Time elapsed: 11 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937\n.) Good: (shell32.dll) -> No action taken.
Folders Detected: 1
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken.
Files Detected: 1
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken.
(end)
MBAM (2):
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
john :: JOHN [administrator]
4/6/2013 6:26:21 PM
mbam-log-2013-04-06 (18-26-21).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352001
Time elapsed: 2 hour(s), 55 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\FRST\Quarantine\neudv.dll (Trojan.Dropper.DU) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\udnet.dll (Trojan.Medfos.RRE) -> Quarantined and deleted successfully.
(end)
AdwCleaner:
# AdwCleaner v2.200 - Logfile created 04/06/2013 at 21:33:08
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : john - JOHN
# Boot Mode : Normal
# Running from : C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TS7OROC\2-adwcleaner[1].exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\john\AppData\Local\TempDir
Folder Deleted : C:\Users\john\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\Conduit
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\CT2269050
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\extensions\engine@conduit.com
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\prefs.js
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "6-8-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 06 2010 08:31:52 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.FirstServerDate", "6-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Fri Aug 06 2010 08:31:52 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 06 2010 08:31:54 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 06 2010 08:31:55 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 06 2010 08:31:57 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 06 2010 08:31:58 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 06 2010 08:31:48 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1281012119");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Aug 06 2010 08:31:46 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN99260804785214609");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 06 2010 08:31:58 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2269050.WeatherUnit", "F");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Aug 06 2010 08:31:53 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 06 2010 08:31:47 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{5ddebff2-3646-4ff5-be8b-adc8ac4f577a}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 06 2010 08:31:58 GMT-0500 (Cen[...]
-\\ Google Chrome v26.0.1410.43
File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [8787 octets] - [06/04/2013 21:33:08]
########## EOF - C:\AdwCleaner[S1].txt - [8847 octets] ##########
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Starter x86
Ran by john on Sat 04/06/2013 at 21:39:53.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/06/2013 at 21:45:42.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hitman:
Code:
HitmanPro 3.7.3.193
www.hitmanpro.com
Computer name . . . . : JOHN
Windows . . . . . . . : 6.1.1.7601.X86/2
User name . . . . . . : john\john
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (29 days left)
Scan date . . . . . . : 2013-04-06 17:39:55
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 35s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 5
Traces . . . . . . . : 64
Objects scanned . . . : 971,655
Files scanned . . . . : 16,086
Remnants scanned . . : 291,654 files / 663,915 keys
Malware _____________________________________________________________________
C:\FRST\Quarantine\BC0DE7F82B8EB5E60000BC0D2BEEB9A0\BC0DE7F82B8EB5E60000BC0D2BEEB9A0.exe -> Deleted
Size . . . . . . . : 403,968 bytes
Age . . . . . . . : 1.2 days (2013-04-05 12:37:43)
Entropy . . . . . : 7.8
SHA-256 . . . . . : DC523B45B73B3907E624A9A8A696E5AE60A74BDF18A2154F6EA4E50538C209EA
> G Data . . . . . . : Trojan.GenericKDZ.13124 (Engine A)
Fuzzy . . . . . . : 118.0
Forensic Cluster
-0.0s C:\FRST\Quarantine\BC0DE7F82B8EB5E60000BC0D2BEEB9A0\
0.0s C:\FRST\Quarantine\BC0DE7F82B8EB5E60000BC0D2BEEB9A0\BC0DE7F82B8EB5E60000BC0D2BEEB9A0.exe
0.4s C:\FRST\Quarantine\BC0DE7F82B8EB5E60000BC0D2BEEB9A0\BC0DE7F82B8EB5E60000BC0D2BEEB9A0.ico
C:\Users\john\AppData\Local\Temp\63BE.tmp.exe -> Deleted
Size . . . . . . . : 90,112 bytes
Age . . . . . . . : 1.2 days (2013-04-05 12:38:06)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 150882421C66CFDD811F1D1BB59586DFC3A515DB8E46AB1E1C7697D9999CA55B
> G Data . . . . . . : Trojan.GenericKDZ.13088 (Engine A)
Fuzzy . . . . . . : 108.0
Forensic Cluster
-11.1s C:\Users\john\AppData\Local\Temp\~DF0A302CCAE8C61C4F.TMP
-8.6s C:\Users\john\AppData\Local\Temp\~DFAE477A72B87A88DE.TMP
-2.9s C:\FRST\Quarantine\s8bNAaLOnQA\
-0.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\navcancl[1]
0.0s C:\Users\john\AppData\Local\Temp\63BE.tmp.exe
2.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ErrorPageTemplate[2]
2.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\errorPageStrings[2]
3.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\httpErrorPagesScripts[2]
3.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\info_48[1]
3.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\bullet[1]
4.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\background_gradient[1]
6.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\wpad[1].htm
7.2s C:\Users\john\AppData\Roaming\skype.dat
16.9s C:\Users\john\AppData\Local\Temp\A5EA.tmp
19.7s C:\Users\john\AppData\Local\Temp\B0D3.tmp
20.3s C:\Users\john\AppData\Local\Temp\B2F6.tmp
20.5s C:\Users\john\AppData\Local\Temp\B3C2.tmp
20.6s C:\Users\john\AppData\Local\Temp\B430.tmp
21.1s C:\Users\john\AppData\Local\Temp\B643.tmp
21.4s C:\Users\john\AppData\Local\Temp\B74D.tmp
21.5s C:\$Recycle.Bin\S-1-5-18\
21.5s C:\$Recycle.Bin\S-1-5-18\$a4e68e8294a0c01a2bae5bbd162b8937\
21.7s C:\Users\john\AppData\Local\Temp\B838.tmp
21.9s C:\Users\john\AppData\Local\Temp\B923.tmp
22.0s C:\Users\john\AppData\Local\Temp\B992.tmp
22.2s C:\Users\john\AppData\Local\Temp\BA5D.tmp
22.2s C:\Users\john\AppData\Local\Temp\BA9D.tmp
29.2s C:\Users\john\AppData\Local\Temp\D5B1.tmp
29.2s C:\Users\john\AppData\Local\Temp\D5F0.tmp
29.5s C:\Users\john\AppData\Local\Temp\D70A.tmp
29.5s C:\Users\john\AppData\Local\Temp\D71B.tmp
29.6s C:\Users\john\AppData\Local\Temp\D72B.tmp
29.7s C:\Users\john\AppData\Local\Temp\D7B9.tmp
30.1s C:\FRST\Quarantine\s8bNAaLOnQA\sKLdHp69tfw\
30.3s C:\FRST\Quarantine\s8bNAaLOnQA\Km4G89Lv1jQ.dat
30.3s C:\FRST\Quarantine\s8bNAaLOnQA\mnhslst32.dat
30.5s C:\ProgramData\IBank\
33.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\find7[1].htm
35.3s C:\Users\john\AppData\Local\Temp\A5EA.dir\
36.2s C:\FRST\Quarantine\s8bNAaLOnQA\wndsksi.inf
41.3s C:\Users\john\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_5481.tmp.exe_b8d543b95cd550cf5d3f35083b2b04053cef5_026d050a\
41.3s C:\Users\john\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_5481.tmp.exe_b8d543b95cd550cf5d3f35083b2b04053cef5_026d050a\Report.wer
43.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ClickTS_loading[1].gif
44.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\A3NFFQC2.txt
44.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\searchsteam_com[1].htm
46.2s C:\Users\john\AppData\Local\Temp\184C.tmp
C:\Users\john\AppData\Local\Temp\~!#6DEB.tmp -> Deleted
Size . . . . . . . : 62,835 bytes
Age . . . . . . . : 1.2 days (2013-04-05 12:35:57)
Entropy . . . . . : 7.4
SHA-256 . . . . . : FB50CD67ED29341DA0E2313D3251D8B474024473F9F381E957FF891221BC6818
> G Data . . . . . . : Trojan.GenericKD.928949 (Engine A)
Fuzzy . . . . . . : 121.0
Forensic Cluster
-54.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\g=video_js&v=19[1]
-54.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\g=video_css&v=12[1].txt
-53.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\XK9IOJB0.txt
-52.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\18233c9d9d161d8cf1ef83e89432cdb2[1].png
-52.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\85cc42109e5d9395b23ead305a5b245d[1].png
-52.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\ga[1].js
-52.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\spacer[1].gif
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\130839772_1[1].jpg
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\myVidster_logo[1].gif
