Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI ransomeware help
Message
<blockquote data-quote="mmaikeru" data-source="post: 124155" data-attributes="member: 8869"><p>OTL logfile created on: 6/7/2013 11:51:59 AM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Upstairs computer\Downloads</p><p>Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.6001.18999)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.32% Memory free</p><p>6.20 Gb Paging File | 5.16 Gb Available in Paging File | 83.27% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 136.05 Gb Total Space | 57.35 Gb Free Space | 42.15% Space Free | Partition Type: NTFS</p><p>Drive D: | 583.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS</p><p> </p><p>Computer Name: UPSTAIRS | User Name: WALL_E_Machine | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Upstairs computer\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)</p><p>PRC - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)</p><p>PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)</p><p>PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)</p><p>PRC - C:\Windows\vVX6000.exe (Microsoft Corporation</p><p>)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR)</p><p>PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)</p><p>PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()</p><p>PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()</p><p>PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()</p><p>MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll ()</p><p>MOD - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (Norton Internet Security) -- File not found</p><p>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)</p><p>SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)</p><p>SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)</p><p>SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()</p><p>SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)</p><p>SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (SASKUTIL) -- E:\SASKUTIL.SYS File not found</p><p>DRV - (SASDIFSV) -- E:\SASDIFSV.SYS File not found</p><p>DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found</p><p>DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found</p><p>DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVEX15.SYS File not found</p><p>DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVENG.SYS File not found</p><p>DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found</p><p>DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()</p><p>DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys (Symantec Corporation)</p><p>DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys (Symantec Corporation)</p><p>DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys (Symantec Corporation)</p><p>DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)</p><p>DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)</p><p>DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys (Symantec Corporation)</p><p>DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110729.030\IDSvix86.sys (Symantec Corporation)</p><p>DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)</p><p>DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )</p><p>DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys (Symantec Corporation)</p><p>DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys (Symantec Corporation)</p><p>DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys (Symantec Corporation)</p><p>DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys (Symantec Corporation)</p><p>DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation</p><p>)</p><p>DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)</p><p>DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.)</p><p>DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)</p><p>DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)</p><p>DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)</p><p>DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)</p><p>DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )</p><p>DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)</p><p>DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)</p><p>DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</p><p>DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</p><p>IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {36054807-1BD1-4CE0-A2D0-4C0E060A5C71}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC</p><p>IE - HKCU\..\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS333US333</p><p>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_enUS333US333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-KBeFeMju4ZriHxvZ52qEEEqWyo?q={searchTerms}</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local></p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2013/06/04 23:25:47 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2013/06/07 11:44:13 | 000,000,000 | ---D | M]</p><p> </p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}</p><p>CHR - homepage: http://www.google.com</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll</p><p>CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</p><p>CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll</p><p>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll</p><p>CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll</p><p>CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - plugin: Default Plug-in (Enabled) = default_plugin</p><p>CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\</p><p>CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\</p><p>CHR - Extension: Bflix = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpojpihgafjhbgkgaglhighomjceieff\1.4_0\</p><p>CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p>CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: ::1 localhost</p><p>O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\Bflix.dll (BFlix)</p><p>O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.</p><p>O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)</p><p>O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)</p><p>O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)</p><p>O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)</p><p>O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)</p><p>O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)</p><p>O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation</p><p>)</p><p>O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)</p><p>O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()</p><p>O4 - HKCU..