Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
I need help to remove system care antivirus from my server
Message
<blockquote data-quote="Ladylike" data-source="post: 130910" data-attributes="member: 10596"><p>Hi Please I need your assistance on how to remove system care "antivirus" from my server. I had earlier tried the steps you suggested on your blog, i.e. to start the infected system in safe mode with networking</p><p>run malware bytes antimalware, rogue killer and hitman pro. But unfortunately an error message came up while running the malware bytes. </p><p></p><p>waiting anxiously to read from you please.</p><p></p><p>03OTL logfile created on: 7/30/2013 12:54:12 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads</p><p> Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.10.9200.16635)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>1.97 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 47.54% Memory free</p><p>3.93 Gb Paging File | 2.50 Gb Available in Paging File | 63.67% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 297.99 Gb Total Space | 253.15 Gb Free Space | 84.95% Space Free | Partition Type: NTFS</p><p>Drive I: | 1.87 Gb Total Space | 1.63 Gb Free Space | 86.82% Space Free | Partition Type: FAT32</p><p> </p><p>Computer Name: HP-PC | User Name: HP | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - [2013/07/30 12:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe</p><p>PRC - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe</p><p>PRC - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe</p><p>PRC - [2013/07/30 10:27:30 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe</p><p>PRC - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe</p><p>PRC - [2013/06/13 11:20:35 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe</p><p>PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe</p><p>PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>PRC - [2013/05/01 05:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe</p><p>PRC - [2013/05/01 05:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe</p><p>PRC - [2013/02/27 08:43:47 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe</p><p>PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe</p><p>PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe</p><p>PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe</p><p>PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe</p><p>PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</p><p>PRC - [2010/03/27 08:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE</p><p>PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE</p><p>PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe</p><p>MOD - [2013/07/30 10:27:30 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll</p><p>MOD - [2013/07/30 10:27:30 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll</p><p>MOD - [2013/07/30 09:06:37 | 000,013,600 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll</p><p>MOD - [2013/07/12 09:58:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll</p><p>MOD - [2013/07/12 09:58:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll</p><p>MOD - [2013/07/12 09:58:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll</p><p>MOD - [2013/07/12 09:58:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll</p><p>MOD - [2013/07/12 09:58:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll</p><p>MOD - [2013/07/12 09:57:47 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll</p><p>MOD - [2013/06/13 11:20:35 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll</p><p>MOD - [2013/06/09 08:26:11 | 000,704,000 | ---- | M] () -- C:\Users\HP\AppData\Roaming\BabSolution\Shared\BUSolution.dll</p><p>MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe</p><p>MOD - [2013/05/16 06:33:37 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll</p><p>MOD - [2013/05/16 06:33:36 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll</p><p>MOD - [2013/04/19 23:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll</p><p>MOD - [2013/02/27 08:43:47 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll</p><p>MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll</p><p>MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll</p><p>MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll</p><p>MOD - [2010/11/05 02:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll</p><p>MOD - [2010/11/05 02:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll</p><p>MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>MOD - [2010/01/23 14:45:41 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)</p><p>SRV - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)</p><p>SRV - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)</p><p>SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)</p><p>SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</p><p>SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</p><p>SRV - [2013/02/27 08:43:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)</p><p>SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)</p><p>SRV - [2012/01/17 16:12:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)</p><p>SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)</p><p>SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)</p><p>SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)</p><p>SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - [2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)</p><p>DRV - [2013/06/19 11:01:58 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)</p><p>DRV - [2013/06/19 11:01:52 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)</p><p>DRV - [2013/06/19 11:01:45 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)</p><p>DRV - [2013/06/19 11:01:24 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)</p><p>DRV - [2013/06/19 11:01:04 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)</p><p>DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)</p><p>DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)</p><p>DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)</p><p>DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)</p><p>DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)</p><p>DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)</p><p>DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)</p><p>DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)</p><p>DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)</p><p>DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)</p><p>DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 