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\logotvcopy_100x100[1].jpg
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1028779545_1[1].jpg
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\bookmarklet[1].gif
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\myVidsterPro_160x160[1].png
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\565017705_1[1].jpg
-52.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\59390_sm[1].jpg
-52.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\rss_28[1].png
-52.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1352656754_1[1].jpg
-52.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\39211841_1[1].jpg
-52.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\151165_sm[1].png
-52.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\96798_sm[1].png
-52.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\826976879_1[1].jpg
-52.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\767302107_1[1].jpg
-52.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\71038_sm[1].jpg
-51.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\32272410_1[1].jpg
-51.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\819805424_1[1].jpg
-51.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\184167_sm[1].png
-51.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\100276_sm[1].jpg
-51.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\61143_sm[1].jpg
-51.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\97214_sm[1].jpg
-51.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\88570_sm[1].jpg
-51.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\219914_sm[1].jpg
-51.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1663974586_1[1].jpg
-51.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\318494_sm[1].jpg
-51.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\354270_sm[1].png
-51.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\974205498_1[1].jpg
-51.5s C:\Users\john\AppData\Local\Temp\A493.tmp
-50.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\fp[1]
-50.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\fp[1]
-50.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\5969[1].gif
-50.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YFO3EP9.txt
-50.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ui-bg_inset-hard_100_fcfdfd_1x100[1].png
-48.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\uat_19495[1].js
-48.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\rum[1].js
-48.7s C:\Users\john\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
-48.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UDJ31D1.txt
-48.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\9836[1].js
-48.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\uat_19497[1].js
-47.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\beacon[1].js
-47.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\emily[1].html
-47.8s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9LNC23H.txt
-47.3s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUGLKQ44.txt
-47.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\tap[1].gif
-47.0s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNK7FUVH.txt
-46.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\tap[1].gif
-43.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\4AZ2Q1OC.txt
-41.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\uat_19497[1].js
-41.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\meld128[1].js
-41.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\tap[2].gif
-41.0s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJHRRRL2.txt
-40.8s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYELIKYK.txt
-39.8s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7VY9VNI.txt
-39.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCTAX90W.txt
-39.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YDEJX0Q.txt
-39.3s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\J01DSPC1.txt
-36.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\7C4MR2DY.txt
-36.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4XLVR9W.txt
-36.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\Pix-1x1[1].gif
-36.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\32GTNC2V.txt
-36.3s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\848NMPB0.txt
-36.3s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FD0SGQ0.txt
-36.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\U60P9X6L.txt
-25.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\E096B8EZ.txt
-25.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\IBHY5B4F.txt
-24.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLX0S6FD.txt
-24.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBZ1LKND.txt
-24.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSLVMIS1.txt
-24.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1J8IYO5.txt
-24.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BXWZ3Y8.txt
-24.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\LAMJND3Q.txt
-24.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\K610DE1M.txt
-24.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDGMQQCN.txt
-22.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XAOPXW2.txt
-19.9s C:\Users\john\AppData\Local\Temp\jar_cache4083510801728356884.tmp
-17.5s C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5d2d0544-300dc4f8.idx
-17.5s C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5d2d0544-300dc4f8
-5.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXLQ9URS.txt
0.0s C:\Users\john\AppData\Local\Temp\~!#6DEB.tmp
19.6s C:\Users\john\AppData\Roaming\08B5E6\
19.8s C:\Users\john\AppData\Roaming\08B5E6\08B5E6.exe
21.9s C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937\
22.1s C:\Users\john\AppData\Local\Temp\InstallFlashPlayer.exe
22.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\961f35c058409592ec4c5b8c8c98a6ef[1].png
22.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\b0896d493edfff582c8322578db1494f[1].png
22.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\9613d069611a40b59e4dba4148d3cd98[1].png
22.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ed2d6b1b3e1099e03765b2f72cfdcac4[1].png
22.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\53cacf13f4564ab6a30091cee9ec0e62[1].png
22.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\b20ca79a4b0b82991e9c21031e5f9cae[1].png
22.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\cde912946522407e791cd274f6ce2cd3[1].png
22.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1017631062_1[1].jpg
22.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1259057023_1[1].jpg
22.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1582206779_1-thumb_medium[1].jpg
22.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\AEBN_Twitter[1].jpg
22.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\33203_sm[1].jpg
23.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\738992186_1[1].jpg
23.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\5906592bd62fa0f40ebffc3055b6fb97[1].png
23.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\217_sm[1].jpg
23.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\4a9cb462cecdbeef955090d9d0977946[1].png
23.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1483896311_1[1].jpg
23.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\37bf53a80e8828527b171d53a9015d25[1].png
23.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\46dc5cce7ed641a2a3a1867c4ab90b98[1].png
23.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1336697813_1-thumb_medium[1].jpg
23.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\2050950352_1[1].jpg
23.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\272440_sm[1].jpg
23.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\322509_sm[1].jpg
23.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1912191220_1[1].jpg
23.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\155497_sm[1].jpg
23.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1065799543_1[1].jpg
23.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\976487729_1[1].jpg
23.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\359594_sm[1].jpg
24.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1712379076_1[1].jpg
24.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1016713770_1[1].jpg
24.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\151965_sm[1].jpg