\Run: [BigFix] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)</p><p>O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)</p><p>O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe File not found</p><p>O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe ()</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1</p><p>O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)</p><p>O13 - gopher Prefix: missing</p><p>O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)</p><p>O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)</p><p>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</p><p>O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)</p><p>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8255289D-93FA-4FF1-95CA-C62151A829B6}: DhcpNameServer = 192.168.43.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9094F924-0A5E-4AC1-A743-EFDC01E1D46A}: DhcpNameServer = 192.168.1.1</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKCU Winlogon: Shell - (C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx) - C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx ()</p><p>O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp</p><p>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O32 - AutoRun File - [2004/07/12 14:57:16 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]</p><p>O33 - MountPoints2\{1e3fda8d-ea6f-11de-93a1-002511104264}\Shell\AutoRun\command - "" = WDSetup.exe</p><p>O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_aomg.exe -- [2004/07/16 14:07:36 | 000,045,056 | R--- | M] ()</p><p>O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\AutoRun\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe</p><p>O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\open\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe</p><p>O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell\AutoRun\command - "" = E:\LiteAuto.exe</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/06/07 07:41:21 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe</p><p>[2013/06/07 07:30:23 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe</p><p>[2013/06/07 07:30:22 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe</p><p>[2013/06/07 07:00:03 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe</p><p>[2013/06/07 07:00:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe</p><p>[2013/06/07 06:54:18 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe</p><p>[2013/06/07 06:39:31 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe</p><p>[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe</p><p>[2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe</p><p>[2013/06/06 22:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\uulcb</p><p>[2013/06/06 13:45:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe</p><p>[2013/06/06 12:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/06/06 12:16:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</p><p>[2013/06/06 11:16:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe</p><p>[2013/06/06 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad</p><p>[2013/06/06 09:27:51 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Macro Scheduler 14</p><p>[2013/06/05 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft</p><p>[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\RobotSoft</p><p>[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft</p><p>[2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder</p><p>[2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Recorder</p><p>[2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder</p><p>[2013/06/05 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recorder</p><p>[2013/06/05 22:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\KraTronic</p><p>[2013/06/05 22:23:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Nemex</p><p>[2013/06/05 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro</p><p>[2013/06/05 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nemex</p><p>[2013/06/05 21:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Do It Again</p><p>[2013/06/04 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific</p><p>[2013/06/04 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Symantec</p><p>[2013/06/01 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16</p><p>[2013/05/22 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\BigFix</p><p>[2013/05/22 21:04:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Meal Management project</p><p>[2008/01/20 19:25:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat</p><p>[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/06/07 11:48:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/06/07 11:48:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/06/07 11:44:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/06/07 11:44:07 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job</p><p>[2013/06/07 11:43:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml</p><p>[2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/07 11:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/06/07 11:43:41 | 3219,619,840 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/06/07 11:36:03 | 000,000,004 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini</p><p>[2013/06/07 11:32:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/06/07 11:00:01 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job</p><p>[2013/06/07 10:59:12 | 000,001,356 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat</p><p>[2013/06/07 07:41:50 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad195278.exe</p><p>[2013/06/07 07:41:45 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox460819.exe</p><p>[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck909716.exe</p><p>[2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs146643.exe</p><p>[2013/06/07 07:41:43 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe</p><p>[2013/06/07 07:30:59 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe</p><p>[2013/06/07 07:30:50 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig741009.exe</p><p>[2013/06/07 07:30:49 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe</p><p>[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck349047.exe</p><p>[2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\iexplore206868.exe</p><p>[2013/06/07 07:30:39 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe</p><p>[2013/06/07 07:30:31 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe</p><p>[2013/06/07 07:30:30 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe</p><p>[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe</p><p>[2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck124054.exe</p><p>[2013/06/07 07:00:21 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg823879.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera203257.