Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ZeroAccess Possible Issues
Message
<blockquote data-quote="Holt" data-source="post: 95314" data-attributes="member: 4525"><p>Oops, I skipped the SFC scan but did the system scan with check boxes. I thought that was what you meant when you said skip that, but now I think you meant skip the entire scan altogether. Well, I did do a system restore and registry backup however per their suggestion.</p><p></p><p>OTL Scan Results:</p><p></p><p>OTL logfile created on: 1/9/2013 10:50:02 PM - Run 2</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\David\Desktop</p><p>Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</p><p>Internet Explorer (Version = 8.0.6001.18702)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.77% Memory free</p><p>3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.42% Paging File free</p><p>Paging file location(s): C:\pagefile.sys 0 0 [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 68.32 Gb Total Space | 44.24 Gb Free Space | 64.75% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: YADDLE | User Name: David | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: All users | Quick Scan</p><p>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - [2013/01/09 12:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>PRC - [2013/01/07 19:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe</p><p>PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</p><p>PRC - [2012/12/05 11:12:02 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe</p><p>PRC - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe</p><p>PRC - [2012/11/28 17:03:46 | 003,267,072 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\SafeEyes.exe</p><p>PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe</p><p>PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe</p><p>PRC - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe</p><p>PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe</p><p>PRC - [2004/03/11 23:00:30 | 000,135,168 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe</p><p>PRC - [2004/03/11 23:00:30 | 000,090,112 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe</p><p>PRC - [2003/12/11 11:30:00 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe</p><p>PRC - [2002/08/07 06:34:26 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - [2012/12/05 11:10:56 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)</p><p>SRV - [2013/01/09 12:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)</p><p>SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)</p><p>SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)</p><p>SRV - [2012/12/05 11:12:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)</p><p>SRV - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (seUpdateSvc)</p><p>SRV - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (mfeicfupdate)</p><p>SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)</p><p>SRV - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)</p><p>SRV - [2004/10/15 09:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)</p><p>SRV - [2004/03/11 23:00:30 | 000,135,168 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)</p><p>SRV - [2004/03/11 23:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)</p><p>SRV - [2003/12/11 11:30:00 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe -- (FGLRYUtil)</p><p>SRV - [2002/08/07 06:34:26 | 000,221,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)</p><p>SRV - [2002/07/30 17:15:24 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc3.sys -- (RkPavproc3)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc2.sys -- (RkPavproc2)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)</p><p>DRV - File not found [Kernel | System | Stopped] -- -- (Changer)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme)</p><p>DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)</p><p>DRV - [2013/01/09 22:46:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6AD2FE11-17BD-46FD-8337-9B7911339CD9}\MpKsl79637bf9.sys -- (MpKsl79637bf9)</p><p>DRV - [2013/01/07 00:17:16 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Documents and Settings\David\Desktop\fffu\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA)</p><p>DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)</p><p>DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE)</p><p>DRV - [2008/04/13 13:40:51 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dlttape.sys -- (dlttape)</p><p>DRV - [2008/01/26 06:50:20 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)</p><p>DRV - [2004/10/15 09:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS -- (RCFOX)</p><p>DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)</p><p>DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)</p><p>DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)</p><p>DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)</p><p>DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)</p><p>DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)</p><p>DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)</p><p>DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)</p><p>DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)</p><p>DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)</p><p>DRV - [2004/05/14 16:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)</p><p>DRV - [2004/01/22 01:54:23 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)</p><p>DRV - [2004/01/22 01:54:23 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)</p><p>DRV - [2004/01/22 01:54:23 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)</p><p>DRV - [2004/01/22 01:54:23 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)</p><p>DRV - [2003/12/11 08:56:40 | 000,630,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)</p><p>DRV - [2003/11/20 12:03:06 | 000,009,728 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QntmDLT.sys -- (QntmDLT)</p><p>DRV - [2003/08/20 13:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys -- (rcvpn)</p><p>DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)</p><p>DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k)</p><p>DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)</p><p>DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k)</p><p>DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)</p><p>DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)</p><p>DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)</p><p>DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)</p><p>DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)</p><p>DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)</p><p>DRV - [2002/12/17 13:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)</p><p>DRV - [2002/12/17 13:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)</p><p>DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)</p><p>DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)</p><p>DRV - [2002/08/29 14:29:12 | 000,036,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS -- (symmpi)</p><p>DRV - [2002/07/30 17:15:40 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)</p><p>DRV - [2002/05/07 17:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)</p><p>DRV - [2002/05/07 17:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)</p><p>DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie</p><p>IE - HKLM\..