24.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1963585896_1-thumb_medium[1].jpg
24.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\357495_sm[1].jpg
24.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\18643_sm[1].jpg
24.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\355265_sm[1].jpg
24.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\adshow[1].htm
24.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\278336_sm[1].jpg
24.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\306101_sm[1].jpg
24.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\96885_sm[1].jpg
24.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1541873477_1[1].jpg
24.6s C:\FRST\Quarantine\udnet.dll
24.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\ad180849-1365106582[1].gif
24.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\300x250-1365059263[1].jpg
25.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\e4491cc546[1]
38.4s C:\Users\john\AppData\Local\Temp\d5e2fc4568578eac.exe
38.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.142.gthr
39.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.142.Crwl
46.3s C:\Users\john\AppData\Local\Temp\abcd.bat
C:\Users\john\AppData\Roaming\08B5E6\08B5E6.exe -> Deleted
Size . . . . . . . : 46,080 bytes
Age . . . . . . . : 1.2 days (2013-04-05 12:36:17)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 0CC0267529D6A13CB9E71D8F1C27CF40F299F5C42DC551D03F6BB0B96E5E4A4E
Publisher . . . . : B?y?
Description . . . : Cywi
> Emsisoft . . . . . : Trojan.Win32.Inject.fjbc.AMN!A2
Fuzzy . . . . . . : 118.0
Forensic Cluster
-74.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\g=video_js&v=19[1]
-74.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\g=video_css&v=12[1].txt
-73.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\XK9IOJB0.txt
-72.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\18233c9d9d161d8cf1ef83e89432cdb2[1].png
-72.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\85cc42109e5d9395b23ead305a5b245d[1].png
-72.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\ga[1].js
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\spacer[1].gif
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\130839772_1[1].jpg
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\myVidster_logo[1].gif
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\logotvcopy_100x100[1].jpg
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1028779545_1[1].jpg
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\bookmarklet[1].gif
-72.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\myVidsterPro_160x160[1].png
-72.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\565017705_1[1].jpg
-72.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\59390_sm[1].jpg
-72.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\rss_28[1].png
-72.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1352656754_1[1].jpg
-72.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\39211841_1[1].jpg
-72.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\151165_sm[1].png
-72.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\96798_sm[1].png
-72.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\826976879_1[1].jpg
-72.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\767302107_1[1].jpg
-71.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\71038_sm[1].jpg
-71.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\32272410_1[1].jpg
-71.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\819805424_1[1].jpg
-71.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\184167_sm[1].png
-71.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\100276_sm[1].jpg
-71.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\61143_sm[1].jpg
-71.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\97214_sm[1].jpg
-71.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\88570_sm[1].jpg
-71.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\219914_sm[1].jpg
-71.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1663974586_1[1].jpg
-71.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\318494_sm[1].jpg
-71.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\354270_sm[1].png
-71.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\974205498_1[1].jpg
-71.3s C:\Users\john\AppData\Local\Temp\A493.tmp
-70.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\fp[1]
-70.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\fp[1]
-70.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\5969[1].gif
-69.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\3YFO3EP9.txt
-69.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ui-bg_inset-hard_100_fcfdfd_1x100[1].png
-68.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\uat_19495[1].js
-68.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\rum[1].js
-68.5s C:\Users\john\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
-68.3s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\0UDJ31D1.txt
-68.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\9836[1].js
-67.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\uat_19497[1].js
-67.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\beacon[1].js
-67.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\emily[1].html
-67.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\D9LNC23H.txt
-67.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZUGLKQ44.txt
-66.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\tap[1].gif
-66.8s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\DNK7FUVH.txt
-66.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\tap[1].gif
-63.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\4AZ2Q1OC.txt
-61.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\uat_19497[1].js
-61.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\meld128[1].js
-60.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\tap[2].gif
-60.8s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJHRRRL2.txt
-60.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\WYELIKYK.txt
-59.6s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7VY9VNI.txt
-59.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCTAX90W.txt
-59.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YDEJX0Q.txt
-59.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\J01DSPC1.txt
-56.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\7C4MR2DY.txt
-56.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\H4XLVR9W.txt
-56.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\Pix-1x1[1].gif
-56.2s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\32GTNC2V.txt
-56.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\848NMPB0.txt
-56.1s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\5FD0SGQ0.txt
-56.0s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\U60P9X6L.txt
-44.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\E096B8EZ.txt
-44.9s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\IBHY5B4F.txt
-44.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\PLX0S6FD.txt
-44.7s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBZ1LKND.txt
-44.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSLVMIS1.txt
-44.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1J8IYO5.txt
-44.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BXWZ3Y8.txt
-44.5s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\LAMJND3Q.txt
-44.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\K610DE1M.txt
-44.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZDGMQQCN.txt
-42.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XAOPXW2.txt
-39.6s C:\Users\john\AppData\Local\Temp\jar_cache4083510801728356884.tmp
-37.3s C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5d2d0544-300dc4f8.idx
-37.3s C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5d2d0544-300dc4f8
-25.4s C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXLQ9URS.txt
-19.8s C:\Users\john\AppData\Local\Temp\~!#6DEB.tmp
-0.1s C:\Users\john\AppData\Roaming\08B5E6\
0.0s C:\Users\john\AppData\Roaming\08B5E6\08B5E6.exe
2.1s C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937\
2.3s C:\Users\john\AppData\Local\Temp\InstallFlashPlayer.exe
2.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\961f35c058409592ec4c5b8c8c98a6ef[1].png
2.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\b0896d493edfff582c8322578db1494f[1].png
2.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\9613d069611a40b59e4dba4148d3cd98[1].png