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc480472.exe</p><p>[2013/06/07 07:00:15 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe</p><p>[2013/06/07 07:00:15 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe</p><p>[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon272365.exe</p><p>[2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc41734.exe</p><p>[2013/06/07 07:00:09 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe</p><p>[2013/06/07 07:00:09 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq258255.exe</p><p>[2013/06/07 06:54:29 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg922821.exe</p><p>[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\java14167.exe</p><p>[2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg454437.exe</p><p>[2013/06/07 06:54:22 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe</p><p>[2013/06/07 06:54:22 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe</p><p>[2013/06/07 06:39:54 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg532148.exe</p><p>[2013/06/07 06:39:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq847123.exe</p><p>[2013/06/07 06:39:48 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe</p><p>[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera558248.exe</p><p>[2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe</p><p>[2013/06/07 06:35:03 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss426490.exe</p><p>[2013/06/07 06:35:00 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\conhost.exe</p><p>[2013/06/07 06:34:54 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon.exe</p><p>[2013/06/07 06:34:53 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss.exe</p><p>[2013/06/07 06:34:52 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe</p><p>[2013/06/07 06:34:52 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\rundll32.exe</p><p>[2013/06/06 21:43:25 | 000,001,940 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini</p><p>[2013/06/06 21:35:25 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys</p><p>[2013/06/06 13:45:26 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat460929.exe</p><p>[2013/06/06 13:45:20 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe</p><p>[2013/06/06 13:45:19 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss482630.exe</p><p>[2013/06/06 13:45:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe</p><p>[2013/06/06 13:44:18 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc.exe</p><p>[2013/06/06 13:44:14 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\skype.exe</p><p>[2013/06/06 13:16:34 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig.exe</p><p>[2013/06/06 13:16:07 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck.exe</p><p>[2013/06/06 13:16:02 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera.exe</p><p>[2013/06/06 13:15:57 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg.exe</p><p>[2013/06/06 12:16:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/06 11:55:45 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad.exe</p><p>[2013/06/06 11:55:38 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer.exe</p><p>[2013/06/06 11:55:37 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader.exe</p><p>[2013/06/06 11:30:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq.exe</p><p>[2013/06/06 11:16:46 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\java.exe</p><p>[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\vlcplayer.exe</p><p>[2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs.exe</p><p>[2013/06/06 11:16:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe</p><p>[2013/06/06 11:11:25 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat.exe</p><p>[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate.exe</p><p>[2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\chrome.exe</p><p>[2013/06/06 09:27:32 | 000,005,105 | ---- | M] () -- C:\ProgramData\iqrjmdeq.fak</p><p>[2013/06/06 09:27:25 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk</p><p>[2013/06/05 23:25:39 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk</p><p>[2013/06/05 23:13:02 | 000,002,627 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Microsoft Office Word 2007.lnk</p><p>[2013/06/05 22:59:23 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Recorder.lnk</p><p>[2013/06/05 22:23:26 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk</p><p>[2013/06/05 22:14:21 | 000,002,355 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk</p><p>[2013/06/05 21:40:04 | 264,978,361 | ---- | M] () -- C:\Windows\MEMORY.DMP</p><p>[2013/05/13 21:33:41 | 000,748,794 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Matt's Eagle Project.pdf</p><p>[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/06/07 11:43:41 | 3219,619,840 | -HS- | C] () -- C:\hiberfil.sys</p><p>[2013/06/07 07:41:46 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad195278.exe</p><p>[2013/06/07 07:41:45 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox460819.exe</p><p>[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck909716.exe</p><p>[2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs146643.exe</p><p>[2013/06/07 07:30:50 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe</p><p>[2013/06/07 07:30:50 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig741009.exe</p><p>[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck349047.exe</p><p>[2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\iexplore206868.exe</p><p>[2013/06/07 07:30:32 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe</p><p>[2013/06/07 07:30:31 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe</p><p>[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe</p><p>[2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck124054.exe</p><p>[2013/06/07 07:00:16 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg823879.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera203257.exe</p><p>[2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc480472.exe</p><p>[2013/06/07 07:00:11 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe</p><p>[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon272365.exe</p><p>[2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc41734.exe</p><p>[2013/06/07 07:00:09 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq258255.exe</p><p>[2013/06/07 06:54:24 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg922821.exe</p><p>[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\java14167.exe</p><p>[2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg454437.exe</p><p>[2013/06/07 06:54:22 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe</p><p>[2013/06/07 06:39:49 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg532148.exe</p><p>[2013/06/07 06:39:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq847123.exe</p><p>[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera558248.exe</p><p>[2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe</p><p>[2013/06/07 06:37:58 | 000,000,004 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini</p><p>[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss426490.exe</p><p>[2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\conhost.exe</p><p>[2013/06/07 06:34:54 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox.exe</p><p>[2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss.exe</p><p>[2013/06/07 