\SearchScopes,DefaultScope = </p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com</p><p>IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com</p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com</p><p>IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com</p><p>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </p><p>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </p><p>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes,DefaultScope = {C1046C13-D6E3-4AA1-ADF6-319BB623E49D}</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes\{C1046C13-D6E3-4AA1-ADF6-319BB623E49D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8</p><p>IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.defaultenginename: ""</p><p>FF - prefs.js..browser.search.order.1: ""</p><p>FF - prefs.js..browser.search.selectedEngine: "Google"</p><p>FF - prefs.js..browser.startup.homepage: "http://www.christcenteredmall.com/stores/art/"</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1</p><p>FF - prefs.js..network.proxy.type: 0</p><p>FF - user.js - File not found</p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/14 22:42:51 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 11:12:03 | 000,000,000 | ---D | M]</p><p> </p><p>[2011/03/22 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions</p><p>[2012/12/15 15:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ch1ntccj.default\extensions</p><p>[2012/12/15 15:34:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ch1ntccj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi</p><p>[2012/12/05 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions</p><p>[2012/12/05 11:12:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll</p><p>[2012/08/30 14:25:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml</p><p>[2012/10/21 09:26:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - homepage: http://www.google.com/</p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</p><p>CHR - homepage: http://www.google.com/</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll</p><p>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</p><p>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</p><p>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</p><p>CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</p><p>CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</p><p>CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll</p><p>CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll</p><p>CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll</p><p>CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll</p><p>CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll</p><p>CHR - Extension: YouTube = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\</p><p>CHR - Extension: Google Search = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\</p><p>CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\</p><p>CHR - Extension: Gmail = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\</p><p> </p><p>O1 HOSTS File: ([2013/01/09 22:43:06 | 000,000,855 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</p><p>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.</p><p>O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found.</p><p>O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)</p><p>O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</p><p>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</p><p>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</p><p>O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</p><p>O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)</p><p>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found</p><p>O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\mswsock.dll File not found</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: ([]msn in My Computer)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([members] https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([signup] https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([www] https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: linkshare.com ([]https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: overture.com ([secure] https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: shareasale.com ([]https in Trusted sites)</p><p>O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Ranges: Range32 ([https] in Trusted sites)</p><p>O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)</p><p>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)</p><p>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)</p><p>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</p><p>O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)</p><p>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345029211828 (WUWebControl Class)</p><p>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</p><p>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348617615734 (MUWebControl Class)</p><p>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)</p><p>O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object)</p><p>O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)</p><p>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</p><p>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</p><p>O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20CC9F1-1414-49A9-9A3A-122B89C617F6}: DhcpNameServer = 209.18.47.61 209.18.47.62</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)</p><p>O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/01/09 21:06:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE</p><p>[2013/01/09 21:05:03 | 000,000,000 | ---D | C] -- C:\RegBackup</p><p>[2013/01/09 21:01:27 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs</p><p>[2013/01/09 21:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio</p><p>[2013/01/09 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP</p><p>[2013/01/09 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\RK_Quarantine</p><p>[2013/01/08 20:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011</p><p>[2013/01/08 05:48:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent</p><p>[2013/01/08 05:48:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER</p><p>[2013/01/08 02:52:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp</p><p>[2013/01/08 02:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\adzz</p><p>[2013/01/08 02:00:04 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2013/01/07 19:37:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe</p><p>[2013/01/07 03:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\ElevatedDiagnostics</p><p>[2013/01/07 03:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0</p><p>[2013/01/07 03:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell</p><p>[2013/01/07 02:38:33 | 000,000,000 | ---D | C] -- C:\ReimageUndo</p><p>[2013/01/06 23:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair</p><p>[2013/01/06 23:58:39 | 000,000,000 | ---D | C] -- C:\rei</p><p>[2013/01/06 23:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage</p><p>[2013/01/06 23:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client</p><p>[2013/01/06 21:38:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe</p><p>[2013/01/06 21:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>[2013/01/06 21:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/01/06 21:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2013/01/06 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\roigguer</p><p>[2013/01/06 20:29:15 | 000,000,000 | RHSD | C] -- C:\cmdcons</p><p>[2013/01/06 20:27:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe</p><p>[2013/01/06 20:27:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe</p><p>[2013/01/06 20:27:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe</p><p>[2013/01/06 20:27:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe</p><p>[2013/01/06 20:27:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos</p><p>[2013/01/06 20:27:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures</p><p>[2013/01/06 20:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt</p><p>[2013/01/06 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\fffu</p><p>[2013/01/06 20:15:17 | 005,019,547 | R--- | C] (Swearware) -- C:\Documents and Settings\David\Desktop\ComboFix.exe</p><p>[2013/01/06 17:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\01014CE1ACC253E7000001014BE457DE</p><p>[2012/12/13 05:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\web page patches</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/09 22:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/09 22:47:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-989678199-2234712002-1868543911-1006.job</p><p>[2013/01/09 22:46:58 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-989678199-2234712002-1868543911-1006.job</p><p>[2013/01/09 22:46:55 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL</p><p>[2013/01/09 22:46:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/09 22:46:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT</p><p>[2013/01/09 22:46:22 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/01/09 22:43:28 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE</p><p>[2013/01/09 22:43:06 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts</p><p>[2013/01/09 22:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/09 21:23:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job</p><p>[2013/01/09 20:45:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat</p><p>[2013/01/09 18:05:53 | 003,293,002 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio.zip</p><p>[2013/01/09 13:02:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk</p><p>[2013/01/08 21:48:18 | 000,397,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</p><p>[2013/01/08 21:48:18 | 000,059,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</p><p>[2013/01/08 20:07:38 | 013,485,902 | ---- | M] () -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011.zip</p><p>[2013/01/07 19:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe</p><p>[2013/01/07 03:22:26 | 000,546,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT</p><p>[2013/01/07 03:08:38 | 000,000,550 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep</p><p>[2013/01/07 03:08:33 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak</p><p>[2013/01/07 03:00:42 | 000,000,179 | ---- | M] () -- C:\WINDOWS\reimage.ini</p><p>[2013/01/07 02:38:34 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\Native.exe</p><p>[2013/01/06 23:58:48 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk</p><p>[2013/01/06 23:09:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif</p><p>[2013/01/06 21:48:20 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe</p><p>[2013/01/06 21:33:42 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>[2013/01/06 20:29:19 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI</p><p>[2013/01/06 20:15:42 | 005,019,547 | R--- | M] (Swearware) -- C:\Documents and Settings\David\Desktop\ComboFix.exe</p><p>[2013/01/05 20:57:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk</p><p>[2013/01/03 01:58:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk</p><p>[2012/12/21 02:04:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak</p><p>[2012/12/16 15:06:03 | 000,444,870 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.old</p><p>[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys</p><p>[2012/12/13 12:59:44 | 000,027,584 | ---- | M] () -- C:\Documents and Settings\David\Desktop\kissing-the-face-of-god-pewter-frame.jpg</p><p>[2012/12/13 05:28:40 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Notepad.lnk</p><p>[2012/12/11 18:35:54 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Memorize His Word.lnk</p><p>[2012/12/11 01:04:00 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ideass.bmp</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/09 20:59:34 | 2146,508,800 | -HS- | C] () -- C:\hiberfil.sys</p><p>[2013/01/09 18:05:10 | 003,293,002 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio.zip</p><p>[2013/01/09 16:42:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat</p><p>[2013/01/08 20:04:37 | 013,485,902 | ---- | C] () -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011.zip</p><p>[2013/01/07 03:08:33 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep</p><p>[2013/01/07 03:03:18 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk</p><p>[2013/01/07 03:03:18 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Remote Assistance.lnk</p><p>[2013/01/07 03:03:18 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk</p><p>[2013/01/07 03:03:18 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Outlook Express.lnk</p><p>[2013/01/07 02:38:34 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\Native.exe</p><p>[2013/01/06 23:58:49 | 000,000,179 | ---- | C] () -- C:\WINDOWS\reimage.ini</p><p>[2013/01/06 23:58:48 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk</p><p>[2013/01/06 23:19:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job</p><p>[2013/01/06 23:09:43 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk</p><p>[2013/01/06 21:33:42 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>[2013/01/06 20:29:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak</p><p>[2013/01/06 20:29:16 | 000,260,272 | RHS- | C] () -- C:\cmldr</p><p>[2013/01/06 20:27:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</p><p>[2013/01/06 20:27:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</p><p>[2013/01/06 