2.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\ed2d6b1b3e1099e03765b2f72cfdcac4[1].png
2.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\53cacf13f4564ab6a30091cee9ec0e62[1].png
2.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\b20ca79a4b0b82991e9c21031e5f9cae[1].png
2.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\cde912946522407e791cd274f6ce2cd3[1].png
2.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1017631062_1[1].jpg
3.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1259057023_1[1].jpg
3.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\1582206779_1-thumb_medium[1].jpg
3.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\AEBN_Twitter[1].jpg
3.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\33203_sm[1].jpg
3.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\738992186_1[1].jpg
3.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\5906592bd62fa0f40ebffc3055b6fb97[1].png
3.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\217_sm[1].jpg
3.5s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\4a9cb462cecdbeef955090d9d0977946[1].png
3.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1483896311_1[1].jpg
3.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\37bf53a80e8828527b171d53a9015d25[1].png
3.7s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\46dc5cce7ed641a2a3a1867c4ab90b98[1].png
3.8s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1336697813_1-thumb_medium[1].jpg
3.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\2050950352_1[1].jpg
3.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\272440_sm[1].jpg
3.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\322509_sm[1].jpg
4.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1912191220_1[1].jpg
4.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\155497_sm[1].jpg
4.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\1065799543_1[1].jpg
4.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\976487729_1[1].jpg
4.1s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\359594_sm[1].jpg
4.2s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1712379076_1[1].jpg
4.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1016713770_1[1].jpg
4.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\151965_sm[1].jpg
4.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\1963585896_1-thumb_medium[1].jpg
4.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\357495_sm[1].jpg
4.3s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\18643_sm[1].jpg
4.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\355265_sm[1].jpg
4.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\adshow[1].htm
4.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\278336_sm[1].jpg
4.4s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3PLHPAZS\306101_sm[1].jpg
4.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\96885_sm[1].jpg
4.6s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L5P227UH\1541873477_1[1].jpg
4.8s C:\FRST\Quarantine\udnet.dll
4.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\ad180849-1365106582[1].gif
5.0s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PPMSGUKU\300x250-1365059263[1].jpg
5.9s C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMNBPCVQ\e4491cc546[1]
18.6s C:\Users\john\AppData\Local\Temp\d5e2fc4568578eac.exe
19.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.142.gthr
19.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.142.Crwl
26.5s C:\Users\john\AppData\Local\Temp\abcd.bat
C:\Users\john\AppData\Roaming\skype.dat -> Deleted
Size . . . . . . . : 90,112 bytes
Age . . . . . . . : 1.2 days (2013-04-05 12:38:13)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 150882421C66CFDD811F1D1BB59586DFC3A515DB8E46AB1E1C7697D9999CA55B
> G Data . . . . . . : Trojan.GenericKDZ.13088 (Engine A)
Fuzzy . . . . . . : 112.0
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:247realmedia.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:a1.interclick.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ad.blockshopper.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ad.wsod.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:adbrite.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.ad4game.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.cinamuse.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.cinemaden.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.filmlush.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.flixaddict.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.movielush.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.pointroll.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.pushplay.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ads.undertone.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:adserver.adtechus.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:adultfriendfinder.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:advertising.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:apmebf.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:at.atwola.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:atdmt.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:bs.serving-sys.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:burstnet.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:casalemedia.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:cdn4.specificclick.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:chitika.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:citi.bridgetrack.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:clicksor.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:collective-media.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:doubleclick.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:fastclick.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:in.getclicky.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:interclick.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:invitemedia.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:media6degrees.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:mediaplex.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:overture.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:pointroll.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:pornhub.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:questionmarket.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:realmedia.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:revsci.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:ru4.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:serving-sys.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:specificclick.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:stat.onestat.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:statcounter.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:streamate.doublepimp.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:tacoda.at.atwola.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:tacoda.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:tattosexycelebrity.blogspot.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:trafficmp.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:tribalfusion.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:www.burstnet.com
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:yieldmanager.net
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\cookies.sqlite:zedo.comMBAM (1):
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
john :: JOHN [administrator]
4/6/2013 6:13:08 PM
MBAM-log-2013-04-06 (18-25-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209760
Time elapsed: 11 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937\n.) Good: (shell32.dll) -> No action taken.
Folders Detected: 1
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken.
Files Detected: 1
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken.
(end)
MBAM (2):
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.06.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
john :: JOHN [administrator]
4/6/2013 6:26:21 PM
mbam-log-2013-04-06 (18-26-21).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352001
Time elapsed: 2 hour(s), 55 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\FRST\Quarantine\neudv.dll (Trojan.Dropper.DU) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\udnet.dll (Trojan.Medfos.RRE) -> Quarantined and deleted successfully.