06:34:52 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\rundll32.exe</p><p>[2013/06/06 13:45:21 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat460929.exe</p><p>[2013/06/06 13:45:20 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe</p><p>[2013/06/06 13:45:19 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss482630.exe</p><p>[2013/06/06 13:44:15 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc.exe</p><p>[2013/06/06 13:44:14 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\skype.exe</p><p>[2013/06/06 13:16:07 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck.exe</p><p>[2013/06/06 13:16:06 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig.exe</p><p>[2013/06/06 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera.exe</p><p>[2013/06/06 13:15:57 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg.exe</p><p>[2013/06/06 12:16:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/06 11:55:38 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad.exe</p><p>[2013/06/06 11:55:38 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer.exe</p><p>[2013/06/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader.exe</p><p>[2013/06/06 11:30:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq.exe</p><p>[2013/06/06 11:16:22 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\java.exe</p><p>[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\vlcplayer.exe</p><p>[2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs.exe</p><p>[2013/06/06 11:11:34 | 000,000,356 | -H-- | C] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job</p><p>[2013/06/06 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat.exe</p><p>[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate.exe</p><p>[2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\chrome.exe</p><p>[2013/06/06 09:27:32 | 000,005,105 | ---- | C] () -- C:\ProgramData\iqrjmdeq.fak</p><p>[2013/06/06 09:27:25 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk</p><p>[2013/06/05 23:25:39 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk</p><p>[2013/06/05 22:59:23 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Recorder.lnk</p><p>[2013/06/05 22:23:26 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk</p><p>[2013/06/05 22:01:07 | 000,002,355 | ---- | C] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk</p><p>[2013/06/05 21:58:26 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Do It Again.lnk</p><p>[2013/04/23 16:28:14 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys</p><p>[2013/03/30 20:32:05 | 000,192,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx</p><p>[2012/09/06 22:22:18 | 000,000,632 | RHS- | C] () -- C:\Users\WALL_E_Machine\ntuser.pol</p><p>[2012/06/26 09:39:13 | 000,000,058 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE_BETA.dat</p><p>[2012/06/26 09:39:13 | 000,000,024 | ---- | C] () -- C:\Users\WALL_E_Machine\random.dat</p><p>[2011/11/06 18:40:51 | 000,000,040 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat</p><p>[2011/08/25 18:19:33 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25}</p><p>[2011/01/04 18:43:31 | 000,001,940 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini</p><p>[2010/11/12 23:44:53 | 000,001,356 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat</p><p>[2010/04/05 21:38:46 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex__preferences3.dat</p><p>[2010/02/20 14:48:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat</p><p>[2009/10/04 17:32:42 | 000,038,400 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2009/09/03 16:17:17 | 000,000,129 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat</p><p>[2009/08/15 09:49:38 | 000,000,452 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat</p><p>[2009/06/27 11:00:27 | 000,000,046 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p>"ThreadingModel" = Both</p><p>"" = C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -- File not found</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 21:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 19:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2010/12/22 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\DriverCure</p><p>[2012/08/01 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Macro Recorder</p><p>[2010/12/22 12:48:33 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic</p><p>[2013/06/05 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder</p><p>[2010/12/22 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Registry Mechanic</p><p>[2013/06/05 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft</p><p>[2009/08/15 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Template</p><p>[2013/06/04 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific</p><p>[2013/06/04 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16</p><p>[2012/07/25 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\www.shadowexplorer.com</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />287FACF</p><p>@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />1B5B4F1</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="mmaikeru, post: 124155, member: 8869"] OTL logfile created on: 6/7/2013 11:51:59 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Upstairs computer\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 66.32% Memory free 6.20 Gb Paging File | 5.16 Gb Available in Paging File | 83.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.05 Gb Total Space | 57.35 Gb Free Space | 42.15% Space Free | Partition Type: NTFS Drive D: | 583.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: UPSTAIRS | User Name: WALL_E_Machine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Upstairs computer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) PRC - C:\Windows\vVX6000.exe (Microsoft Corporation ) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\NETGEAR\WPN111\WPN111.exe (NETGEAR) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe () PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll () MOD - C:\Program Files\QuickTime\QTSystem\QTCF.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll () MOD - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (Norton Internet Security) -- File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (sesvc) -- C:\Program Files\ShadowExplorer\sesvc.exe (www.shadowexplorer.com) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (SASKUTIL) -- E:\SASKUTIL.SYS File not found DRV - (SASDIFSV) -- E:\SASDIFSV.SYS File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVEX15.SYS File not found DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110730.002\NAVENG.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys (Symantec Corporation) DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20110723.