97 E9 5F 41 2C CD 01 [binary data]</p><p>IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR</p><p>IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss&mntrId=D281D8D3857E34AB</p><p>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=</p><p>IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=286&systemid=406&apn_uid=5556149558674025&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"</p><p>FF - prefs.js..browser.search.order.1: ""</p><p>FF - prefs.js..browser.search.selectedEngine: ""</p><p>FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7107</p><p>FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02</p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/07/30 10:27:39 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/27 08:43:48 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins</p><p> </p><p>[2013/01/30 10:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions</p><p>[2013/05/22 12:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions</p><p>[2013/05/07 11:55:50 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}</p><p>[2013/05/07 13:50:37 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ffxtlbr@delta.com</p><p>[2013/05/07 13:38:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\plugin@yontoo.com</p><p>[2013/04/11 16:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ftdownloader3@ftdownloader.com.xpi</p><p>[2013/05/07 13:40:52 | 000,006,505 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\babylon.xml</p><p>[2013/05/07 13:50:37 | 000,001,294 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\delta.xml</p><p>[2013/05/07 11:55:50 | 000,002,646 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\Search_Results.xml</p><p>[2013/01/30 10:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2013/02/27 08:43:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2013/02/27 08:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2013/07/30 10:27:41 | 000,003,577 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml</p><p>[2013/02/27 08:43:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</p><p> </p><p>O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)</p><p>O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)</p><p>O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.</p><p>O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)</p><p>O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)</p><p>O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)</p><p>O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)</p><p>O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)</p><p>O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.</p><p>O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)</p><p>O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)</p><p>O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)</p><p>O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()</p><p>O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)</p><p>O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)</p><p>O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()</p><p>O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)</p><p>O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)</p><p>O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)</p><p>O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)</p><p>O13 - gopher Prefix: missing</p><p>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B30205-0C3A-4DEF-BB78-64048A011CBB}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126555AF-538D-4197-B0AD-27C6C181771E}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30</p><p>O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/07/30 09:10:44 | 000,000,000 | ---D | C] -- C:\e5ddeec68fa31077af1d02743bbd</p><p>[2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes</p><p>[2013/07/29 11:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/07/29 11:12:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</p><p>[2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs</p><p>[2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware</p><p>[2013/07/25 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash</p><p>[2013/07/24 11:55:05 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Remove System Care antivirus_files</p><p>[2013/07/23 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\3920-senatorial-district_files</p><p>[2013/07/15 16:16:48 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb</p><p>[2013/07/15 16:16:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll</p><p>[2013/07/15 16:16:46 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll</p><p>[2013/07/15 16:16:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll</p><p>[2013/07/15 16:16:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll</p><p>[2013/07/15 16:16:44 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll</p><p>[2013/07/15 16:16:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll</p><p>[2013/07/15 16:16:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe</p><p>[2013/07/15 16:16:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe</p><p>[2013/07/15 16:16:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll</p><p>[2013/07/12 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash content</p><p>[2013/07/11 09:11:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll</p><p>[2013/07/11 09:09:53 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL</p><p>[2013/07/11 09:09:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll</p><p>[2013/07/11 09:09:36 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]</p><p>[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/07/30 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/07/30 12:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys</p><p>[2013/07/30 10:16:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/07/30 09:06:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job</p><p>[2013/07/30 09:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/07/30 09:06:02 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/07/29 11:12:11 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/07/25 15:20:38 | 000,307,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/07/25 15:20:38 | 000,037,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/07/24 11:55:07 | 000,060,994 | ---- | M] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm</p><p>[2013/07/23 12:19:15 | 000,102,368 | ---- | M] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm</p><p>[2013/07/23 11:40:16 | 002,087,003 | ---- | M] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf</p><p>[2013/07/23 11:39:58 | 000,453,389 | ---- | M] () -- C:\Users\HP\Desktop\Degema.pdf</p><p>[2013/07/22 16:00:00 | 000,132,944 | ---- | M] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf</p><p>[2013/07/19 15:59:29 | 000,889,679 | ---- | M] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf</p><p>[2013/07/17 17:05:56 | 000,285,507 | ---- | M] () -- C:\Users\HP\Desktop\galaxy.jpg</p><p>[2013/07/12 09:57:13 | 000,409,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2013/07/09 15:58:25 | 000,264,118 | ---- | M] () -- C:\Users\HP\Desktop\INVITATION.pdf</p><p>[4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]</p><p>[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/07/29 11:12:11 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/07/24 11:55:05 | 000,060,994 | ---- | C] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm</p><p>[2013/07/23 12:19:14 | 000,102,368 | ---- | C] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm</p><p>[2013/07/23 11:40:14 | 002,087,003 | ---- | C] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf</p><p>[2013/07/23 11:39:56 | 000,453,389 | ---- | C] () -- C:\Users\HP\Desktop\Degema.pdf</p><p>[2013/07/22 16:00:00 | 000,132,944 | ---- | C] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf</p><p>[2013/07/19 15:59:27 | 000,889,679 | ---- | C] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf</p><p>[2013/07/17 17:08:10 | 000,285,507 | ---- | C] () -- C:\Users\HP\Desktop\galaxy.jpg</p><p>[2013/07/09 15:58:25 | 000,264,118 | ---- | C] () -- C:\Users\HP\Desktop\INVITATION.pdf</p><p>[2012/03/26 16:07:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe</p><p>[2012/01/24 14:01:18 | 000,003,190 | ---- | C] () -- C:\Windows\ODBCINST.INI</p><p>[2012/01/24 14:01:18 | 000,000,756 | ---- | C] () -- C:\Windows\ODBC.INI</p><p>[2011/11/16 03:32:30 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 160 bytes -> C:\Users\HP\Desktop\galaxy.jpg:3or4kl4x13tuuug3Byamue2s4b</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="Ladylike, post: 130910, member: 10596"] Hi Please I need your assistance on how to remove system care "antivirus" from my server. I had earlier tried the steps you suggested on your blog, i.e. to start the infected system in safe mode with networking run malware bytes antimalware, rogue killer and hitman pro. But unfortunately an error message came up while running the malware bytes. waiting anxiously to read from you please. 03OTL logfile created on: 7/30/2013 12:54:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 47.54% Memory free 3.93 Gb Paging File | 2.50 Gb Available in Paging File | 63.67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297.99 Gb Total Space | 253.15 Gb Free Space | 84.95% Space Free | Partition Type: NTFS Drive I: | 1.87 Gb Total Space | 1.63 Gb Free Space | 86.82% Space Free | Partition Type: FAT32 Computer Name: HP-PC | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/30 12:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe PRC - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe PRC - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe PRC - [2013/07/30 10:27:30 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe PRC - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013/06/13 11:20:35 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/01 05:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013/05/01 05:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe PRC - [2013/02/27 08:43:47 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/27 08:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe MOD - [2013/07/30 10:27:30 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll MOD - [2013/07/30 10:27:30 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll MOD - [2013/07/30 09:06:37 | 000,013,600 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013/07/12 09:58:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013/07/12 09:58:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013/07/12 09:58:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013/07/12 09:58:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013/07/12 09:58:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013/07/12 09:57:47 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/06/13 11:20:35 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013/06/09 08:26:11 | 000,704,000 | ---- | M] () -- C:\Users\HP\AppData\Roaming\BabSolution\Shared\BUSolution.dll MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013/05/16 06:33:37 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/05/16 06:33:36 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013/04/19 23:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2013/02/27 08:43:47 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2010/11/05 02:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010/11/05 02:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/01/23 14:45:41 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater) SRV - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0) SRV - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/27 08:43:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager) SRV - [2012/01/17 16:12:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013/06/19 11:01:58 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2013/06/19 11:01:52 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2013/06/19 11:01:45 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2013/06/19 11:01:24 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2013/06/19 11:01:04 