(end)
AdwCleaner:
# AdwCleaner v2.200 - Logfile created 04/06/2013 at 21:33:08
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : john - JOHN
# Boot Mode : Normal
# Running from : C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9TS7OROC\2-adwcleaner[1].exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\john\AppData\Local\TempDir
Folder Deleted : C:\Users\john\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\Conduit
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\CT2269050
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\extensions\engine@conduit.com
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\6tcizlt8.default\prefs.js
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "6-8-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Fri Aug 06 2010 08:31:52 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.FirstServerDate", "6-8-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Fri Aug 06 2010 08:31:52 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Aug 06 2010 08:31:54 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Fri Aug 06 2010 08:31:55 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Fri Aug 06 2010 08:31:57 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Aug 06 2010 08:31:58 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Fri Aug 06 2010 08:31:48 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1281012119");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Aug 06 2010 08:31:46 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN99260804785214609");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Fri Aug 06 2010 08:31:58 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2269050.WeatherUnit", "F");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Aug 06 2010 08:31:53 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 06 2010 08:31:47 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{5ddebff2-3646-4ff5-be8b-adc8ac4f577a}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Aug 06 2010 08:31:58 GMT-0500 (Cen[...]
-\\ Google Chrome v26.0.1410.43
File : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [8787 octets] - [06/04/2013 21:33:08]
########## EOF - C:\AdwCleaner[S1].txt - [8847 octets] ##########
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Starter x86
Ran by john on Sat 04/06/2013 at 21:39:53.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/06/2013 at 21:45:42.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Oct 5, 2012
- 2,697
Download avenger.zip... © by Swandog46
<hr />
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run it. Click "OK"...at the prompt.
- Check the box... "Scan for rootkits"
- Uncheck the box... "Automatically disable any rootkits found"...if checked.
- Copy all of the text in the code box (below) and paste it in the text box in The Avenger
Code:Folders to delete: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\ - Click the Execute button.
- Click "Yes" at the 2 prompts:
- "Are you sure you want to execute the current script?".
- "First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?".
- Your PC will automatically reboot.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require 2 (two) reboots to complete its operation.
If that is the case, it will force a BSOD (Blue Screen of Death) error ...on the first reboot. This is normal & expected behavior. - After your PC has completed the necessary reboots, a log should automatically open.
If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
<hr />
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
Last edited by a moderator:
The first program didn'd download or load properly because it kept telling me it was an invalid file, but I did successfully run the second test and here are the results:
C:\FRST\Quarantine\apcapi.dll a variant of Win32/Medfos.NC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx JS/Redirector.NCG trojan deleted - quarantined
C:\Users\john\AppData\Local\Temp\jar_cache4083510801728356884.tmp multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\170977d0-5a34da0a multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2ec7ab03-2ff40f10 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7bfc5b67-3f15daa8 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3fbabaea-37916dda multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\465f12ac-7a8011e4 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5e063a45-2f5862e2 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\211df4b5-7c0bdfbe a variant of Java/TrojanDownloader.OpenStream.NBF trojan cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4cafbd48-4343bac1 multiple threats cleaned by deleting - quarantined
Thanks again!!
C:\FRST\Quarantine\apcapi.dll a variant of Win32/Medfos.NC trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\dceae4a1-fa32-4fee-8ba9-a1e3c0fba859.crx JS/Redirector.NCG trojan deleted - quarantined
C:\Users\john\AppData\Local\Temp\jar_cache4083510801728356884.tmp multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\170977d0-5a34da0a multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\2ec7ab03-2ff40f10 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\7bfc5b67-3f15daa8 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3fbabaea-37916dda multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\465f12ac-7a8011e4 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5e063a45-2f5862e2 multiple threats cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\211df4b5-7c0bdfbe a variant of Java/TrojanDownloader.OpenStream.NBF trojan cleaned by deleting - quarantined
C:\Users\john\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\4cafbd48-4343bac1 multiple threats cleaned by deleting - quarantined
Thanks again!!
- Oct 5, 2012
- 2,697
Okay.
STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
Settings You need to Select in OTL
<hr />
STEP 1: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
Settings You need to Select in OTL
- Click the Scan All Users checkbox.
- Change Standard Registry to All.
- Check the boxes beside LOP Check and Purity Check.
<hr />
Last edited by a moderator:
Here are those results:
Extras:
OTL Extras logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015E59D5-FC6C-4C06-A3C9-87A578B021B7}" = HP User Guides 0197
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AEE22A8-6430-4CD0-917A-F0EB49F4E814}" = Skyhook Wireless XPS Service
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{60C58642-B64D-43E6-B7EF-7928019AA012}" = Loki Browser Plugin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C017B2C7-24F5-4E57-95F2-D70C0AC974F0}" = HP Setup
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{DBB9D695-D806-438A-B214-7FB3FADDD174}" = HP Navigator
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF627ABB-E970-4C3E-9ABB-097BE46F55CB}" = HP QuickSync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 4.8
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"My HP Game Console" = HP Game Console
"RealPlayer 12.0" = RealPlayer
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082442" = Faerie Solitaire
"WT083489" = JoJo's Fashion Show
"WT083503" = Jewel Match 2
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"ZumoDrive" = HP CloudDrive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/7/2013 6:50:21 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 652178
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 60950
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 60950
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7254342
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7254342
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4365157
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4365157
[ Hewlett-Packard Events ]
Error - 8/30/2010 5:46:25 PM | Computer Name = john | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()
[ HP Wireless Assistant Events ]
Error - 3/17/2011 3:44:22 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/17/2011 3:44:22 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 3/21/2011 12:14:31 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/21/2011 12:14:31 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 3/21/2011 1:11:43 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/21/2011 4:03:06 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 9:26:35 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 4:36:17 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 9:11:39 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/22/2011 9:11:39 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
[ System Events ]
Error - 4/7/2013 3:37:08 AM | Computer Name = john | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 4/7/2013 6:06:58 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 6:06:58 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 7:44:26 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 7:44:26 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 10:09:34 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 10:09:34 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 11:35:41 PM | Computer Name = john | Source = DCOM | ID = 10010
Description =
Error - 4/8/2013 12:01:42 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/8/2013 12:01:42 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
< End of report >
OTL:
OTL logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\john\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (xpssvc) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (XPSVCOM) -- C:\Windows\System32\drivers\XPSVCOM.sys (Skyhook Wireless)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\john\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions
[2010/08/05 17:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/04/06 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\6tcizlt8.default\extensions
[2011/10/09 17:05:15 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/17 13:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 13:18:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 13:18:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/10 00:49:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/10 00:49:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Adblock Plus = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: AdBlock = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: TweetDeck = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.6.0_0\
CHR - Extension: Plypp Piano = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hofckkgpnnjabffkjemconojemcibifh\6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Quick Note = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.3_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiodjcfboomhnbbmoimodpahebopdagm\1.0.1.9_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files\Skyhook Wireless\Loki Plugin\loki.dll (Skyhook Wireless)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C6BDD6-AD18-4B97-B83F-6D17116169E3}: DhcpNameServer = 8.8.8.8 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A912DD99-CEFA-4A8F-A59A-728421691A07}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA04567E-0BF0-4EE9-A6B7-B3F375B22690}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/07 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/06 21:39:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/06 21:39:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
[2013/04/06 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/06 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/06 17:47:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/06 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/06 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Programs
[2013/04/06 03:17:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 15:19:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/04/05 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/05 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/05 12:41:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/05 12:39:04 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/05 12:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IBank