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110729.030\IDSvix86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys (Symantec Corporation) DRV - (VX6000) -- C:\Windows\System32\drivers\VX6000Xp.sys (Microsoft Corporation ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WPN111) -- C:\Windows\System32\drivers\WPN111v.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1300 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?rls=ig IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {36054807-1BD1-4CE0-A2D0-4C0E060A5C71} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{36054807-1BD1-4CE0-A2D0-4C0E060A5C71}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_enUS333US333 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_enUS333US333&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=-KBeFeMju4ZriHxvZ52qEEEqWyo?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2013/06/04 23:25:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2013/06/07 11:44:13 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\WALL_E_Machine\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Search = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Bflix = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpojpihgafjhbgkgaglhighomjceieff\1.4_0\ CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Gmail = C:\Users\WALL_E_Machine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BFlix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Program Files\BFlix\Bflix.dll (BFlix) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe () O4 - HKCU..\Run: [BigFix] C:\Windows\System32\regsvr32.exe (Microsoft Corporation) O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware.exe File not found O4 - HKCU..\RunOnce: [Adobe CSS5.1 Manager] C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad\fafbbebbad.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8255289D-93FA-4FF1-95CA-C62151A829B6}: DhcpNameServer = 192.168.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9094F924-0A5E-4AC1-A743-EFDC01E1D46A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx) - C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx () O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004/07/12 14:57:16 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1e3fda8d-ea6f-11de-93a1-002511104264}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4ef772a6-3618-11de-a766-806e6f6e6963}\Shell\AutoRun\command - "" = D:\_aomg.exe -- [2004/07/16 14:07:36 | 000,045,056 | R--- | M] () O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\AutoRun\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe O33 - MountPoints2\{797262f6-6ad2-11df-b9df-002511104264}\Shell\open\command - "" = RECYCLE\D-0-060-0000000000-1111111-2222222\rYan.exe O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell - "" = AutoRun O33 - MountPoints2\{a1f9aa2a-bb40-11e1-99f1-002511104264}\Shell\AutoRun\command - "" = E:\LiteAuto.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/06/07 07:41:21 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe [2013/06/07 07:30:23 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe [2013/06/07 07:30:22 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe [2013/06/07 07:00:03 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe [2013/06/07 07:00:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe [2013/06/07 06:54:18 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe [2013/06/07 06:39:31 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe [2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe [2013/06/07 06:34:45 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe [2013/06/06 22:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\uulcb [2013/06/06 13:45:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe [2013/06/06 12:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/06 12:16:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/06 11:16:06 | 000,156,160 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe [2013/06/06 11:11:34 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\26f3a422-fb45-4176-b216-398128ebb437ad [2013/06/06 09:27:51 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Macro Scheduler 14 [2013/06/05 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft [2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\RobotSoft [2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft [2013/06/05 23:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder [2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Recorder [2013/06/05 23:00:20 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder [2013/06/05 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recorder [2013/06/05 22:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\KraTronic [2013/06/05 22:23:52 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Nemex [2013/06/05 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro [2013/06/05 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nemex [2013/06/05 21:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Do It Again [2013/06/04 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific [2013/06/04 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\Symantec [2013/06/01 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16 [2013/05/22 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\AppData\Local\BigFix [2013/05/22 21:04:39 | 000,000,000 | ---D | C] -- C:\Users\WALL_E_Machine\Documents\Meal Management project [2008/01/20 19:25:01 | 000,148,992 | ---- | C] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.dat [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/06/07 11:48:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/07 11:48:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/07 11:44:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/07 11:44:07 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job [2013/06/07 11:43:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/07 11:43:50 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/07 11:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/07 11:43:41 | 3219,619,840 | -HS- | M] () -- C:\hiberfil.sys [2013/06/07 11:36:03 | 000,000,004 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini [2013/06/07 11:32:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/07 11:00:01 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job [2013/06/07 10:59:12 | 000,001,356 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat [2013/06/07 07:41:50 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad195278.exe [2013/06/07 07:41:45 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox460819.exe [2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck909716.exe [2013/06/07 07:41:44 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs146643.exe [2013/06/07 07:41:43 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\skype74991.exe [2013/06/07 07:30:59 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe [2013/06/07 07:30:50 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig741009.exe [2013/06/07 07:30:49 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore547765.exe [2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck349047.exe [2013/06/07 07:30:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\iexplore206868.exe [2013/06/07 07:30:39 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe [2013/06/07 07:30:31 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe [2013/06/07 07:30:30 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\jqs389835.exe [2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe [2013/06/07 07:30:30 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck124054.exe [2013/06/07 07:00:21 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg823879.