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 97 E9 5F 41 2C CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss&mntrId=D281D8D3857E34AB IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=286&systemid=406&apn_uid=5556149558674025&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7107 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/07/30 10:27:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/27 08:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/30 10:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions [2013/05/22 12:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions [2013/05/07 11:55:50 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013/05/07 13:50:37 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ffxtlbr@delta.com [2013/05/07 13:38:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\plugin@yontoo.com [2013/04/11 16:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ftdownloader3@ftdownloader.com.xpi [2013/05/07 13:40:52 | 000,006,505 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\babylon.xml [2013/05/07 13:50:37 | 000,001,294 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\delta.xml [2013/05/07 11:55:50 | 000,002,646 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\Search_Results.xml [2013/01/30 10:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/02/27 08:43:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/02/27 08:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/07/30 10:27:41 | 000,003,577 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml [2013/02/27 08:43:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe () O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B30205-0C3A-4DEF-BB78-64048A011CBB}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126555AF-538D-4197-B0AD-27C6C181771E}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/30 09:10:44 | 000,000,000 | ---D | C] -- C:\e5ddeec68fa31077af1d02743bbd [2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2013/07/29 11:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/29 11:12:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/25 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash [2013/07/24 11:55:05 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Remove System Care antivirus_files [2013/07/23 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\3920-senatorial-district_files [2013/07/15 16:16:48 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/15 16:16:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/15 16:16:46 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/15 16:16:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/15 16:16:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/07/15 16:16:44 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/15 16:16:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/07/15 16:16:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/07/15 16:16:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/07/15 16:16:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/07/12 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash content [2013/07/11 09:11:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/11 09:09:53 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/11 09:09:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/11 09:09:36 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ] [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/30 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/30 12:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2013/07/30 10:16:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/30 09:06:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013/07/30 09:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/30 09:06:02 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys [2013/07/29 11:12:11 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/25 15:20:38 | 000,307,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/25 15:20:38 | 000,037,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/24 11:55:07 | 000,060,994 | ---- | M] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm [2013/07/23 12:19:15 | 000,102,368 | ---- | M] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm [2013/07/23 11:40:16 | 002,087,003 | ---- | M] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf [2013/07/23 11:39:58 | 000,453,389 | ---- | M] () -- C:\Users\HP\Desktop\Degema.pdf [2013/07/22 16:00:00 | 000,132,944 | ---- | M] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf [2013/07/19 15:59:29 | 000,889,679 | ---- | M] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf [2013/07/17 17:05:56 | 000,285,507 | ---- | M] () -- C:\Users\HP\Desktop\galaxy.jpg [2013/07/12 09:57:13 | 000,409,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/09 15:58:25 | 000,264,118 | ---- | M] () -- C:\Users\HP\Desktop\INVITATION.pdf [4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ] [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/29 11:12:11 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/24 11:55:05 | 000,060,994 | ---- | C] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm [2013/07/23 12:19:14 | 000,102,368 | ---- | C] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm [2013/07/23 11:40:14 | 002,087,003 | ---- | C] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf [2013/07/23 11:39:56 | 000,453,389 | ---- | C] () -- C:\Users\HP\Desktop\Degema.pdf [2013/07/22 16:00:00 | 000,132,944 | ---- | C] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf [2013/07/19 15:59:27 | 000,889,679 | ---- | C] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf [2013/07/17 17:08:10 | 000,285,507 | ---- | C] () -- C:\Users\HP\Desktop\galaxy.jpg [2013/07/09 15:58:25 | 000,264,118 | ---- | C] () -- C:\Users\HP\Desktop\INVITATION.pdf [2012/03/26 16:07:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012/01/24 14:01:18 | 000,003,190 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012/01/24 14:01:18 | 000,000,756 | ---- | C] () -- C:\Windows\ODBC.INI [2011/11/16 03:32:30 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 160 bytes -> C:\Users\HP\Desktop\galaxy.jpg:3or4kl4x13tuuug3Byamue2s4b < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top