[2013/03/17 19:12:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/12 23:09:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:08:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:08:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:08:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:08:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/10 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\john\Desktop\moviess
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/08 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:34:45 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 18:12:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:27 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/06 17:44:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 15:19:42 | 000,000,576 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/04/05 15:15:04 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:06:07 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/05 14:06:07 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/05 12:48:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 12:39:04 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/02 16:34:52 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
[2013/03/12 01:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/11 22:54:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/06 17:47:27 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/05 14:14:17 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:08:33 | 000,000,576 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/04/05 12:39:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 23:02:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/03/26 23:02:24 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\asse
Extras:
OTL Extras logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015E59D5-FC6C-4C06-A3C9-87A578B021B7}" = HP User Guides 0197
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0AEE22A8-6430-4CD0-917A-F0EB49F4E814}" = Skyhook Wireless XPS Service
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C915B0-F2A0-423D-BEDF-04D3CE4D4DC5}" = HP Quick Launch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F22707C-C8E4-4BC8-881C-FAAB2EF5914B}" = HP HomeBase
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{60C58642-B64D-43E6-B7EF-7928019AA012}" = Loki Browser Plugin
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C017B2C7-24F5-4E57-95F2-D70C0AC974F0}" = HP Setup
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DA200FDD-DE3D-4958-8465-C4FBC869544B}" = HP Software Framework
"{DBB9D695-D806-438A-B214-7FB3FADDD174}" = HP Navigator
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF627ABB-E970-4C3E-9ABB-097BE46F55CB}" = HP QuickSync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 4.8
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"My HP Game Console" = HP Game Console
"RealPlayer 12.0" = RealPlayer
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082442" = Faerie Solitaire
"WT083489" = JoJo's Fashion Show
"WT083503" = Jewel Match 2
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop
"ZumoDrive" = HP CloudDrive
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/7/2013 6:50:21 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 652178
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 60950
Error - 4/7/2013 7:01:28 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 60950
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7254342
Error - 4/7/2013 10:09:37 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7254342
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4365157
Error - 4/7/2013 11:35:42 PM | Computer Name = john | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4365157
[ Hewlett-Packard Events ]
Error - 8/30/2010 5:46:25 PM | Computer Name = john | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)
at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()
[ HP Wireless Assistant Events ]
Error - 3/17/2011 3:44:22 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/17/2011 3:44:22 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 3/21/2011 12:14:31 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/21/2011 12:14:31 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 3/21/2011 1:11:43 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/21/2011 4:03:06 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 9:26:35 AM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 4:36:17 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE
at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)
at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
Error - 3/22/2011 9:11:39 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 3/22/2011 9:11:39 PM | Computer Name = john | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
[ System Events ]
Error - 4/7/2013 3:37:08 AM | Computer Name = john | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.
Error - 4/7/2013 6:06:58 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 6:06:58 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 7:44:26 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 7:44:26 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 10:09:34 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/7/2013 10:09:34 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 4/7/2013 11:35:41 PM | Computer Name = john | Source = DCOM | ID = 10010
Description =
Error - 4/8/2013 12:01:42 PM | Computer Name = john | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 4/8/2013 12:01:42 PM | Computer Name = john | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
< End of report >
OTL:
OTL logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\john\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (xpssvc) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (XPSVCOM) -- C:\Windows\System32\drivers\XPSVCOM.sys (Skyhook Wireless)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\john\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions
[2010/08/05 17:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/04/06 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\6tcizlt8.default\extensions
[2011/10/09 17:05:15 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/17 13:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 13:18:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 13:18:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/10 00:49:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/10 00:49:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Adblock Plus = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: AdBlock = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: TweetDeck = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.6.0_0\
CHR - Extension: Plypp Piano = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hofckkgpnnjabffkjemconojemcibifh\6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Quick Note = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.3_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiodjcfboomhnbbmoimodpahebopdagm\1.0.1.9_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files\Skyhook Wireless\Loki Plugin\loki.dll (Skyhook Wireless)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C6BDD6-AD18-4B97-B83F-6D17116169E3}: DhcpNameServer = 8.8.8.8 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A912DD99-CEFA-4A8F-A59A-728421691A07}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA04567E-0BF0-4EE9-A6B7-B3F375B22690}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/07 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/06 21:39:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/06 21:39:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
[2013/04/06 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/06 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/06 17:47:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/06 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/06 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Programs
[2013/04/06 03:17:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 15:19:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/04/05 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/05 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/05 12:41:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/05 12:39:04 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/05 12:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IBank
[2013/03/17 19:12:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/12 23:09:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:08:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:08:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:08:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:08:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/10 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\john\Desktop\moviess
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/08 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:34:45 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 18:12:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:27 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/06 17:44:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 15:19:42 | 000,000,576 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/04/05 15:15:04 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:06:07 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/05 14:06:07 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/05 12:48:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 12:39:04 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/02 16:34:52 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
[2013/03/12 01:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/11 22:54:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/06 17:47:27 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/05 14:14:17 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:08:33 | 000,000,576 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/04/05 12:39:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 23:02:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/03/26 23:02:24 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\asse
Im not sure if the entire OTL results posted so here those are again:
OTL logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\john\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (xpssvc) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (XPSVCOM) -- C:\Windows\System32\drivers\XPSVCOM.sys (Skyhook Wireless)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\john\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions
[2010/08/05 17:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/04/06 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\6tcizlt8.default\extensions
[2011/10/09 17:05:15 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/17 13:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 13:18:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 13:18:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/10 00:49:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/10 00:49:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Adblock Plus = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: AdBlock = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: TweetDeck = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.6.0_0\
CHR - Extension: Plypp Piano = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hofckkgpnnjabffkjemconojemcibifh\6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Quick Note = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.3_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiodjcfboomhnbbmoimodpahebopdagm\1.0.1.9_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files\Skyhook Wireless\Loki Plugin\loki.dll (Skyhook Wireless)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C6BDD6-AD18-4B97-B83F-6D17116169E3}: DhcpNameServer = 8.8.8.8 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A912DD99-CEFA-4A8F-A59A-728421691A07}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA04567E-0BF0-4EE9-A6B7-B3F375B22690}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/07 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/06 21:39:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/06 21:39:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