20:27:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</p><p>[2013/01/06 20:27:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</p><p>[2013/01/06 20:27:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</p><p>[2012/12/13 12:59:44 | 000,027,584 | ---- | C] () -- C:\Documents and Settings\David\Desktop\kissing-the-face-of-god-pewter-frame.jpg</p><p>[2012/12/11 01:04:00 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ideass.bmp</p><p>[2012/04/26 16:50:30 | 000,178,257 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\census.cache</p><p>[2012/04/26 16:50:28 | 000,199,016 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\ars.cache</p><p>[2012/04/26 16:31:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\housecall.guid.cache</p><p>[2012/02/16 11:52:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</p><p>[2012/02/07 11:59:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI</p><p>[2012/01/18 12:24:32 | 000,107,280 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll</p><p>[2012/01/02 02:49:08 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll</p><p>[2011/03/22 16:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat</p><p>[2010/01/28 01:02:42 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\David\Cache.db</p><p>[2009/10/03 11:04:19 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\David\PAV_FOG.OPC</p><p>[2005/09/06 15:49:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\WebProxy.ini</p><p>[2004/02/03 11:27:42 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/05/31 18:59:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/01/06 17:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01014CE1ACC253E7000001014BE457DE</p><p>[2008/01/28 11:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup</p><p>[2013/01/06 21:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>[2012/12/06 17:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Content Filter</p><p>[2008/01/28 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel</p><p>[2013/01/09 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP</p><p>[2012/09/26 18:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software</p><p>[2012/09/26 18:53:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}</p><p>[2011/11/24 03:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Desktop Maestro</p><p>[2013/01/07 03:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ElevatedDiagnostics</p><p>[2011/04/14 08:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Neuratron</p><p>[2006/07/07 18:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OurPictures</p><p>[2004/03/23 21:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\The Labyrinth Plus! Edition</p><p>[2012/09/26 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TuneUp Software</p><p>[2012/09/25 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Desktop Search</p><p>[2012/09/28 07:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Search</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="Holt, post: 95314, member: 4525"] Oops, I skipped the SFC scan but did the system scan with check boxes. I thought that was what you meant when you said skip that, but now I think you meant skip the entire scan altogether. Well, I did do a system restore and registry backup however per their suggestion. OTL Scan Results: OTL logfile created on: 1/9/2013 10:50:02 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\David\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.77% Memory free 3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.42% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.32 Gb Total Space | 44.24 Gb Free Space | 64.75% Space Free | Partition Type: NTFS Computer Name: YADDLE | User Name: David | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/01/09 12:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013/01/07 19:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/05 11:12:02 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe PRC - [2012/11/28 17:03:46 | 003,267,072 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\SafeEyes.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/03/11 23:00:30 | 000,135,168 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe PRC - [2004/03/11 23:00:30 | 000,090,112 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe PRC - [2003/12/11 11:30:00 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe PRC - [2002/08/07 06:34:26 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/12/05 11:10:56 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/01/09 12:50:52 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/05 11:12:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (seUpdateSvc) SRV - [2012/11/28 17:04:52 | 001,695,816 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (mfeicfupdate) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2009/11/11 10:21:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2004/10/15 09:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc) SRV - [2004/03/11 23:00:30 | 000,135,168 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2004/03/11 23:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2003/12/11 11:30:00 | 000,049,152 | ---- | M] (ATI Technologies, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\Fire GL Control Panel\atiisrgl.exe -- (FGLRYUtil) SRV - [2002/08/07 06:34:26 | 000,221,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2002/07/30 17:15:24 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc3.sys -- (RkPavproc3) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc2.sys -- (RkPavproc2) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5) DRV - [2013/01/09 22:46:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6AD2FE11-17BD-46FD-8337-9B7911339CD9}\MpKsl79637bf9.sys -- (MpKsl79637bf9) DRV - [2013/01/07 00:17:16 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Documents and Settings\David\Desktop\fffu\EmsisoftEmergencyKit\Run\a2ddax86.sys -- (A2DDA) DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector) DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys -- (SBRE) DRV - [2008/04/13 13:40:51 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dlttape.sys -- (dlttape) DRV - [2008/01/26 06:50:20 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF) DRV - [2004/10/15 09:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RCFOX.SYS -- (RCFOX) DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2004/05/14 16:15:22 | 000,147,236 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE) DRV - [2004/01/22 01:54:23 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp) DRV - [2004/01/22 01:54:23 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k) DRV - [2004/01/22 01:54:23 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K) DRV - [2004/01/22 01:54:23 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K) DRV - [2003/12/11 08:56:40 | 000,630,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag) DRV - [2003/11/20 12:03:06 | 000,009,728 | ---- | M] (Quantum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QntmDLT.sys -- (QntmDLT) DRV - [2003/08/20 13:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rcvpn.sys -- (rcvpn) DRV - [2003/03/27 11:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k) DRV - [2003/03/26 16:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) DRV - [2003/03/26 16:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2003/03/26 16:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hap16v2k.sys -- (hap16v2k) DRV - [2003/03/26 16:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k) DRV - [2003/03/06 10:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT) DRV - [2003/02/20 17:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia) DRV - [2003/02/20 17:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/02/20 17:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k) DRV - [2003/02/20 17:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k) DRV - [2002/12/17 13:32:58 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2002/12/17 13:32:46 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp) DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2002/08/29 14:29:12 | 000,036,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMMPI.SYS -- (symmpi) DRV - [2002/07/30 17:15:40 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG) DRV - [2002/05/07 17:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt) DRV - [2002/05/07 17:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt) DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes,DefaultScope = {C1046C13-D6E3-4AA1-ADF6-319BB623E49D} IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\SearchScopes\{C1046C13-D6E3-4AA1-ADF6-319BB623E49D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.christcenteredmall.com/stores/art/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/14 22:42:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 11:12:03 | 000,000,000 | ---D | M] [2011/03/22 16:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions [2012/12/15 15:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ch1ntccj.default\extensions [2012/12/15 15:34:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ch1ntccj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/12/05 11:10:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/05 11:12:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/30 14:25:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/21 09:26:34 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Gmail = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/01/09 22:43:06 | 000,000,855 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found. O3 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No CLSID value found. O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - %SystemRoot%\System32\mswsock.dll File not found O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: ([]msn in My Computer) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([members] https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([signup] https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: cj.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: linkshare.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: overture.com ([secure] https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Domains: shareasale.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-989678199-2234712002-1868543911-1006\..Trusted Ranges: Range32 ([https] in Trusted sites) O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345029211828 (WUWebControl Class) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348617615734 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C20CC9F1-1414-49A9-9A3A-122B89C617F6}: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/09 21:06:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/09 21:05:03 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/01/09 21:01:27 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2013/01/09 21:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio [2013/01/09 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2013/01/09 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\RK_Quarantine [2013/01/08 20:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011 [2013/01/08 05:48:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent [2013/01/08 05:48:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/01/08 02:52:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013/01/08 02:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\adzz [2013/01/08 02:00:04 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/07 19:37:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe [2013/01/07 03:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\ElevatedDiagnostics [2013/01/07 03:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0 [2013/01/07 03:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2013/01/07 02:38:33 | 000,000,000 | ---D | C] -- C:\ReimageUndo [2013/01/06 23:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair [2013/01/06 23:58:39 | 000,000,000 | ---D | C] -- C:\rei [2013/01/06 23:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage [2013/01/06 23:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/01/06 21:38:28 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013/01/06 21:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro [2013/01/06 21:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/01/06 21:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/01/06 21:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\roigguer [2013/01/06 20:29:15 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/01/06 20:27:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/01/06 20:27:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/01/06 20:27:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/01/06 20:27:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/01/06 20:27:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2013/01/06 20:27:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2013/01/06 20:26:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/01/06 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\fffu [2013/01/06 20:15:17 | 005,019,547 | R--- | C] (Swearware) -- C:\Documents and Settings\David\Desktop\ComboFix.exe [2013/01/06 17:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\01014CE1ACC253E7000001014BE457DE [2012/12/13 05:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\web page patches [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/09 22:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/09 22:47:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-989678199-2234712002-1868543911-1006.job [2013/01/09 22:46:58 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-989678199-2234712002-1868543911-1006.job [2013/01/09 22:46:55 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2013/01/09 22:46:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/01/09 