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera203257.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc480472.exe [2013/06/07 07:00:15 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe [2013/06/07 07:00:15 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon430808.exe [2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon272365.exe [2013/06/07 07:00:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc41734.exe [2013/06/07 07:00:09 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss465821.exe [2013/06/07 07:00:09 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq258255.exe [2013/06/07 06:54:29 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg922821.exe [2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\java14167.exe [2013/06/07 06:54:23 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg454437.exe [2013/06/07 06:54:22 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer680284.exe [2013/06/07 06:54:22 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe [2013/06/07 06:39:54 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\alg532148.exe [2013/06/07 06:39:49 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq847123.exe [2013/06/07 06:39:48 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\csrss390766.exe [2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera558248.exe [2013/06/07 06:39:48 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe [2013/06/07 06:35:03 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss426490.exe [2013/06/07 06:35:00 | 000,155,648 | ---- | M] () -- C:\Users\WALL_E_Machine\conhost.exe [2013/06/07 06:34:54 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\winlogon.exe [2013/06/07 06:34:53 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\ctfmon.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\spoolsv.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\googleupdate.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\firefox.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss.exe [2013/06/07 06:34:52 | 000,148,992 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\iexplore.exe [2013/06/07 06:34:52 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\rundll32.exe [2013/06/06 21:43:25 | 000,001,940 | ---- | M] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2013/06/06 21:35:25 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013/06/06 13:45:26 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat460929.exe [2013/06/06 13:45:20 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe [2013/06/06 13:45:19 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\csrss482630.exe [2013/06/06 13:45:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\acrobat544243.exe [2013/06/06 13:44:18 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\mstsc.exe [2013/06/06 13:44:14 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\skype.exe [2013/06/06 13:16:34 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\msconfig.exe [2013/06/06 13:16:07 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jucheck.exe [2013/06/06 13:16:02 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\opera.exe [2013/06/06 13:15:57 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\alg.exe [2013/06/06 12:16:14 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/06 11:55:45 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\notepad.exe [2013/06/06 11:55:38 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\flashplayer.exe [2013/06/06 11:55:37 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobatreader.exe [2013/06/06 11:30:53 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\icq.exe [2013/06/06 11:16:46 | 000,229,376 | ---- | M] () -- C:\Users\WALL_E_Machine\java.exe [2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\vlcplayer.exe [2013/06/06 11:16:21 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\jqs.exe [2013/06/06 11:16:16 | 000,156,160 | ---- | M] (TPM-Software Systems LLC) -- C:\Users\WALL_E_Machine\teamviewer.exe [2013/06/06 11:11:25 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\acrobat.exe [2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\windowsupdate.exe [2013/06/06 11:11:10 | 000,000,000 | ---- | M] () -- C:\Users\WALL_E_Machine\chrome.exe [2013/06/06 09:27:32 | 000,005,105 | ---- | M] () -- C:\ProgramData\iqrjmdeq.fak [2013/06/06 09:27:25 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk [2013/06/05 23:25:39 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk [2013/06/05 23:13:02 | 000,002,627 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Microsoft Office Word 2007.lnk [2013/06/05 22:59:23 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Recorder.lnk [2013/06/05 22:23:26 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk [2013/06/05 22:14:21 | 000,002,355 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk [2013/06/05 21:40:04 | 264,978,361 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/05/13 21:33:41 | 000,748,794 | ---- | M] () -- C:\Users\WALL_E_Machine\Desktop\Matt's Eagle Project.pdf [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/06/07 11:43:41 | 3219,619,840 | -HS- | C] () -- C:\hiberfil.sys [2013/06/07 07:41:46 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad195278.exe [2013/06/07 07:41:45 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox460819.exe [2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck909716.exe [2013/06/07 07:41:44 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs146643.exe [2013/06/07 07:30:50 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer847836.exe [2013/06/07 07:30:50 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig741009.exe [2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck349047.exe [2013/06/07 07:30:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\iexplore206868.exe [2013/06/07 07:30:32 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader104475.exe [2013/06/07 07:30:31 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer616566.exe [2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate78939.exe [2013/06/07 07:30:30 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck124054.exe [2013/06/07 07:00:16 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg823879.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv308296.