[2013/04/06 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/06 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/06 17:47:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/06 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/06 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Programs
[2013/04/06 03:17:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 15:19:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/04/05 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/05 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/05 12:41:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/05 12:39:04 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/05 12:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IBank
[2013/03/17 19:12:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/12 23:09:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:08:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:08:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:08:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:08:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/10 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\john\Desktop\moviess
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/08 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:34:45 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 18:12:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:27 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/06 17:44:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 15:19:42 | 000,000,576 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/04/05 15:15:04 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:06:07 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/05 14:06:07 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/05 12:48:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 12:39:04 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/02 16:34:52 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
[2013/03/12 01:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/11 22:54:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/06 17:47:27 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/05 14:14:17 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:08:33 | 000,000,576 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/04/05 12:39:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 23:02:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/03/26 23:02:24 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/08/01 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/11/27 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\LimeWire
[2010/12/12 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\NCH Swift Sound
[2010/08/31 13:24:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\OpenOffice.org
[2010/08/01 21:29:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\WildTangent
[2013/04/05 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\ZumoDrive
========== Purity Check ==========
< End of report >
OTL logfile created on: 4/8/2013 7:04:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\john\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1011.90 Mb Total Physical Memory | 448.93 Mb Available Physical Memory | 44.36% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.54 Gb Total Space | 74.99 Gb Free Space | 56.16% Space Free | Partition Type: NTFS
Drive D: | 15.22 Gb Total Space | 1.91 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 92.49 Mb Free Space | 93.58% Space Free | Partition Type: FAT32
Computer Name: JOHN | User Name: john | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\john\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (HitmanPro37CrusaderBoot) -- F:\HitmanPro.exe /crusader:boot File not found
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (DvmMDES) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (xpssvc) -- C:\Program Files\Skyhook Wireless\XPS\xpssvc.exe (Skyhook Wireless)
SRV - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
========== Driver Services (SafeList) ==========
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RSPCIESTOR) -- C:\Windows\System32\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (XPSVCOM) -- C:\Windows\System32\drivers\XPSVCOM.sys (Skyhook Wireless)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DVMIO) -- C:\Windows\System32\drivers\dvmio.sys (DeviceVM, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{4BF03CF2-2B4D-4F87-9FDF-FA38F6B88A2D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{5C2B4519-13B1-493E-B5E7-56CFBCFAB9C8}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_en
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=CPNTDF&PC=CPNTDF&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\john\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions
[2010/08/05 17:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013/04/06 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Firefox\Profiles\6tcizlt8.default\extensions
[2011/10/09 17:05:15 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/17 13:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/31 13:18:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 13:18:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/10 00:49:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/12/10 00:49:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/12/10 00:49:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/12/10 00:49:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki Plugin\nploki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: eBay Web App = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom\1.0.3_0\
CHR - Extension: Adblock Plus = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: AdBlock = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: TweetDeck = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.6.0_0\
CHR - Extension: Plypp Piano = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hofckkgpnnjabffkjemconojemcibifh\6.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2_0\
CHR - Extension: Fiery Horse chrome Theme = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\miipddolmnknmpiednnbijmeogpdgknp\1_0\
CHR - Extension: Quick Note = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.3_0\
CHR - Extension: TV = C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiodjcfboomhnbbmoimodpahebopdagm\1.0.1.9_0\
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (LocationFinder Class) - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files\Skyhook Wireless\Loki Plugin\loki.dll (Skyhook Wireless)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1952303879-2284333571-2840854797-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\john\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C6BDD6-AD18-4B97-B83F-6D17116169E3}: DhcpNameServer = 8.8.8.8 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A912DD99-CEFA-4A8F-A59A-728421691A07}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA04567E-0BF0-4EE9-A6B7-B3F375B22690}: DhcpNameServer = 168.94.0.15 168.94.0.14
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/07 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/06 21:39:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/06 21:39:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:34 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Roaming\Malwarebytes
[2013/04/06 17:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/06 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/06 17:47:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/06 17:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/06 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\john\AppData\Local\Programs
[2013/04/06 03:17:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 15:19:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/04/05 14:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/04/05 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/04/05 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/05 12:41:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/05 12:39:04 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/05 12:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IBank
[2013/03/17 19:12:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/12 23:09:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:08:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:08:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:08:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:08:57 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/10 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\john\Desktop\moviess
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/08 19:02:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\john\Desktop\OTL.exe
[2013/04/08 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:42:19 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 21:34:45 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 18:12:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/04/06 17:47:27 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | M] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/06 17:44:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/04/05 15:19:42 | 000,000,576 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/04/05 15:15:04 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:06:07 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/05 14:06:07 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/05 12:48:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 12:39:04 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/05 12:39:04 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/02 16:34:52 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/04/02 12:05:35 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
[2013/03/12 01:54:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/11 22:54:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/06 17:47:27 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 17:47:09 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/04/05 14:14:17 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/04/05 14:08:33 | 000,000,576 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/04/05 12:39:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 23:02:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_john.job
[2013/03/26 23:02:24 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_john.job
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/08/01 21:21:09 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/11/27 02:40:39 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\LimeWire
[2010/12/12 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\NCH Swift Sound
[2010/08/31 13:24:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\OpenOffice.org
[2010/08/01 21:29:57 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\WildTangent
[2013/04/05 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\ZumoDrive
========== Purity Check ==========
< End of report >
- Oct 5, 2012
- 2,697
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:OTL
[2010/08/05 17:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/08/05 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/10/09 17:05:15 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
:Files
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\
:commands
[emptytemp]
[reboot]<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
Last edited by a moderator:
Okay, here is that log:
All processes killed
========== OTL ==========
C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org folder moved successfully.