22:46:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2013/01/09 22:46:22 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys [2013/01/09 22:43:28 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/09 22:43:06 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts [2013/01/09 22:24:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/01/09 21:23:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/09 20:45:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/01/09 18:05:53 | 003,293,002 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio.zip [2013/01/09 13:02:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2013/01/08 21:48:18 | 000,397,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/08 21:48:18 | 000,059,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/08 20:07:38 | 013,485,902 | ---- | M] () -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011.zip [2013/01/07 19:38:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe [2013/01/07 03:22:26 | 000,546,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/01/07 03:08:38 | 000,000,550 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep [2013/01/07 03:08:33 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak [2013/01/07 03:00:42 | 000,000,179 | ---- | M] () -- C:\WINDOWS\reimage.ini [2013/01/07 02:38:34 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\Native.exe [2013/01/06 23:58:48 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk [2013/01/06 23:09:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/01/06 21:48:20 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013/01/06 21:33:42 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk [2013/01/06 20:29:19 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI [2013/01/06 20:15:42 | 005,019,547 | R--- | M] (Swearware) -- C:\Documents and Settings\David\Desktop\ComboFix.exe [2013/01/05 20:57:50 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk [2013/01/03 01:58:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk [2012/12/21 02:04:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012/12/16 15:06:03 | 000,444,870 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.old [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/12/13 12:59:44 | 000,027,584 | ---- | M] () -- C:\Documents and Settings\David\Desktop\kissing-the-face-of-god-pewter-frame.jpg [2012/12/13 05:28:40 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Notepad.lnk [2012/12/11 18:35:54 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Memorize His Word.lnk [2012/12/11 01:04:00 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\David\Desktop\ideass.bmp [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/09 20:59:34 | 2146,508,800 | -HS- | C] () -- C:\hiberfil.sys [2013/01/09 18:05:10 | 003,293,002 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tweaking.com_windows_repair_aio.zip [2013/01/09 16:42:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/01/08 20:04:37 | 013,485,902 | ---- | C] () -- C:\Documents and Settings\David\Desktop\mbar-1.01.0.1011.zip [2013/01/07 03:08:33 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\reimage.rep [2013/01/07 03:03:18 | 000,001,992 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2013/01/07 03:03:18 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Remote Assistance.lnk [2013/01/07 03:03:18 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2013/01/07 03:03:18 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Outlook Express.lnk [2013/01/07 02:38:34 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\Native.exe [2013/01/06 23:58:49 | 000,000,179 | ---- | C] () -- C:\WINDOWS\reimage.ini [2013/01/06 23:58:48 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk [2013/01/06 23:19:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/06 23:09:43 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/01/06 21:33:42 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk [2013/01/06 20:29:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013/01/06 20:29:16 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/01/06 20:27:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/01/06 20:27:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/01/06 20:27:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/01/06 20:27:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/01/06 20:27:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/12/13 12:59:44 | 000,027,584 | ---- | C] () -- C:\Documents and Settings\David\Desktop\kissing-the-face-of-god-pewter-frame.jpg [2012/12/11 01:04:00 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\David\Desktop\ideass.bmp [2012/04/26 16:50:30 | 000,178,257 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\census.cache [2012/04/26 16:50:28 | 000,199,016 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\ars.cache [2012/04/26 16:31:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\housecall.guid.cache [2012/02/16 11:52:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/07 11:59:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI [2012/01/18 12:24:32 | 000,107,280 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2012/01/02 02:49:08 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011/03/22 16:31:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/01/28 01:02:42 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\David\Cache.db [2009/10/03 11:04:19 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\David\PAV_FOG.OPC [2005/09/06 15:49:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\WebProxy.ini [2004/02/03 11:27:42 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/05/31 18:59:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/01/06 17:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\01014CE1ACC253E7000001014BE457DE [2008/01/28 11:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup [2013/01/06 21:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012/12/06 17:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Content Filter [2008/01/28 11:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel [2013/01/09 17:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012/09/26 18:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2012/09/26 18:53:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011/11/24 03:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Desktop Maestro [2013/01/07 03:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ElevatedDiagnostics [2011/04/14 08:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Neuratron [2006/07/07 18:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\OurPictures [2004/03/23 21:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\The Labyrinth Plus! Edition [2012/09/26 18:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TuneUp Software [2012/09/25 19:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Desktop Search [2012/09/28 07:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Windows Search [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