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera203257.exe [2013/06/07 07:00:16 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc480472.exe [2013/06/07 07:00:11 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate429439.exe [2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon272365.exe [2013/06/07 07:00:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc41734.exe [2013/06/07 07:00:09 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq258255.exe [2013/06/07 06:54:24 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg922821.exe [2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\java14167.exe [2013/06/07 06:54:23 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg454437.exe [2013/06/07 06:54:22 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate151685.exe [2013/06/07 06:39:49 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\alg532148.exe [2013/06/07 06:39:49 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq847123.exe [2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera558248.exe [2013/06/07 06:39:48 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer283708.exe [2013/06/07 06:37:58 | 000,000,004 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\skype.ini [2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss426490.exe [2013/06/07 06:34:54 | 000,155,648 | ---- | C] () -- C:\Users\WALL_E_Machine\conhost.exe [2013/06/07 06:34:54 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\winlogon.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\spoolsv.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\googleupdate.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\firefox.exe [2013/06/07 06:34:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss.exe [2013/06/07 06:34:52 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\rundll32.exe [2013/06/06 13:45:21 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat460929.exe [2013/06/06 13:45:20 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate698494.exe [2013/06/06 13:45:19 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\csrss482630.exe [2013/06/06 13:44:15 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\mstsc.exe [2013/06/06 13:44:14 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\skype.exe [2013/06/06 13:16:07 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jucheck.exe [2013/06/06 13:16:06 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\msconfig.exe [2013/06/06 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\opera.exe [2013/06/06 13:15:57 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\alg.exe [2013/06/06 12:16:14 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/06 11:55:38 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\notepad.exe [2013/06/06 11:55:38 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\flashplayer.exe [2013/06/06 11:55:37 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobatreader.exe [2013/06/06 11:30:53 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\icq.exe [2013/06/06 11:16:22 | 000,229,376 | ---- | C] () -- C:\Users\WALL_E_Machine\java.exe [2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\vlcplayer.exe [2013/06/06 11:16:21 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jqs.exe [2013/06/06 11:11:34 | 000,000,356 | -H-- | C] () -- C:\Windows\tasks\{6CE62994-09EA-4605-B43E-BACBFB498952}.job [2013/06/06 11:11:25 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\acrobat.exe [2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\windowsupdate.exe [2013/06/06 11:11:10 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\chrome.exe [2013/06/06 09:27:32 | 000,005,105 | ---- | C] () -- C:\ProgramData\iqrjmdeq.fak [2013/06/06 09:27:25 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\Macro Scheduler 14.lnk [2013/06/05 23:25:39 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Mouse and Keyboard Recorder.lnk [2013/06/05 22:59:23 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Recorder.lnk [2013/06/05 22:23:26 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Pro.lnk [2013/06/05 22:01:07 | 000,002,355 | ---- | C] () -- C:\Users\WALL_E_Machine\Desktop\Do It Again.lnk [2013/06/05 21:58:26 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Do It Again.lnk [2013/04/23 16:28:14 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013/03/30 20:32:05 | 000,192,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\dbu32.ocx [2012/09/06 22:22:18 | 000,000,632 | RHS- | C] () -- C:\Users\WALL_E_Machine\ntuser.pol [2012/06/26 09:39:13 | 000,000,058 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE_BETA.dat [2012/06/26 09:39:13 | 000,000,024 | ---- | C] () -- C:\Users\WALL_E_Machine\random.dat [2011/11/06 18:40:51 | 000,000,040 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_cl_runescape_LIVE.dat [2011/08/25 18:19:33 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{FADB0738-F621-45C3-A7EE-C33A9127BE25} [2011/01/04 18:43:31 | 000,001,940 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/11/12 23:44:53 | 000,001,356 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\d3d9caps.dat [2010/04/05 21:38:46 | 000,000,000 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex__preferences3.dat [2010/02/20 14:48:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/10/04 17:32:42 | 000,038,400 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/03 16:17:17 | 000,000,129 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences2.dat [2009/08/15 09:49:38 | 000,000,452 | ---- | C] () -- C:\Users\WALL_E_Machine\AppData\Roaming\wklnhst.dat [2009/06/27 11:00:27 | 000,000,046 | ---- | C] () -- C:\Users\WALL_E_Machine\jagex_runescape_preferences.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3764487662-1149291627-179423213-1000\$cc8cb6672bb711ffec11714e8138127c\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 06:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 21:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 19:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2010/12/22 12:48:34 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\DriverCure [2012/08/01 23:40:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Macro Recorder [2010/12/22 12:48:33 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\ParetoLogic [2013/06/05 23:00:20 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Recorder [2010/12/22 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Registry Mechanic [2013/06/05 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\RobotSoft [2009/08/15 09:49:39 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Template [2013/06/04 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\Tific [2013/06/04 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\wabEventSupport16 [2012/07/25 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\WALL_E_Machine\AppData\Roaming\www.shadowexplorer.com [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top