File C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
========== FILES ==========
File\Folder C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus not found.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RTRQC8F.s folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RT0QYB0 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RS8AZBC folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RR2AYJ5 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RPW0LY0 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RGZHASN folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RF8TOBH folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Previous iTunes Libraries folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\iTunes Media\Automatically Add to iTunes folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\iTunes Media folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Download folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15\14\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15\14 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14\00\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\05\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\02\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\06\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\03\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10\09\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\15\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\01\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\15\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\12\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\11\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\02\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\00\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\06\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\04\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06\07\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\15\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\10\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\08\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\04\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\04\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\02\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\13\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\09\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\03\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\11\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\08\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\07\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\03\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\01\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$R8X08EF folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$R0LSMD5 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: john
->Temp folder emptied: 928662780 bytes
->Temporary Internet Files folder emptied: 333086605 bytes
->Java cache emptied: 1171424 bytes
->FireFox cache emptied: 58096517 bytes
->Google Chrome cache emptied: 71595077 bytes
->Flash cache emptied: 73286 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193431861 bytes
RecycleBin emptied: 299538462 bytes
Total Files Cleaned = 1,798.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_001415
Files\Folders moved on Reboot...
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN2XHCM3\tweet_button.1363148939[1].html moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3C7W8R5\fastbutton[1].htm moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3C7W8R5\Thread-FBI-Moneypak-Virus-Help[2].txt moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Thanks!!
All processes killed
========== OTL ==========
C:\Users\john\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\john\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org folder moved successfully.
File C:\Users\john\AppData\Roaming\mozilla\firefox\profiles\6tcizlt8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
========== FILES ==========
File\Folder C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus not found.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RTRQC8F.s folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RT0QYB0 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RS8AZBC folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RR2AYJ5 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RPW0LY0 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RGZHASN folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$RF8TOBH folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Previous iTunes Libraries folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\iTunes Media\Automatically Add to iTunes folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\iTunes Media folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Download folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15\14\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15\14 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14\00\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\14 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\05\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\02\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\06\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\03\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10\09\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\15\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\01\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\15\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\12\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\11\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\02\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\00\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\06\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\04\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06\07\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\06 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\15\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\05 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\10\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\08\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\04\12 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\04\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\04 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\02\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\13\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\09\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\09 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\03\10 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\02 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\11\15 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\11 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\08\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\07\08 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\07 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\03\00 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\03 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\01\13 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280\01 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache\15FC579C3F539280 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork\Cache folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA\Album Artwork folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$REQZBTA folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$R8X08EF folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$R0LSMD5 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000\$a4e68e8294a0c01a2bae5bbd162b8937 folder moved successfully.
C:\$Recycle.Bin\S-1-5-21-1952303879-2284333571-2840854797-1000 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: john
->Temp folder emptied: 928662780 bytes
->Temporary Internet Files folder emptied: 333086605 bytes
->Java cache emptied: 1171424 bytes
->FireFox cache emptied: 58096517 bytes
->Google Chrome cache emptied: 71595077 bytes
->Flash cache emptied: 73286 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193431861 bytes
RecycleBin emptied: 299538462 bytes
Total Files Cleaned = 1,798.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04092013_001415
Files\Folders moved on Reboot...
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VN2XHCM3\tweet_button.1363148939[1].html moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3C7W8R5\fastbutton[1].htm moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3C7W8R5\Thread-FBI-Moneypak-Virus-Help[2].txt moved successfully.
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Thanks!!
- Oct 5, 2012
- 2,697
Great to hear that...
Double click on OTL to run it
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one
For Vista
Create a restore point
Delete all but the most recent restore point
For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link
Keep your system updated
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
<hr />
What's next?
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Double click on OTL to run it
- Click on the Cleanup button at the top.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
- This will remove itself and other tools we may have used.
Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.
For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one
For Vista
Create a restore point
Delete all but the most recent restore point
For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link
Keep your system updated
- Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
- Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
- Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here
I also recommend you to switch your antivirus program to a better one. Here are some suggestions:
- avast! 7 Home Edition - Don't use it with Online Armor
- Avira AntiVir Personal
- Microsoft Security Essentials
In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.
- Online Armor
- Comodo Firewall - If you are an advance user
Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.
Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.
Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
- KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
- AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
- NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
- Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites
Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.
Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.
Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask
<hr />
What's next?
- Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
- Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
- Be an active member in the MalwareTips community!
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
- Oct 5, 2012
- 2,697
This thread is now closed.
Reason: <span style="color: #ff0000;">Issue Resolved</span>
<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. </></span>
<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>
All members requesting Malware Removal Assistance are required to follow all procedures in the thread
My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
Last edited by a moderator:
- Status
Similar threads
-
- Locked